/Docs/G/ChathamHouseOrg/DataSharing/Demo/Acme-Quake.md
  Source views: Source JSON(ish) on GitHub (VSCode)   Doc views: Document (&k=r00t): Visual Print Technical: OpenParameters Xray
GUID: AcQu-001

Model Agreement for Sharing the Data and Benefits of Public Health Surveillance

Acme Incorporated
Quake Inc.
Effective Date: 2018-06-14


By and Between:
    • Acme Incorporated,
    • a Delaware Corporation, (ELF Code: XTIQ) registered at Wilmington, Delaware, United States of America with the identity number 12345654321,
    • whose principal place of business is 75 State Street, Boston, MA 02109, United States of America,
    • represented by Ms. Abigail Altima, its President,
    • herein referred to as "Data Provider",
    • Quake Inc.,
    • a Delaware Corporation, (ELF Code: XTIQ) registered at Wilmington, Delaware, United States of America with the identity number LLC-564738291,
    • whose principal place of business is 233 Curtis Street, Menlo Park, CA 94025, United States of America,
    • represented by Mr. Solomon Shirley, its President and Chairman,
    • herein referred to as "Data Recipient",


Acme Incorporated, a Delaware Corporation whose business address is 75 State Street, Boston, MA 02109 (“Data Provider”) and Quake Inc., a Delaware Corporation whose business address is 233 Curtis Street, Menlo Park, CA 94025 (“Data Recipient”) hereby enter into this Model Agreement for Sharing the Data and Benefits of Public Health Surveillance (“Agreement”).


Recitals
{Why.sec}

In consideration of the mutual promises contained in this Agreement and other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the Parties agree as follows:

