CONFERENCE1. Why do I need an opinion from the research ethics committee?
Obtaining an opinion from the ethics committee helps to assess the ethical aspects of a particular study. The process of obtaining an opinion will help to ensure that your research project complies with regulatory requirements – the General Data Protection Regulation and various regulatory acts of the Republic of Latvia (e.g., the Scientific Activity Law, the Copyright Law, the Patient Rights Law, etc.) and international codes of ethics and guidelines. The UL Research Ethics Policy (2021) stipulates that the purpose of the ethics committee's opinion is to protect the rights, health, safety, and dignity of research participants, to prevent harm to research participants, society and the environment, and to promote the reputation of the UL as a scientific institution.
2. Can applications to the Research Ethics Committee be submitted in English?
Scientists, doctoral and residency students who do not speak the national language may submit applications in English. The application form in English is available in the section "Ethics Committee opinion on research conducted by scientists, doctoral and residency students" under the information about both ethics’ committees.
3. Do the UL Ethics Committees for Research by Scientists, Doctoral and Residency Students, only review applications from UL scientists, doctoral and residency students?
Yes, the UL Ethics Committees only review applications from the UL scientists, doctoral and residency students and provide them with opinions free of charge.
4. What happens if the ethics committee does not give a positive opinion on my research application?
Negative opinions are very rare in the practice of research ethics committees. Usually, the ethics committee provides recommendations that the applicant can implement for the research to receive a positive opinion. Research can only be started after a positive opinion has been received from the research ethics committee.
5. How to report changes in the research to the committee?
It depends on the type of change. If the changes are significant, they must be reviewed and approved by the ethics committee. Significant changes include the emergence of new ethical risks, a change in the aim or conduct of the project, changes to the research protocol, a change in the number or category of participants (e.g., children, if the study participants were previously only adults), a change in the method of recruiting research participants, the addition of new data categories, changes to the informed consent documents, the involvement of new researchers in the study, etc. In case of uncertainty, always contact the secretary of the ethics committee.
6. What is required if I plan to use genetic data in my research?
Research involving the processing or study of genetic data requires special types of opinions. You must obtain opinions from the Central Medical Ethics Committee (CMĒK) and the Genome Research Council in accordance with the Human Genome Research Act. CMĒK application forms are available on the Ministry of Health website.
7. When can the research begin?
The research can begin after the ethics committee's opinion has been received. It is advisable to plan the start date of the research approximately one month after the next ethics committee meeting.
1. Do research participants always have to give written informed consent?
The process of obtaining informed consent is evaluated by the research ethics committee. If personal data is not processed, verbal or other forms of consent to participate in the study must be obtained. For example, filling out a questionnaire may be considered consent if information about the study is provided at the beginning of the questionnaire. However, written consent is the primary form of consent for studies involving the processing of personal data, as it provides documentation and allows the participant to refer to the information received. In certain cases, however, consent to the processing of personal data may also be verbal, provided that the research participant has received the necessary information and the consent has been recorded, for example, in an audio recording.
2. When should the informed consent of research participants be obtained?
Informed consent is given by research participants before the start of the research. Participants must be given sufficient time to familiarize themselves with the information and could ask questions.
3. Who can give informed consent?
Informed consent can be given by adults who can make decisions – able to express their will and understand the information.
Adults who are unable to give consent may only be involved in medical research in cases where the results of the research can bring real and direct benefits to the health of the person involved and it is not possible to conduct research of equivalent effectiveness with people who are capable of giving consent. In exceptional cases where the research cannot provide direct benefits to the health of the person concerned, the ethics committee may allow the research to be conducted if the following conditions are met: by significantly improving scientific understanding of the person's health condition, disease or disorder, the results of the research may potentially benefit the person involved or other persons belonging to the same age group who suffer from the same disease or disorder or who have the same manifestations of the disease, and the research involves minimal risk and inconvenience to the person involved.
For minors (under 18 years of age) participating in research, informed consent is given by their parents or other legal representatives; however, minors must receive information about the study and give their own consent, in accordance with their age and maturity. It is advisable to prepare separate information materials about participation in the study that are appropriate for the age group of children. In medical research, consent for minors to participate in the study is given by their legal representatives; from the age of 14, the informed consent of minors is also obtained, but children under the age of 14 must be given the opportunity to express their opinion on participation in the study.
4. Is consent required if I plan to use internet data (social media posts, comments) in my study?
Publicly available data on the internet (e.g., blog posts, public Facebook discussions) can be used without informed consent if it is truly public and the user does not expect privacy. However, when obtaining data from closed groups or private discussions, especially if they concern sensitive issues, the informed consent of the individuals or groups must be obtained, even if the data is technically publicly available. In unclear cases, it is advisable to consult a research ethics committee.
