The UK Longitudinal Linkage Collaboration (UK LLC) is designed to support longitudinal research studies and researchers working within the UK. It has been set up in response to the coronavirus pandemic to allow for the investigation into high priority COVID-19 research questions and help inform public health and social policy.
The UK LLC Trusted Research Environment (TRE) contains data from millions of people who are study participants in over 20 of the UK’s top Longitudinal Population Studies. A TRE is a safe virtual place in which the data from these studies can be stored, curated and analysed by approved researchers.
Longitudinal studies follow aspects of people’s health and wellbeing over time. Longitudinal studies can involve collecting data about many aspects of their participants’ lives including health status, social status (e.g. occupation, family structure), biological samples (such as blood and saliva) which provide genetic information and environmental information (such as air pollution, the amount of green space around homes). This data can then be used for COVID-19 research purposes.
If you have enrolled into a longitudinal study then your data may well be in the UK LLC TRE. A list of the studies taking part in the UK LLC is available on our website https://ukllc.ac.uk/partner-studies/
Who is involved?
The UK LLC TRE has been designed and built by longitudinal study managers and privacy experts on behalf of all the studies involved. The UK LLC is run by the Universities of Bristol and Edinburgh, in collaboration with UCL (University College London), SeRP UK, University of Leicester and Swansea University. It is part of the COVID-19 Longitudinal Health and Wellbeing National Core Study https://www.ucl.ac.uk/covid-19-longitudinal-health-wellbeing/ which is run by UCL and the University of Bristol. This work is funded by UK Research and Innovation (who are the UK Government scientific research funding agency).
The UK LLC does not outsource any of its data processing to commercial companies.
The studies which contribute data are involved in the design and operation of the TRE. Every collaborating study can see and control how its own supplied data is being used, and make sure it’s being used for the purposes that have been agreed.
How does it work?
All the data in the UK LLC TRE is de-personalised, preventing anyone from discovering the identity of any study participants. At no point in any process do UK LLC staff or researchers see names, addresses or other identifiers (e.g. NHS ID). All staff and researchers are subject to strict user agreements designed to protect the confidentiality of every single participant.
The UK LLC has put in place processes to make sure the data is curated and as well organised as possible. The UK LLC only grant access to this processed data, within the TRE, to approved and authorised researchers in order to conduct COVID-19 research.
The UK LLC works with the collaborating studies and data owners, such as the NHS, to protect the privacy of all individuals whose data is held in our database and also the privacy of users of the UK LLC. The UK LLC needs to collect and process the personal data of individuals who have volunteered to take part in the longitudinal population studies that have agreed to be a part of the UK LLC in order to fulfil its statutory functions and operate effectively. Personal data is processed for a variety of reasons relating to research; all personal data will be collected and processed in accordance with the requirements of the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018. The UK LLC is committed to handling, storing and using your data properly, lawfully and in an ethical way.
In this notice we will explain how participants’/your data will be used by UK LLC. We have defined some of the different categories of data and areas of responsibility for the data that we use in this document below:
We will also describe important types of data, all of which are relevant to COVID-19 research:
We will explain:
This privacy notice is intended to be clear and does not cover every single way we handle your personal information in detail. We are happy to provide further information on request. You can do this by emailing us at firstname.lastname@example.org
1. Collaborating studies and their contact details
This list will be completed as studies migrate copies of their data into the UK LLC database and will be made available on our website https://ukllc.ac.uk/partner-studies/
2. Where and how your data is stored
The data will be stored on secure servers controlled by the University of Bristol and physically located at the University of Swansea (data processors to University of Bristol for the UK LLC.) The University of Swansea are UK leaders in providing this type of secure research server in the UK and internationally. The servers are managed to Information Security best practice standards (ISO27001) (which is the global standard for high quality information security) and are regularly audited by IT and security professionals, the NHS and the UK statistics authorities.
3. Who is the Data Controller?
The University of Bristol is the Data Controller for the UK LLC. The organisation running your study (a University or part of the NHS) remains the owner and Data Controller of the study data for all other purposes. For certain important areas we work closely with your study to make sure we process the data in the right way. The terms of this are set out in a legally binding contract between the University of Bristol and the organisation running your study.
The University can be contacted at:
Data Protection Officer
University of Bristol
4. Which sources are my data being linked to?
Your study determines which linkages we are allowed to set up. This is based on any preferences you have set (e.g. through consent or opt-out) and what linkages the authorised researchers has described to you. Some studies have asked we only conduct spatial analysis to postcode level based on their study-level practice. Your study will provide a status file so we can apply these preferences accurately.
