Parallel Session 7

Parallel Session 7 – Responsible Research Data Management I  

Date: Thursday, 2 July 2026, from 09:00 to 10:30

Moderator: Sølvi Karlsen, NTNU – Norwegian University of Science and Technology, Norway

Location: R5

7.1) Developing Preservation Services for Sensitive Research Data 

Presenter: Mari Elisa Kuusniemi, Helsinki University Library, Finland  

Preserving research data throughout its lifecycle, particularly sensitive datasets, is a critical challenge for academic institutions. This case study describes how a university library developed trusted preservation services for sensitive research data, addressing key obstacles and lessons learned. Existing infrastructure supported confidential data but was inadequate for high-risk datasets, such as personally identifiable information. De-identification proved complex and costly, creating the need for secure storage and processing of data in its original form. 

The library’s medium- and long-term preservation services relied on two platforms: an institutional repository and a nationally maintained storage service. Neither initially met the required security standards, so both underwent significant adaptation to achieve compliance. Development was iterative, shaped by evolving legal, technical, and institutional contexts. Five phases defined the process: reviewing requirements, strengthening the expert network, enhancing team competencies, developing workflows, and implementing technical improvements. 

Reviewing requirements 

The project commenced with a comprehensive review of requirements for handling sensitive data. This encompassed data protection legislation, information security standards, institutional practices, and research ethics. While the aim was to establish a clear understanding from the outset, many requirements only crystallised over time due to changes in legislation and the regulatory landscape. 

Strengthening the expert network 

To manage sensitive data effectively, the team built a strong expert network within the university, leveraging existing institutional expertise. This network engaged legal advisors, data security specialists, ethics committees, and IT professionals. These collaborations enabled timely guidance on complex issues, such as assessing real datasets for compliance. The multidisciplinary approach proved essential for addressing the diverse challenges of sensitive data curation. 

Enhancing team competencies 

Internal capacity-building was essential. The library’s data preservation team expanded its responsibilities to include sensitive datasets, requiring significant upskilling before such data could be accepted. Training focused on assessing data sensitivity, advising on compliance, and producing documentation for reuse. A collaborative approach supported knowledge transfer from experienced staff to new colleagues. Practical skills were strengthened through direct engagement with researchers and evaluation of real datasets. Participation in the FAIR-IMPACT programme further enhanced expertise and ensured alignment with FAIR principles, reinforcing interoperability and reusability. 

Developing workflows and processes 

Workflows were redesigned to accommodate sensitive personal data, dual-use datasets, and other high-risk research data. A Data Access Protocol (DAP) was introduced for restricted datasets, defining access conditions and reuse criteria. A GDPR-compliant Data Protection Impact Assessment (DPIA) was completed for both services, and terms of use were updated. Preserving and enabling reuse of sensitive datasets requires extensive documentation, which researchers may perceive as unnecessary bureaucracy. A key principle was minimising user workload—an objective that proved challenging. 

Technical development 

The most challenging aspect of the technical development proved to be designing adequate information security practices while ensuring the preservation service remained usable. The key areas for improvement included robust access control, encryption, and thorough documentation of the data security measures implemented. These enhancements occasionally conflicted with usability; for example, encrypting large datasets hindered transfer and access. To address these challenges, the current security status of both platforms was assessed, and a development plan was formulated in collaboration with IT and data security teams. Ultimately, only minor modifications were needed, but achieving this conclusion and getting formal approval for it required significant effort. 

Conclusion 

Developing secure preservation services for sensitive research data has been a complex, iterative process shaped by legal, technical, and institutional factors. Collaboration, skills enhancement, and workflow refinement have established a sustainable, compliant infrastructure to meet researchers’ needs. Providing secure preservation services remains challenging and demands specialised expertise. Future progress will rely on learning from similar initiatives, enabling continuous improvement and strengthening the knowledge base for sensitive data management. 

 

7.2) Research Data @NTNU: Enabling One Stop Research Support

Presenter: Ane Møller Gabrielsen, NTNU – Norwegian University of Science and Technology, Norway 

How do we enable sharing and reuse of research output while at the same time ensuring information security, GDPR, research ethics and knowledge security? What infrastructure, digital tools and competencies do researchers and students need to conduct safe, efficient and FAIR research? What are possible challenges to efficient research support and how can they be overcome? 

