ELIXIR Node Services Terms of Use and Licencing

Each Service listed by an ELIXIR Node under the Service Delivery Plan (or on the ELIXIR Intranet Services page) is expected to have a visible Terms of Use (ToU). This page is intended to outline the main points a ToU document should cover. 

The content of a ToU will vary according to the service and requirements of the Owner, Host Institute, Funding body etc. An ELIXIR Node or Institute may draw up a ToU that applies to all their Node Services. It is not intended to be an onerous or challenging document, some Node Services have condensed the essential points to a few sentences.

A Terms of Use document might include:

  • Licencing (more details below
  • Data Protection (GDPR) Generally known as Privacy Policy (more details below
  • Contact details (eg: Lead, helpdesk, queries, bug report etc) 
  • Referencing (Link to reference publication, how to cite.)
  • Technical requirements (OS version, CPU, recommended browser) 
  • Level of security
    • Encryption (End-to-End transfer, storage, outline protocols used)  
    • Level of confidence provided? 
    • Consider whether the service is recommended for confidential / sensitive / personal data.
  • Disclaimer
    • No warranty expressed or implied.
    • No responsibility for decisions based on output.
    • No liability for damages that may result from using this service.
    • Intended for research purposes only.
  • Other considerations: 
    • Institutional or Funders Policies that may apply.
    • Fair Use Policy (Limits put in place to avoid resources being monopolized).
    • It is difficult to change a licence at a later date for one that has tighter conditions. 

Licencing

The copyright on the work is preserved but others are licenced to use it.

  • The licence sets out the extent others may use the work and any conditions that apply.
  • See the Open Source Initiative for more details of different licences.
  • Choose-a-licence gives guidance on choosing an appropriate licence.
  • (Re)use data project: An evaluaton of different licences for the use and reuse of scientific data
  • Examples of different licences that are used by least one entry in Bio.tools (below).

Copyright

The default position in law, unless stated otherwise. 
Protects the Owners rights to copy, distribute, modify the work, or to authorise others to.
Applies to original works that require skill, labour and judgement to create.   
Recognised internationally, harmonized through various treaties. 
Applies to expressions (not ideas, procedures, methods of operation). 
Expires 70 years after the death of the author (and any associated licences with it).

Copyleft

Requires the same right to be preserved for any derivations of the original work.
Grants various levels of protection.
To freely distribute and/or modify works.
Academic / non-academic distinction.
Various licences: Apache 2.0, CCPL etc.

Intellectual Property 

Applies to ideas and concepts.
Defined and protected under WTO.
Has the potential to lead onto copyrightable works.

Patent

A concept, work, procedure or method of operation that has been approved for protection by an appropriate authority.

Licence

Brief details: 

Apache 2.0

Supports reliable and long-lived software products through collaborative, open-source software development.

  • A worldwide, free licence to use / produce derivatives and circulate.
  • Subsequent distribution of the work / derivatives must be under same licence.
  • Modifications must be identified  (and may have different licence applied). 

Creative Commons Public Licence (CCPL)  

Allows individual creators to large institutions a standardized way to grant the public permission to use their creative work under copyright law.

  • A worldwide, free licence to openly use, produce derivatives and circulate with a range of options available: 
  • CCO (Public Domain: All rights waived.)  
  • CC BY  (Attribution: Must give appropriate credit, cite the original corresponding papers.) 
  • CC SA  (ShareAlike: Must distribute contributions under the same license as the original.)
  • CC NC  (Limited to Non-Commercial use.)
  • CC BY-SA-NC (Combines Attribution, ShareAlike and Non-Commercial use.) 

GNU General Public Licence  (GPL)
  • Gives legal permission to copy, distribute or modify software while protecting copyright.
  • Generally no-cost but allows a fee to be charged.
  • Specifically prevents patenting.

Common Public Attribution License (CPAL
  • General licence for software distributed over a network (approved by Open Source Initiative).
  • Requires attribution.

Open Data Commons Open Database License (ODbL)
  • Attribution and Share-Alike for Data/Databases
  • Human-readable summary

Massachusetts Institute Technology (MIT
  • Permissive, open licence.
  • Only restriction is for all modifications to be distributed under the same license.

Berkeley Software Distribution (BSD
  • Permissive, open licence (applied to Unix and related operating systems). 
  • Only restriction is for all modifications to be distributed under the same license,

Artistic licence

User may deviate from the original for artistic or creative purposes.

Free for academic use

 Requires details for non-academic users.

Public Domain

All claims of ownership have been relinquished.

 

Data Protection  (GDPR Compliance) 

Commonly known as "Privacy Policy". 

The GA4GH Regulatory & Ethics Toolkit produces a monthly brief addressing different aspects of GDPR 

A Terms of Use document might include:

To include

Examples / purpose 

What Data is collected

Name, email address, time log in/out
IP address, browser, operating system, 

The lawful for basis processing personal data

Providing services to user
To help improve our resources
For the purposes of day-to-day running of the service

Roles

Data Controller/s (Name, contact details) 
Institutional Data Controller (if applicable) 

How is the data used? 

Examples:

  • To provide the user access to the service
  • To answer questions from users
  • To better understand the user requirements
  • To guide future improvements of the service
  • To create anonymous statistics
  • To improve the quality of services and infrastructure
  • To conduct and monitor data protection or security activities
  • To justify continued support of Host Institute Funding body

Who has access to personal data?

  

How long is personal data retained for?

 Outline of the process

Your rights under GDPR as a user of the service. 
  • To know what data is collected / retained
  • To request information to understand data processing activities (inc contact information) 
  • To object at any time to the processing of your personal data
  • Request rectification or erasure of your personal data 

Last updated 5 January 2022, any comments please contact david.lloyd [at] elixir-europe.org (subject: ELIXIR%20Node%20Services%20ToU) (David Lloyd)

Appears in
ELIXIR Hub