The current study linkage plan is as follows:
|Study||Health||Environmental: Full Address||Environmental: Postcode|
|1958 National Child Development Study (NCDS)||Y||N||Y|
|1970 British Cohort Study (BCS70)||Y||N||Y|
|Airwave Study Tissue Bank||Y||N||Y|
|Avon Longitudinal Study of Parents and Children (ALSPAC)||Y||Y||–|
|Born in Bradford (BiB)||Y||Y||–|
|The English Longitudinal Study of Ageing (ELSA)||Y||N||N|
|The European Prospective Investigation into Cancer (EPIC) Norfolk Study||Y||N||N|
|Extended Cohort for E-health, Environment and DNA (EXCEED)||Y||Y||*|
|The Fenland Study||Y||N||N|
|Genetic Links to Anxiety and Depression Study (GLAD)||Y||Y||–|
|The Millennium Cohort Study (MCS)||Y||N||Y|
|MRC National Survey of Health and Development Cohort/ 1946 birth Cohort (NSHD/1946BC)||Y||Y||–|
|National Institute of Health Research (NIHR) BioResource COVID-19 Psychiatry and Neurological Genetics (COPING) Study||Y||Y||–|
|The Northern Ireland Cohort for the Longitudinal Study of Ageing (NICOLA)||TBC*||N||Y|
|Southall and Brent Revisited (SABRE) (non-linked data only)||N||N||N|
|Understanding Society – the UK Household Longitudinal Study (UKHLS)||Y||N||Y|
We are currently seeking to establish a basis for linking to NHS records in Scotland and NI
Note: In future we aim to link administrative data into the UK LLC TRE
5. The legal basis we have for studies providing your personal data into the UK LLC TRE
The UK LLC is tasked with supporting high priority COVID-19 scientific research by linking together longitudinal study data with participant health, administrative and environmental records. This is part of the purpose of the University of Bristol to conduct research aiming to improve scientific understanding.
Legal basis for using (NHS) Health records
A. In England and Wales
Currently, for the duration of the COVID-19 ‘emergency’, our legal basis is using Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002. This allows data sharing to support urgent COVID-19 research only and is in place until the end of June 2022.
This legal basis is a short-term measure brought in specifically to address the ability to answer important research questions quickly during the COVID-19 pandemic. Collaborating studies will revert to using their own legal basis once this legislation has expired. This will be based on either:
Our use of pandemic measures does not impact on your rights in any way. You are able to object to this use of your data and we will not seek to override any existing objections you have set with your study or with the NHS (we fully respect National Opt Out unless you have provided opt in consent to your study).
B. In Scotland and Northern Ireland
We are in discussions with the NHS in Scotland and NI to establish a legal basis for using NHS Scotland and Health and Social Care Northern Ireland records.
Legal basis for using non-health administrative records
The UK LLC will use the research provisions of the Digital Economy Act 2017 to link to administrative records (such as those held by HM Revenue and Customs, the Department for Work and Pensions, and the Department for Education and its devolved equivalents). We will access existing de-personalised data from these sources from the UK’s statistical authorities and agencies. The Digital Economy Act provides a legal basis for the transfer of confidential information by public authorities for research purposes in a way that does not breach any duty of confidentiality owed to the individual by the public authority.
The legal basis for the UK LLC under UK GDPR and the Data Protection Act 2018:
In addition to needing a legal basis for the use of NHS and non-health administrative data, the UK LLC also needs a legal basis to comply with Data Protection laws. Our basis for these are:
This legal basis within UK GDPR and the Data Protection Act 2018 is separate to, and in addition to, the actions and legal basis of the collaborating studies which establishes the basis for your data to be collected, processed and shared for research purposes.
6. How the design of the UK LLC ensures the confidentiality of your data
The UK LLC only contains data that has had all identifiable information, such as name and address, removed. This type of data is referred to as ‘de-personalised’.
The design of the UK LLC TRE means the risk of any person being identified by users is minimised to the point where it is not likely to happen. This works by involving two ‘trusted third parties’ who process parts of the data, but only access either personal identifiers or de-personalised data. These ‘trusted third parties’ are Digital Health and Care Wales https://dhcw.nhs.wales/ (the NHS authority in Wales who process NHS data for research purposes) and SeRP UK https://serp.ac.uk/ (a part of University of Swansea who provides specialist IT equipment and systems for researchers using linked records). This diagram helps to visualise the flow of data:
Through this separation principle, the full identifiable datasets remain with the data owners (e.g, contributing studies, the NHS). Digital Health and Care Wales only sees identifiers and the UK LLC only access de-personalised data. This principle has been used for over a decade in the Secure Anonymised Information Linkage (SAIL) Databank and is now used in research and statistical settings across the UK (for example, the Office for National Statistics use this approach for their research datasets).
Only the UK LLC staff (at the University of Bristol) and the IT staff keeping the system safe (at the University of Swansea) have access to all the UK LLC datasets. This is necessary for data management and preparation. Where it may be considered that the provisions of the UK GDPR apply to the UK LLC as a whole because of the breadth of data held, we rely on the provisions for research in the public interest (GDPR Article 6(1)(e) and 9(2)(j) as our lawful basis for processing.