The support service Research Data @NTNU was set up to be a central contact point for all questions related to research data, coordinated by the University Library in close collaboration with the NTNU IT Division. The goal was to provide comprehensive support and advice on a broad variety of issues and topics in research data and open science by combining different expertise and disciplines. Many research projects need advice from different types of expertise in both planning and execution, and Research Data @NTNU aimed to make research support more efficient and streamlined. Today, Research Data @NTNU also involves close collaboration with legal advisors, as well as the institutional Data Protection Officer and research advisors at the faculty and department level. 

The service provides support and advice ranging from formal agreements on data sharing and GDPR, data flow and information security, to practical user guidance related to tools and software. The support service also contributes to other services and infrastructure, ensuring a good understanding of both the needs and practices of the users in addition to the technical setup and possibilities. Research Data @NTNU also provides courses and training for researchers and students as well as networks and competency building for support staff. Research Data @NTNU has been able to detect shortcomings in institutional services and infrastructure and take measures to remedy these, including participation in projects developing new tools and services. 

Collaboration across institutional divisions has been essential to build competency and understanding, enabling high level support on complex topics in research projects. At the same time, the proximity to researchers and students has been crucial to detect and understand the issues at stake. Several members of the team have PhDs and/or research background, which enables translation between researchers and support staff. Furthermore, a willingness to listen and learn from others has proved to be valuable. By reaching out to potential collaborators without claiming ownership to topics and fields (such as data privacy and information security) has contributed to strengthening the role of the library as an academic enabler as well as contributing to a more holistic and interdisciplinary approach to research support. 

 

7.3) “Driving the Machine”: Libraries and their Partnerships as Key Actors in Strategies for Trustworthy AI in Universities 

Presenter: Sébastien Perrin, Couperin, France 

As a central player in scientific and technical information in France, the Couperin consortium has launched a strategic reflection to address the challenges raised by generative AI systems. Often described as technologies that generate random-looking texts while obscuring provenance, generative AI promises a kind of creative destruction in which library and information services might appear to have no place. 

The purpose of this presentation is to show that libraries can instead position themselves as major actors in monitoring the development and implementation of AI in higher education, using “trustworthy AI” as a driver. 

1. Understanding AI system design: the need for a “documentary expertise”.

Research practices are currently fragmenting, with each community organizing its own response to AI. This fragmentation increases the need for shared rules of governance grounded in research integrity and AI policy documents. European regulation responds to this need by promoting the notion of trustworthy AI, a concept that has been taken up in France by expert research communities. 

Libraries occupy a distinctive position: they are the final purchasers of finished products (publishers’ AI tools) while also knowing the academic sources that feed these systems (open access and licensed content). Couperin has created a dedicated working group to leverage this competence. Its mandate is to support negotiators by assessing AI tools using a documentary analysis framework and by identifying specific use cases such as literature reviews or synthesis. It also aims to strengthen university AI charters by incorporating clauses of documentary expertise. 

Then, libraries are in capacity to compare design choices of the AI released by publishers, using traditional documentation tools such as indexing quality, enrichment, and source selection. This is a cross-functional skill that counterbalances the tendency toward fragmentation. 

New missions are emerging for libraries: providing lawful and relevant corpora, and helping to frame the development of energy-efficient AI systems. 

2. Building strategic partnerships to qualify and promote trustworthy AI.

By identifying key actors in the French AI landscape, Couperin has been able to raise the visibility of library expertise. A dialogue has been established with several types of partners. The presentation will highlight how a renewed partnership policy has enabled the consortium to position itself as a legitimate actor in the academic sector. 

This strategy has involved: 

• Determining the characteristics of a “trustworthy AI”, based on the compliance with academic method.
• Building on the national ISTEX project, which moves to act as a “data lake” for higher education and research, underpinned by the TDM exception.
• Defining a common position on AI licenses clauses with expert groups.
• Working with publishers, including direct discussions with development teams.
• Sharing conclusions with libraries and the national community through conferences and workshops.

This presentation presents the key findings arising from these partnerships: changes to license terms, development of expertise, analysis grid, red lines for negotiations. 

It also establishes two key concepts for the open science in the “AI age”: transparency and reciprocity. In particular, transparency means more than just providing mandatory technical documentation. In the context of trustworthy AI and supported by documentary analysis, it is a strategic tool for benchmarking and selecting AI tools and implementing them in their research and teaching ecosystem. 

Thus, by contributing to the definition of quality criteria for trustworthy AI, libraries help to operationalize the AI Act and to ensure alignment with the European Text and Data Mining (TDM) exception. This expertise could also support national projects to develop AI systems for universities, as the one between the French State and Mistral AI