FEGA Service Description - Services for Research

Public Detailed service description

Federated European Genome-phenome Archive (FEGA) is a service for storing and publishing personally identifiable genetic and phenotypic data given with consent for research but not for full public dissemination. The federation consists of national nodes across the European Union, and elsewhere, working together with the European Genome-phenome Archive (EGA). The Finnish FEGA node is operated by CSC, and it provides data management services for sensitive biomedical research data according to national Finnish laws and the General Data Protection Regulation (GDPR). Submitting data to the service always requires a separate contract between the submitting organisation and CSC.

The data to be stored in FEGA must comply with the national Open Science policy and FAIR principles, and has to have a valid consent that supports its reuse in research. The data is required to have necessary descriptive data (metadata) associated with it, as defined by the EGA, and it has to be maintained by the data owner as part of the Open Science policy. The ownership of the data is not transferred by using this service and the data owner remains as the data controller for any data stored in the FEGA. Each stored data set must have a functioning Data Access Committee appointed by the data owner that processes and approves data access applications for research use.

The metadata and information about the Data Access Committee is shared with EGA so that data sets will be findable and data access requests can be made. Data and metadata are evaluated periodically to ensure that they comply with the requirements above, and may be removed from the service if the criteria are not met.

The FEGA service provides the following functionalities for users:

data submission;
secure data storage; and
data access application processing.

Data submission

The submission function provides means and methods for encrypting the data and transferring it to CSC, describing its metadata, and finally publishing certain non-sensitive metadata so that the data will be findable according to FAIR principles.

After publishing the data will be listed at EGA dataset catalogue.

Secure data storage

The secure data storage is an internal function of FEGA, and it ensures that data is stored encrypted at all times, and that data access is limited to approved access grants only. The data is stored at CSC data centres within Finland. A backup copy of the data must be maintained at a separate physical location, either by CSC or by the submitter.

Data access application processing

The data access application function supports the Data Access Committee in their data access application processing by providing an online tool for both the applicants and the committee. The tool records data access requests by applicants, circulates the applications among the committee, and keeps an account of all granted access permissions. The tool maintains an indisputable history of all actions, taken by any party, to the application processing.

Certifications

None.

User content including personal data in the Service

This service is designed for processing of special categories of personal data.

User must evaluate whether this Service is suitable for their purpose. Please pay attention to special categories of personal data.

When CSC processes personal data in CSC’s services on behalf of the controller, we always require a personal data processing agreement, which will be included in the agreement between CSC and the data controller (i.e. the submitting organisation). The user creates the description of processing activities in MyCSC customer portal. CSC’s general Data Processing Agreement.

Technical and organisational security measures for protection of personal data.

The Service do not assert ownership or any intellectual property rights to users or customers organisations’ content in the services.

Client’s responsibilities

User must follow all the Terms of Use that applies using the Service

Client is also responsible for:

ensuring that submitted data is consented for research (re)use and complies with all applicable laws and regulations, and that the provided information is accurate, good quality, comprehensive, and up-to-date
verifying data integrity upon data uploads and data management during the entire data life cycle
providing and maintaining accurate metadata during the entire data life cycle
ensuring appropriate data access management for all submitted datasets
installing and updating provided supplementary utilities
information security during the submission and data reuse, managing collaborators in submission portal

Service producer’s responsibilities

The service provider ensures that the service is available to customers as described in the service description.

The service provider is responsible for producing and developing the Service.

Service producer

CSC – IT Center for Science Ltd.

Service provider