  1. Definitions
    1. Agreement” means this Model Agreement for Sharing the Data and Benefits of Public Health Surveillance , including all Annexes.
    2. Data Provider” means the Party that has collected, compiled, curated and/or stored the data and provides them for use.
    3. Data Recipient” means the Party that receives the data for use.
    4. Parties” means, collectively, the Data Provider and the Data Recipient.
    5. Party” means, individually, the Data Provider or the Data Recipient.
    6. Activity” means the sharing of public health surveillance data described in an Initiating Public Health Surveillance Data Sharing Form under Annex A of the Agreement.
  2. Purpose and Principles of the Agreement
    1. Purpose
      The Parties recognize that generating and sharing public health surveillance data are vital to domestic and international efforts to prevent health threats, protect people from such threats, and respond when such threats harm individuals and populations. The Parties believe that establishing a formal arrangement for the sharing of public health surveillance data and benefits supports these objectives. The Parties intend for this Agreement to guide the sharing of public health surveillance data and benefits between them in order to strengthen the contributions surveillance makes to improving and protecting public health.
    2. Principles
      Through this Agreement, the Parties create and will implement shared rules and cooperative mechanisms that are:
      1. Legitimate in being justified on public health grounds, properly authorized by the Parties, and compatible with applicable laws and ethical principles;
      2. Effective in facilitating the timely sharing of quality public health surveillance data in interoperable formats;
      3. Transparent in identifying the objectives of sharing public health surveillance data and the responsibilities of the Parties in undertaking such sharing;
      4. Sustainable in promoting cooperation over the course of public health surveillance data sharing efforts, including cooperation on challenges that arise during such efforts;
      5. Protective of privacy interests implicated by the collection, sharing, and analysis of public health surveillance data; and
      6. Equitable in ensuring that benefits related to sharing public health surveillance data are accessible to the communities from which the public health surveillance data originated.
      These principles shall inform the interpretation and implementation of the Agreement, including public health surveillance data and benefits sharing activities conducted under it, the resolution of disputes that may arise, and any decision to terminate the Agreement.
  3. The Agreement and Public Health Surveillance Data Sharing Activities
    1. Application of the Agreement to Public Health Surveillance Data Sharing Activities
      The Parties shall apply this Agreement to each public health surveillance data sharing activity they undertake during the duration of the Agreement (“Activity”). Each Activity shall be comprehensively described using the Initiating Public Health Surveillance Data Sharing Form in Annex A of the Agreement, and the completed Form shall constitute an integral part of the Agreement. Where necessary or appropriate, the Parties may include information about an Activity that is additional to the information required for completing the Initiating Public Health Surveillance Data Sharing Form and agree to incorporate it in the Agreement.
    2. Legal Status of the Agreement and Activities
      For each Activity, the Parties shall indicate in the Initiating Public Health Surveillance Data Sharing Form (Annex A) whether the Agreement shall be a legally binding contract. Where a legally binding contract is desired, Parties should complete the relevant portions of this Form.
  4. Responsibilities in Sharing Public Health Surveillance Data
    1. Data Management Plan
      For each Activity, the Parties shall develop and implement a plan to guide the collection, transfer, storage, and security of public health surveillance data and include the plan as Annex B of the Agreement (“{DefT.Data_Management_Plan}”). The Parties shall use the Data Management Plan to
      1. Collect and share high quality data for the public health need addressed by an Activity:
      2. Achieve interoperability between data systems of the Data Provider and Data Recipient
      3. Incorporate, as appropriate, internationally accepted standards and best practices on conducting surveillance and sharing public health surveillance data;
      4. Protect data from unauthorized access, manipulation, and use; and
      5. Integrate confidentiality protections into the management of public health surveillance data collected, shared, and analysed in an Activity.
    2. Responsibilities of the Data Provider
      The Data Provider shall be responsible for:
      1. Ensuring that all aspects of the Agreement and each Activity are compatible with the laws and regulations that apply to the Data Provider;
