WISERD Data Resources, WISERD/WDR/003

Access to restricted microdata for research is increasingly part of the data dissemination strategy within countries, made possible by improvements in technology and changes in the risk-benefit perceptions of NSIs. For international data sharing, relatively little progress has been made. Recent developments in Germany, the Netherlands and the US are notable as exceptions. This paper argues that the situation is made more complex by the lack of a general coherent risk-assessment framework. Discussions about whether something should be done become sidetracked into discussions about how procedural issues would constrain implementation. International data sharing negotiations quickly become bilateral, often
dataset-specific, and of limited general value.

One way forward is to decouple implementation from principles. A principles-based risk assessment framework could be designed to address the multiple-component data security models which are increasingly seen as best practice. Such a framework allows decisions about access to focus on legal-procedural issues; similarly, secure facilities could be developed to standards independent of dataset-specific negotiations. In an international context, proposals for classification systems are easier to agree than specific multilateral implementations. The paper concludes with examples from the UK and cross-European projects to show how such principles-based standards could work in practice.