7. Who can access and use data in the UK LLC TRE and for what purposes
Approved UK-based researchers are able to apply to access the data in the UK LLC TRE. They will need to demonstrate that they will be competent and safe users, that their project is in the public interest, is not run for profit making purposes, and will meet the requirements of the collaborating studies and data owners. If approved, the researchers will define the minimum data needed to conduct their research.
This diagram shows how the data access process works:
Researchers can work for any type of organisation, including Universities, Government and NHS, Charities, Private Sector companies. However, all users must abide by the usage rules and are bound to these by legal contract. We will only approve applications from researchers from organisations which are capable of high-quality public benefit research. In practice this will mean researchers and their organisations will need to commit to conducting ‘bona fide’ research as defined by the Medical Research Council and to be ‘Safe Researchers’ as defined by the Office for National Statistics. This will only be possible where research is either the main purpose or a substantial sub-purpose of an organisation.
The data can only be used for research purposes relating to COVID-19.
Only UK-based researchers can access the UK LLC.
8. What to expect if you are a participant in a collaborating study
The UK LLC does not change your relationship with the study or studies you are part of.
Your study remains the owner and Data Controller of the study data and has ultimate control of how your data is used in the UK LLC. The UK LLC (University of Bristol) also control your data in terms of day-to-day processing and curation, establishing the linkages to routine records and integrating the data and the management of research users.
The UK LLC is not able to identify any individual in the data it holds. This means we cannot confirm if your or anyone else’s data is held in the UK LLC TRE. This also means we do not have the ability to apply opt-out/objection requests from members of the collaborating studies. Only your study/studies can tell if your data is included.
Collaborating studies only provide data on some of their participants. Those who have opted out to the study using NHS and other records in research will be excluded from these linkages, and those who have withdrawn from the study will not be included at all.
Where participants change their mind (e.g. tell a study they do not want their NHS records used, or they want to withdraw from the study) then this information is regularly fed to the UK LLC and records will not be used in future research investigations and new data from linkages will not be collected. Where the data is already being used in research projects it is not possible to delete it, but we will make sure the data is not used in any new projects.
9. How long the UK LLC will retain your data
The UK LLC will hold your data for the indefinite future subject to our relevant data sharing contracts remaining in place. This is appropriate and proportionate as it is for scientific public good purposes and it is specifically designed to support longitudinal research which takes place across very long time frames. We (UK LLC) respect the right of all participants to change their mind about how they participate in their study or if they want to withdraw. We will implement changes in a timely manner.
10. Your personal identifiers are shared by your study with the following organisations:
Digital Health and Care Wales (DHCW) who will act as Data Processors tasked with securely distributing identifiers to relevant UK data owners; and to encrypt the identifiers into a de-personalised list of individuals and to manage the encryption keys. This process is critical in allowing the UK LLC to function in a de-personalised way.
In turn DHCW will share identifiers with:
11. How your data is being used
We provide a full list of who is using UK LLC data, who they are employed by, what purpose they have, which data they are using and what the outcomes of their research investigations are. This is available on our Data Use Register (https://ukllc.ac.uk/data-use-register/) . You can also request this by emailing email@example.com.
It applies to information we collect when you:
It also applies to the way we handle, process and store your information in:
12. How you can withdraw consent for us (UK LLC) to hold your data
You need to contact your study to let them know you wish to withdraw consent for the UK LLC to hold your data. Your study will then notify the UK LLC with this information and your data will be withdrawn from all future use by the UK LLC. Your study is responsible for your consent preferences.
13. Your rights
The UK LLC aims to meet the highest standards when collecting and using personal information. We encourage people to tell us if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving the way we handle your personal details.
The General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 provides individuals with rights over how their data are used. The UK LLC supports these rights.
Those who use the UK LLC or those accessing our website have a right to access their personal information, to object to the processing of their personal information, to rectify, to erase, to restrict and to port their personal information. Please visit the University of Bristol website pages on fair processing for further information in relation to your rights: http://www.bristol.ac.uk/secretary/data-protection/gdpr/rights-of-data-subjects/
If you would like to complain about our handling of your data, contact the University’s Information Rights Officer via email at firstname.lastname@example.org.
Or by post to:
Data Protection Officer
University of Bristol
Bristol BS8 1QU
If you remain dissatisfied, it is your right to complain directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at:
Information Commissioner’s Office
Please note that UK LLC (University of Bristol) may change this notice by updating this page. This notice is Version 2.1 and was updated on the 13th June 2022.
UK Longitudinal Linkage Collaboration
University of Bristol
39 Whatley Road
A University of Bristol and a University of Edinburgh project