      2. Obtaining all governmental consents or approvals required by law or regulation to undertake an Activity;
      3. Fulfilling legal and ethical requirements relating to gaining consent from individuals or communities to collect, share, and use public health surveillance data under an Activity;
      4. Using systems that protect the integrity of the data and prevent unauthorized access; and
      5. Providing the Data Recipient with information about all legal or regulatory requirements of the Data Provider’s jurisdiction that apply to the Data Recipient’s access to and use of public health surveillance data in an Activity.
    3. Responsibilities of the Data Recipient
      The Data Recipient shall be responsible for
      1. Ensuring that all aspects of the Agreement and each Activity are compatible with the laws and regulations that apply to the Data Recipient
      2. Obtaining all governmental consents or approvals required by law or regulation to undertake an Activity
      3. Complying with all limitations and conditions applied to the sharing and use of public health surveillance data in an Activity as set out in the Agreement and its Annexes, including limitations on transfer of shared data to any third party
      4. Storing, analysing, and using public health surveillance data in an Activity in a manner that protects the integrity of the data and protects the data from unauthorized access
      5. Notifying the Data Provider promptly of any instances of non-compliance with the limitations and conditions applied to the sharing and use of public health surveillance data in an Activity as set out in the Agreement and its Annexes
      6. Protecting privacy with respect to public health surveillance data in an Activity, a responsibility that remains in place after the Agreement expires or is terminated until the Data Recipient has deleted and/or destroyed the shared data in their entirety
      7. Having the capacity necessary to accomplish the tasks the Data Recipient has to fulfil in an Activity.
    4. Common Responsibilities of the Data Provider and Data Recipient.
      1. Neither Party may assign its rights under the Agreement to another entity without the written consent of the other Party, unless explicitly agreed at the outset.
      2. Neither Party may delegate its responsibilities under the Agreement to another entity without the written consent of the other Party, unless explicitly agreed at the outset.
      3. Each Party shall treat as confidential all non-public information it receives from the other Party under this Agreement and shall not disclose such information except as permitted in an Activity, with the written consent of the other Party, or to comply with a mandatory government order issued under applicable law.
  5. Intellectual Property Rights Management Plan
    1. Establishing an Intellectual Property Rights Management Plan
      For each Activity, the Parties shall develop and implement a plan for the management of intellectual property rights and include the plan as Annex C of the Agreement (“{DefT.Intellectual_Property_Rights_Management_Plan}”). This plan shall include the elements described in Articles 5.2 and Section 5.3 as well as other components needed for an Activity.
    2. Identification of Intellectual Property Rights Implicated by an Activity
      The Intellectual Property Rights Management Plan shall identify any intellectual property rights possessed by each Party which will be used in an Activity. Such rights could include, for example, copyright a Party has in software programs or existing datasets intended for use in an Activity.
    3. Assigning Intellectual Property Rights Produced during an Activity
      The Intellectual Property Rights Management Plan shall describe how the Parties will assign and permit exploitation of intellectual property rights an Activity might create. For example, an Activity might generate new datasets, algorithms, software programs, or research papers for which the Parties have or could obtain copyrights. The Intellectual Property Rights Management Plan shall indicate how the Parties will allocate ownership of such intellectual property rights and how the Parties will allow others to use information protected by such rights (e.g. royalty-free licences).
  6. Benefit Sharing Plan for Activities
    1. Establishing a Benefit Sharing Plan for an Activity
      For each Activity, the Parties shall develop and implement a plan for sharing benefits and include the plan as Annex D of the Agreement (“{DefT.Benefit_Sharing_Plan}”). The Parties acknowledge that the Benefit Sharing Plan supports the need for the sharing of public health surveillance data to promote equitable results for all participants.
    2. Scope of Benefit Sharing
      In preparing a Benefit Sharing Plan, the Parties shall consider a comprehensive range of benefit sharing strategies and specify the duration for all benefit sharing activities. These strategies should attempt to identify benefits for:
