-
Notifications
You must be signed in to change notification settings - Fork 21
Data User Agreement
Each study responsible in Shanoir-NG should be able to configure and upload a data user agreement (DUA) form (charte) to his study in Shanoir, using the web interface of sh-ng. Example: new study creation with the name studyWithDataUserAgreement.
On the page Study Edit - Details on study, all users that can administrate a study, are able to upload a .pdf file to this study containing the DUA. Technically the same mechanisms as for the study files will be used, as a base. A new area should be introduced for this: between General and Default access level, called Data user agreement (DUA).
DUA (charte) type:
- Simple PDF file
- Dev version 1.0: the consent form can be managed as the study protocol file and can be deleted too or replaced by the study responsible
- Dev version 2.0: each time a study administrator uploads a new version of this pdf, the file is versioned by default, starting with version 1, then version 2, version 3 etc.
An user can upload a .pdf file to a study (see protocol file today) and the pdf contains the "DUA/charte“. As it could be important to prove what the pdf contained, we should not propose a solution with a web link. All outside web resources can change at any time, so we should have a real copy of the entire „charte“ on our hard disk.
- Dev version 1) For each study with a DUA form the user will have to accept (checkbox) the DUA.
- Dev version 2) Then the study member has to upload the signed study-specific DUA (e.g. as a .pdf file), using the web interface of sh-ng as well.
Each time an user connects with his account to Shanoir, and is member of a study, where a DUA form is available, he will have to accept the DUA form before accessing to the study. The acceptance of the DUA form by the user is stored in the database, or his refusal. He can either accept or decline. No admin will have the right to change this flag for the user, as he himself has to accept the DUA form.
This introduces a new level of security into sh-ng, that data access will have to be linked with an acceptance of the latest version of the DUA form, next to him being member of the study and having the proper rights, see the rights management in Shanoir-NG : https://github.com/fli-iam/shanoir-ng/wiki/Roles-and-rights-specification.
Work for existing and newly created studies
This specification is linked to the ideas on:
- https://open-brain-consent.readthedocs.io/en/stable/index.html
- https://open-brain-consent.readthedocs.io/en/stable/gdpr/data_user_agreement.html
implemented exactly similar to study protocol file
If a DUA exists and if an user is added to a study, his StudyUser object is flagged as confirmed = false. For the StudyUserRights checks only StudyUser isConfirmed = true are considered, others have no right, so the DUA has to be accepted.
- Check for an open data user agreement to display to the user after login
- Manage data user agreement acceptance
- In case of refusal, delete study membership