5. What information about the processing of personal data should be included in the informed consent form?
The informed consent form should include at least: the purpose of the research; what personal data will be processed and the legal basis for data processing (informed consent or, in certain cases, public interest); the names and roles of the parties processing the data in accordance with the General Data Protection Regulation (GDPR); the location and duration of data storage; what security measures will be implemented; whether the data will be published; the rights of participants (access to their data, withdrawal, deletion); and the researcher's contact details. The information must be clear and understandable to participants.
1. What are the "data roles" – data controller and data processor?
Controller and processor are legal roles defined in the European Union's General Data Protection Regulation (GDPR). All parties involved in personal data processing must have a defined role in accordance with the requirements of the GDPR. The data controller determines the purposes and means of personal data processing and is responsible for the lawfulness of the processing. The data processor processes personal data only on behalf of the controller and strictly according to their instructions. Joint controllers determine both the purpose and method of data processing and are responsible for the lawfulness of the processing.
2. What does "data controller" mean in the context of medical research?
For medical records, the data controller is usually the institution that stores the records and administers their use (hospital, clinic, family doctor's practice, diagnostic center) and is also responsible for data protection. After receiving the opinion of the research ethics committee, you should contact this institution. In many institutions, such as university hospitals, the research must be registered with the institution's scientific department and permission must be obtained to conduct the research.
3. How to determine the roles of external partners (other universities, research institutions, companies)?
The decision on roles must be made based on the actual circumstances – who determines the purpose and means of data processing and who processes the data. You can always contact the University's lawyers on this issue.
1. How to handle medical records in retrospective research?
Article 10 of the Patient Rights Act applies to data recorded in medical records. If data is selected from patients' medical records, this data is initially personal data, so the researcher is processing personal data. It is mandatory to obtain the informed consent of patients for the secondary use of data for research purposes, unless an exception is applied in accordance with Article 10(7), (8) or (81) of the Patient Rights Act.
If the data has already been anonymized (e.g., obtained from government websites, open access databases), informed consent is not required. The application to the ethics committee must explain when and how the data will be anonymized or pseudonymized, at what stage of the research the anonymization will take place, and indicate the data controller (hospital, clinic).
2. Can I obtain data from medical records without the consent of the data subjects?
In exceptional cases – yes, but only in accordance with a strictly defined procedure. Articles 10(7), 10(8) and 10(81) of the Patient Rights Act allow the use of data recorded in medical records without consent. In research conducted by scientists, this is possible in accordance with Cabinet Regulation No. 446 of August 4, 2015, with the permission of the Center for Disease Prevention and Control, provided that the following conditions are met: (1) the research is conducted in the public interest; (2) the patient has not previously prohibited the transfer of his or her data to the researcher in writing; (3) it is not possible to obtain the patient's consent by reasonable means; (4) the benefit of the research to public health is commensurate with the restriction of the right to privacy.
3. If I anonymize the data recorded in medical documents, can I store them for longer?
Yes. Anonymized data (irreversibly transformed, without any possibility of identifying the person) may be stored without time limitation. This is an important aspect of ensuring the repeatability of research and the requirements of open science, as anonymized data may be requested during the peer review process of a research publication, so it does not need to be destroyed.
1. Where to store personal data?
Only use secure University IT systems supervised by UL IT Services. Researchers must store data in Microsoft Teams (UL account), SharePoint, or on servers provided by UL IT Services. Students can store data in Microsoft OneDrive (UL account). These systems are GDPR certified, encrypted, and provide security measures.
Never store personal data in private clouds or outside UL systems: Google Drive (even with a UL account), Dropbox, iCloud, Amazon Cloud, or other private servers. Never store data on an unencrypted USB flash drive, on an unencrypted local computer, or in email attachments. This is a violation of the GDPR and can have very serious consequences for the University and for you personally.
2. What is pseudonymization?
"Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person." GDPR, Article 4.
Usually, the application to the research ethics committee asks to specify how personal data will be pseudonymized and/or anonymized in the data processing process. At what stage of the research will pseudonymization and/or anonymization be performed? Who will perform pseudonymization and/or anonymization and how? More detailed information on anonymization and pseudonymization can be found in the "Research Data Management" section of the website.
3. What is the difference between pseudonymization and anonymization?
Anonymization is an irreversible, complete process of data transformation, so it is impossible to identify a person either directly or indirectly. Anonymized information is no longer personal data and is not subject to the GDPR. Pseudonymization is a data transformation in which personal data is replaced with codes (P001, P002...), but the key (P001 = Jānis Bērziņš) is stored separately and securely. Pseudonymized data is still personal data and is fully subject to the GDPR. Pseudonymization allows individuals to be identified later with the help of the key.
In practice: Pseudonymize if you need to link to specific participants (for example, if you plan to send them the results). Anonymize if the data will be published or if no further communication with the participants is necessary.
4. Can I publish research data?
Yes, but only anonymized data, without any possibility of identifying participants. Include metadata (information about data collection, methodology) and an appropriate license (e.g., Creative Commons). Make sure that even indirect identifiers (age + gender + location + profession) cannot identify individuals. Publish in open repositories (DataverseLV, Zenodo).