      1. Populations subject to surveillance that generates data for an Activity;
      2. Those participating in an Activity, including, but not limited to, the Parties;
      3. Public health surveillance systems—including scientific, technological, and personnel components of such systems—used to collect, analyse, and share public health surveillance data; and
      4. Educational activities that train personnel to undertake public health surveillance.
  7. General Provisions
    1. Resolution of Disputes
      1. When a Party considers a dispute concerning the interpretation or implementation of the Agreement has arisen, it shall notify the other Party in writing and describe why it considers a dispute exists. Within 15 calendar days after the date of the notification, the Parties shall begin consultations in a good faith effort to resolve the dispute according to the text of the Agreement and any other applicable legal rule or instrument. Any resolution achieved shall be in writing and approved by both Parties.
      2. If consultations fail to produce a mutually satisfactory resolution within 30 calendar days after the date of the notification of a dispute, the Parties shall seek mediation of the dispute in a mutually agreed manner.
      3. If the Parties fail to agree on mediation, or mediation fails to produce a mutually satisfactory outcome within 60 calendar days after the date of the notification of a dispute, a Party:
        1. May pursue any claims for breach of contract in dispute resolution mechanisms, including arbitration if mutually agreed between the Parties or courts of law, available under the law governing the contract concerning any Activity for which the Agreement is a legally binding contract; or
        2. May terminate the Agreement in accordance with Article 7.8.
    2. Duration and Extension of the Agreement
      The Agreement remains in effect while any Activity is operational, unless a Party terminates the Agreement under Article 7.8. The Parties may, by mutual consent, extend the duration of the Agreement in writing.
    3. Evaluation of the Agreement
      For each Activity, the Parties shall conduct a formal evaluation of the Agreement, including the Benefit Sharing Plan, at the half-way point of the Activity’s duration as stated in the Initiating Public Health Surveillance Data Sharing Form. The Parties may mutually agree to conduct more frequent evaluations of an Activity.
    4. Amendment of the Agreement
      At any time the Agreement is in effect, the Parties may amend it in writing by mutual agreement.
    5. Annexes
      All Annexes are integral parts of the Agreement. The Agreement does not enter into effect until the Parties have considered all sections of the Annexes and completed and shared relevant sections called for under each Annex.
    6. Languages
      In the event that the Parties produce versions of the Agreement in more than one language, the Parties shall designate one version of the Agreement as the controlling document for purposes of interpretation and evaluating implementation.
    7. Notifications and Communications
      Each Party identifies the following contact point for its receipt of all notifications and communications under the Agreement:
      • FOR THE DATA PROVIDER
      • FOR THE DATA RECIPIENT
    8. Termination of the Agreement
      1. At any time the Agreement is in effect, a Party may terminate it:
        1. With the consent of the other Party;
        2. Under the conditions stipulated in Article 7.1(c) on dispute resolution;
        3. Pursuant to the governing law when the Parties have made the Agreement a binding contract for an Activity under Article 3.1.; or
        4. Subject to Article 7.8(b), when the other Party does not fulfil its responsibilities under the Agreement in ways that harm an Activity, the purpose of the Agreement, or the principles informing it.
      2. A Party may notify the other Party that it intends to terminate the Agreement. Unless the other Party responds by issuing a notification of a dispute under Article 7.1, the Agreement terminates 30 calendar days after the date of the notice to terminate.
      3. In deciding whether to terminate the Agreement, each Party shall consider the negative consequences termination might create for domestic and international efforts to prevent, protect against, and respond to threats to health.
      4. Termination of the Agreement shall not affect responsibilities to protect privacy concerning data shared under an Activity, to protect information received from the other Party under Article 4.4(c), the assignment of intellectual property rights made pursuant to Article Section 5.3, or benefits shared under Article 6, while the Agreement was in effect.
      5. Following termination, any pending activities will be terminated in an orderly way.
    9. Financial Responsibilities
      Unless modified by a Benefit Sharing Plan, each Party shall bear its own costs for fulfilling its responsibilities under the Agreement.


Signature
IN WITNESS WHEREOF, the Parties have executed this Agreement through duly authorized representatives on the date set forth below.
Acme Incorporated
("Data Provider")
By:


{xSignature}
Name: Abigail Altima
Title: President
Date: {Sign.YMD}
Signed at: Boston, Massachusetts, United States of America
Quake Inc.
("Data Recipient")
By:


{xSignature}
Name: Solomon Shirley
Title: President and Chairman
Date: {Sign.YMD}
Signed at: Menlo Park, California, United States of America

Annexes

Annex A


Initiating Public Health Surveillance Data Sharing Form
  1. Purpose and objectives of sharing public health surveillance data
    Clearly explain the purpose and objectives of the data sharing activity, including intended public health benefit.
    • Find correlation between pizza toppings and cholesterol.
    The purpose refers to the strategic aim of data sharing, such as reducing the risk of cross-border disease outbreaks. The objectives are specific goals that shape achieving the strategic purpose, such as generating a weekly epidemiological summary derived from shared data. Identifying the purpose and objectives for data sharing defines the expectations of each Party, helps build trust, and clarifies what activities fall outside the agreement and require further discussion.
  2. Intended use of the data
    Specify how the shared data will be used, including additional outputs such as publications, and any intended sharing with third parties.
    • Acme will analyze correlations between the choice of toppings on pizza and cholesterol levels reported in health checkups.
    The Parties should describe how they will, collectively and individually, use shared data. Such descriptions should identify the purposes of each use, such as public health actions resulting from data analysis, producing reports, and pursuing academic publications. Any intellectual property (IP) implications should be identified (see Annex C). The Parties should also describe how they will handle proposed uses of shared data not identified in Annex A. For example, data providers may choose to allow secondary data analysis when sharing their data, or may decide that each planned analysis from the data recipient requires discussion and approval.
  3. Nature of data to be processed
    Describe the nature of data that are to be shared, along with the justification for processing.
    • {Activity-TypeOfData.sec}
    Public health surveillance data can include a variety of data, including aggregated data, individual-level data, and data containing personally identifiable information (PII). Surveillance data can be organized in various ways, including according to time (the period the data cover), place (the geographical locations to which the data refer) and person (the populations to which the data relate). For each type of shared data, the Parties should provide the justification for processing the data and any special protections applicable to the sharing and processing of data. For example, PII is typically securely shared on a ‘need-to-know’ basis, and only the minimum amount of PII is collected and processed when necessary to achieve a legitimate purpose.
  4. Legal status of the data sharing agreement
    Indicate whether the data sharing agreement will be legally binding, or non-binding, and why.
    • {AltPrompt}: (copy)- "Annex.Activity.Activity-Binding.sec={Annex.Activity.Activity-Binding.AltX.sec}" where X is 1-2:
      1. Binding {BindingBecause.sec}
      2. Non-Binding {Non-BindingBecause.sec}
    The Parties can make their data sharing agreement legally binding or non-binding. Many factors inform this decision, including each Party’s preferences, the nature of the data sharing, and the location(s) of data collection and sharing. When the Parties want their agreement to be legally binding, they should identify in Annex A what national law will govern the agreement.
  5. Relevant legal frameworks for sharing data
    Identify and describe any known relevant legal frameworks applicable to either or both Parties that will enable the sharing of data.
    • {Activity-LegalFramework.sec}
    National and international laws applicable to the Parties might affect their data sharing agreement, including agreements the Parties decide are not legally binding. For example, national laws might regulate certain kinds of data sharing or impose specific requirements on sharing or processing particular kinds of data, such as PII. In addition to the law, Parties may be bound to other agreements such as data licences or existing data sharing agreements. To ensure transparency and compliance, the Parties should include in Annex A the national laws and other relevant agreements that apply to their data sharing agreement. Legal frameworks may still apply if they are not described here.
  6. Retention period for the data to be shared
    Insert the specific retention period for shared data, including the reasons for the retention period. Specify arrangements if the agreement is terminated or if the data recipient needs to retain the data for longer.
    • {Activity-RetentionPeriod.sec}
    The Parties should identify for how long they will retain shared data and justify the length of the data retention period(s). National laws affecting, and privacy best practices used by, health-related activities might apply to shared data, especially PII. The Parties should also set forth the procedures for retaining data longer than initially agreed and what happens to retained data if they terminate their agreement early.
  7. Data controller(s)
    Name the data controller(s) in each Party involved in the data sharing agreement.
    • {Activity-DataController.sec}
    Each Party should identify an individual who will be responsible for managing data shared under the agreement. Full contact information should be provided in Annex A for each Party’s data controller. Controllers from each Party should be able to contact each other in case the Agreement requires revision, extension or termination.

Annex B


Creating a Data Management Plan
  1. Technical description of data
    Describe the volume, quality and format of the data to be shared. Explain reasoning for selection of data characteristics and format.
    • {Data-TechnicalDescription.sec}
    • For each type of data shared, the Parties should describe and explain:
      • The volume of the data to be shared. “Volume” refers to the amount of data that will be shared, processed, and retained. The volume of data should be reported as an identifiable unit of data storage (e.g. kilobytes (KB), megabytes (MB), gigabytes (GB), as appropriate).
      • The quality of the data to be shared. “Quality” refers to characteristics such as accuracy, validity, reliability, timeliness, relevance, and completeness. In addition to identifying the quality characteristics, the Parties will need to agree on how such characteristics will be measured.
      • The format in which data will be shared, processed, and retained. “Format” refers to how data are encoded for sharing, processing, and storage. For example, public health surveillance data taking the form of quantitative tabular data might be in an SPSS file format, with metadata within a DDI XML file format. The data should be in a format suitable for public health data and familiar to all Parties.
    • When the Parties are sharing different types of data, they should label each type of data with a number that can be used throughout Annex B.
  2. Description of metadata
    Describe metadata that should accompany the data for accurate reuse. Explain reasoning for selection of metadata format.
    • {Data-Metadata.sec}
    • “Metadata” are ‘data about data’ because metadata provide information about the content of a data resource, how it was created, restrictions on its use, and its quality. Metadata facilitate the effective use of data resources, particularly for persons who were not involved in collecting and processing the original data.
    • Annex B should describe all metadata and include any relevant documentation about the metadata. The metadata format used should work most effectively with the type of data being shared and should be a widely recognized format for public health metadata.
  3. Standards for data sharing processes
    Describe standards and methodologies to be utilized for data collection and management. Explain reasoning for selection of standards.
    • {Data-ProcessingStandards.sec}
    “Standards” are agreed specifications that ensure data can be shared between different data management systems in a consistent manner. Annex B should identify and explain what standards the Parties will use to share and manage data and, where necessary, how the Parties will collaborate to apply those standards where capacity might be limited.
  4. Quality assurance
    Describe the processes to ensure that data are fit for their intended use. Determine how erroneous or low-quality data will be identified and how they will be managed.
    • {Data-QualityAssurance.sec}
    “Quality assurance” consists of transparent processes operating at key stages of the data management cycle that limit the appearance of erroneous or low-quality data, provide confidence in the accuracy and utility of shared data, and permit appropriate handling of sensitive data, such as PII. Annex B should describe how the Parties will achieve quality assurance, report data errors, and find solutions to correct data errors and their causes.
  5. Storage, security and disposal
    Describe where and how data will be stored, including any security mechanisms to prevent unauthorized access, and the process for communicating if either Party detects unauthorized access to shared data. Specify the process for safely disposing of data when they are no longer required.
    • {Data-Storage.sec}
    • The Parties should identify how they will store data collected, shared, and processed under their agreement. Assistance for storage capabilities can form part of a benefit sharing plan (see Annex D). Storage needs should be assessed for both the near- and longer-term, as further reuse and value may be derived from data beyond the immediate lifetime of the data sharing agreement. To reduce any risk of data corruption, computer systems should be well maintained, with routine data backup to mitigate against hardware failure. Stored data should be protected by security measures against unauthorized access, and such measures should be more extensive for more confidential or sensitive information. Annex B should describe how the Parties will achieve data security, report unauthorized access to data, and respond to breaches of data security.
    • Annex B should specify how the Parties will dispose of stored data when required by the agreement, by applicable law, or by circumstances that arise during data sharing activities.
  6. Data sharing and access
    Describe how data will be shared, including a schedule of when data will be made available with frequency of transfer. Describe where data will be accessed and by whom.
    • {Data-SharingAndAccess.sec}
    Annex B should explain how the Parties will share data, when and how often they will share them, where shared data can be accessed, and who can access shared data. Various objectives, including quality assurance and data security (see above), will influence the mechanisms and timing for data sharing and data access. Different kinds of shared data will require different sharing and access strategies. For example, for routine public health surveillance information, a regular schedule of data delivery facilitates efficient allocation of human resources and development of reliable data management systems.
  7. Data privacy issues
    Outline any measures for, or restrictions on, data sharing that may be required to safeguard personal privacy. Ensure that any restrictions on data sharing for privacy reasons are justified.
    • {Data-Privacy.sec}
    The Parties should identify how their data sharing activities might affect the privacy of individuals and describe in Annex B how they plan to protect privacy. Failure to protect privacy could have legal consequences, violate ethical principles, and generate mistrust about public health activities. The Parties should be aware that national privacy laws often permit uses of personal data for specific public health purposes. In addition to legislation, local customs and sensibilities should be taken into account, including context-specific implications of disclosing ethnicity, gender, sexual preference or other characteristics that can lead to discrimination. The Parties might be able to remove PII from some shared data, known as anonymization. In other contexts, PII might be critical to understanding shared data, and the Parties will need other strategies to protect privacy in these situations.
  8. Resource implications
    Identify the human, technical and material requirements necessary for successful data management. Where gaps in resources are identified, specify how they will be addressed.
    • {Data-ResourceCommitment.sec}
    Effective data management requires technical and human resources to achieve successful data sharing and processing, quality assurance, data security, and privacy protection. The Parties should identify what they need to implement the data management plan in Annex B. These needs can include obtaining or developing specialist skills in information technologies, training in software applications, and access to financial resources. Any gaps in resource requirements must be addressed explicitly as part of the sharing process, with responsibility allocated for the necessary costs incurred. Helping a Party meet these needs can form part of the benefit sharing plan (see Annex D).
  9. Roles and responsibilities
    Specify individuals who will undertake roles and responsibilities for each step in the data management cycle (processing, analysis, storage, access, reuse, and disposal).
    • {Data-RolesResponsibilities.sec}
    The Parties should identify specific individuals who will have responsibility for the various aspects of the data management plan and provide their contact information as part of Annex B. Where necessary or appropriate, an individual can exercise responsibility for an area of the data management plan (e.g., quality assurance) on behalf of both Parties, including committing the necessary resources.

Annex C


Creating an Intellectual Property Rights (IPR) Management Plan
Introduction:
Data sharing activities can implicate: (1) existing IPR, owned by the Parties or by some other person or entity; and/or (2) IPR created jointly by the Parties. Annex C should detail how the Parties will manage existing and created IPR in their data sharing activities. Copyright is the most likely category of IPR to arise in sharing and analysing data. For example, the Parties might need to obtain a licence to use software and datasets already under copyright protection. The Parties might also create new computer programs, datasets, documentation, and publications they could protect under copyright from unauthorized use by others. Copyright and other forms of IPR, such as trademark, are granted under national systems of law, and the Parties should seek legal advice when crafting and implementing their IPR management plan.
  1. Identification of new IPR
    Identify and describe the IPR likely to be created by the Parties.
    • {IPR-WorkProduct.sec}
    Data sharing activities could generate new innovations and material the Parties could protect under IPR, such as databases (copyright), service names (trademark), inventions (patents), or commercially valuable information protected as confidential (trade secrets). New IPR could arise from the Parties modifying material protected by existing IPR (see below). Identifying such potential IPR will facilitate cooperation between the Parties on obtaining IPR protections and using protected IPR to support their data sharing activities.
  2. Ownership, use, and protection of new IPR
    Decide how IPR created during data sharing activities will be owned and how the Parties will protect, sell, license, or otherwise use such IPR.
    • {IPR-OwnUseProtect.sec}
    • To maximize the benefit of new IPR created during their data sharing activities, the Parties should as clearly and comprehensively as possible agree on:
      • Under what country’s laws new IPR will be protected.
      • How new IPR will be owned (e.g., by the Parties jointly or by one Party).
      • What licences or other arrangements are needed between the Parties to permit use of the new IPR in data sharing activities (e.g., new IPR owned by one Party is licensed to the other Party for use).
      • Whether, and under what terms, third parties can use the new IPR, taking into account the needs of the data sharing activities and IPR-related obligations (e.g., open access) imposed by funding organizations.
      • What measures the Parties will take to protect new IPR from loss, corruption, or unauthorized access and use.
    • Ownership, protection, and use of new IPR can be taken into account in the Parties’ benefit sharing plan (see Annex D). For example, as a part of benefits sharing, the Parties can agree that any new IPR shall be jointly co-owned equally or on an equitable basis or that royalties generated by licensing new IPR to third parties be used to achieve equity in the data sharing activities.
  3. Identification of existing IPR and rights to use existing IPR
    Identify and describe for each Party the IPR it owns or lawfully uses that the Parties are likely to use in their data sharing activities.
    • {IPR-Existing.sec}
    • Each Party might own IPR before it begins activities under the Agreement. For example, a Party might have copyright over datasets it generated or lawfully obtained before signing the Agreement. A Party might use copyrighted software under a licence it has from a third-party copyright owner. A Party might bring trade secrets to the data sharing activities. Annex C should list and describe all such existing IPR the Parties believe they might use. For existing IPR owned by third parties, Annex C should identify the owners of such IPR. The Parties should update this list when a Party acquires IPR, or the right to use IPR owned by others, after data sharing activities under the Agreement have started.
    • The Parties should also describe what, if any, steps the Parties should take to ensure the lawful use of such existing IPR under the Agreement. For example, a Party that owns the copyright to an existing dataset might need to provide a licence to the other Party to use the dataset under the Agreement. A Party that has a licence to use copyrighted software owned by a third party should determine whether the Parties need permission or authorization from the copyright owner to use the software in their data sharing activities. Annex C should document the justifications for all such determinations. Where third-party permission or authorization is required, the Parties shall not use the IPR in question under the Agreement until they have obtained the lawful right to use it.
    • Management of existing IPR during data sharing activities can also form part of the benefit sharing plan (see Annex D). For example, a Party can license existing IPR it owns to the other Party without charging royalties as a contribution to the equitable sharing of benefits the data sharing activities create.
  4. Notifications concerning IPR issues
    Identify and provide contact information for an individual at each Party who will be responsible for handling issues related to the IPR management plan.
    • {IPR-Notifications.sec}
    Managing existing and created IPR in data sharing activities will generate questions and issues during the term of the Agreement. Annex C should contain the contact information for the person each Party identifies as the contact point for IPR management issues. Each Party shall direct all questions, problems, and information related to the management of IPR under the Agreement to the contact point for the other Party. The contact points shall be responsible for facilitating resolution of IPR-related questions and problems between the Parties.

Annex D


Creating a Benefit Sharing Plan
  1. Benefit identification
    Identify the potential benefits arising from the data sharing activity. Describe how these benefits will be equitably distributed between Parties and other stakeholders, including the community from which the data come.
    • {BenefitRisk-BenefitDescription.sec}
    Data sharing activities can give rise to a variety of benefits to Parties and stakeholders, including but not limited to:
      • Improved public health outcomes, including:
      • Sharing results and information with the data provider.
      • Directing research and action towards public health needs, including those in the community from which the data come.
      • Recognizing gaps in surveillance activities and identifying targets for future research.
      • Improving accuracy of public health surveillance.
      • Informing risk/benefit analysis of public health action.
      • Accelerating public health action.
    • Academic benefits, including:
      • Providing appropriate recognition of the Data Providers and facilitators in publications to share equitably the prestige and career development opportunities that come from surveillance and research. This may include opportunities to be co-authors of papers, to write commentaries or to be named in the acknowledgments.
      • Creating opportunities to contribute to current or future research.
      • Creating new or stronger collaborations.
    • Commercial and intellectual property benefits, including:
      • Generating licence fees.
      • Jointly owning intellectual property rights.
    • Capacity-building benefits, including:
      • Increasing human resources for data collection, curation, analysis, and interpretation. This will improve capacity for data providers (and local secondary users) to mine their own data, mine data from other sources, respond to secondary user queries, and contribute to regional and global partnerships.
      • Developing sustainable data infrastructure including storage, security and interoperability.
      • Improving knowledge and technology that make use of public health surveillance data for management or analysis, or that are relevant to public health action.
      • Accessing external facilities for public health resources and databases.
      • Building institutional capacity.
      • Contributing to the local economy.
    • For each benefit identified, the Parties should describe and explain:
      • The expected nature and magnitude of the benefit. “Nature” refers to the type of benefit, for example financial reward, improved public health or gain in capacity. “Magnitude” is the likely size of the benefit, which is specific to its nature.
      • The equitable distribution of the benefit to be shared. “Equitable” refers to the ability to benefit according to need. The description should articulate how this distribution takes into account the needs and rights of each stakeholder, including the community from which the data come, where possible.
  2. Risk identification
    Identify any potential negative impact, and its likelihood, of the data sharing activity to Parties and other stakeholders. Describe how these risks have been considered against the potential benefits and how they will be mitigated and equitably distributed.
    • {BenefitRisk-RiskDescription.sec}
    • Data sharing may also present risks to some or all stakeholders. Such risks might include:
      • Financial cost, including as a result of travel and trade restrictions.
      • Unintentional exploitation of one or more stakeholders.
      • Opportunity cost (use of skills on this activity relative to other activities).
      • Reputational cost.
      • Unauthorized sharing of individual-level personal information, resulting in invasion of privacy, stigma or discrimination to the individual or communities.
      • Negative impact on individuals’ careers through lost publication or scientific collaboration opportunities
    • For each risk identified, the Parties should describe and explain:
      • The expected nature, magnitude and likelihood of the risk.
      • How each risk will be mitigated, where possible.
    • When incentives to stakeholders are so great that they could potentially distort the judgement of data subjects or providers, there is a risk to the voluntary nature of their consent to data sharing- resulting from so-called ‘undue inducement’. Under these circumstances there is a risk that stakeholders might be ‘blinded’ by the potential benefits. They might therefore underestimate the risks associated with data sharing, overestimate the benefit of the capacity building activities proposed, or, even if they adequately estimate the risks, they may nonetheless decide to act against their overall interests in order to access the benefits. Openly and objectively identifying risks and benefits can help mitigate these risks.
  3. Roles and responsibilities
    Specify the persons with roles and responsibilities for each step in the benefit and risk sharing process.
    • {BenefitRisk-RolesAndResponsibilities.sec}
    The Parties should identify the specific persons who will have roles and responsibilities for the various aspects of the benefit sharing plan and provide their contact information as part of Annex D. These roles should include the necessary steps to be taken where benefits and risks exceed or are less in magnitude than that described in the Benefit Sharing Plan. Where necessary or appropriate, these persons can exercise responsibility for an area of the benefit sharing plan (e.g., monitoring and evaluation) on behalf of both Parties, including committing the necessary resources.
  4. Monitoring and evaluation
    Describe how the equitable division of benefits and risks will be monitored, evaluated and recorded.
    • {BenefitRisk-MonitoringAndEvaluation.sec}
    A Benefit Sharing Plan is prospective, and estimates the nature and magnitude of potential benefits and risks. During and following an activity, stakeholder satisfaction with the data sharing and its outcome, as well their perspective of the equitability of the division of benefits should be evaluated and recorded. These experiences can provide valuable information to inform future Benefit Sharing Plans. Evaluation requires financial and human resources, and this should be included in the initial budget. In addition, the persons responsible for the evaluations should be identified. Where possible, the benefit sharing plan, the evaluation methodology and the outcome should also be published so that they are open to external assessment, provide a resource for future data sharing activities and support comparisons of different activities. The Plan should describe: the information that will be made publically available; justification for withholding any information; criteria, where appropriate, for access to the information; where the Plan and its evaluation will be published; and who will have responsibility to ensure publication.