The UK Longitudinal Linkage Collaboration (UK LLC) is designed to support longitudinal research studies and research analysts working within the UK. It has been set up in response to the coronavirus pandemic to allow for the investigation into high priority COVID-19 research questions and help inform public health and social policy.
The UK LLC research database contains information, or data, on millions of people from many UK Longitudinal Population Studies. These types of studies follow aspects of people’s health and wellbeing over time. They can involve collecting data about many aspects of their lives including health status, social status (e.g. occupation, family structure), biological samples (such as blood and saliva) which provides genetic information and environmental information (such as air pollution, the amount of green space around homes), which can then be used for COVID-19 research purposes.
If you have enrolled into a longitudinal study then your data may be in the UK LLC database.
The database has been designed and built by longitudinal study managers and privacy experts on behalf of all the studies involved. The studies who contribute data are involved in its design and operation. Every collaborating study can see and control how its data are being used, and make sure the rules they set with people participating in their study are being applied.
The UK LLC provides a secure ‘trusted research environment’. This is a safe place in which the data from these studies can be stored, curated and analysed by approved researchers. All data in the UK LLC is anonymised, preventing anyone from discovering the identity of study participants. At no point in any process do UK LLC staff or researchers see names, addresses or other possible identifiers (e.g. NHS ID). All staff and researchers are subject to strict user agreements designed to protect the confidentiality of every single participant.
The UK LLC puts processes in place to make sure the data is as accurate and well organised as possible. The UK LLC then share these processed data, within the trusted research environment, with researchers in order to conduct COVID-19 research.
The UK LLC works with the collaborating studies and data owners, such as the NHS, to protect the privacy of all individuals whose data are held in our database and also the privacy of users of the UK LLC.The UK LLC needs to collect and process the personal data of individuals who have volunteered to take part in the longitudinal population studies that have agreed to be a part of the UK LLC in order to fulfil its statutory functions and operate effectively. Personal data is processed for a variety of reasons relating to research; all personal data will be collected and processed in accordance with the requirements of the UK General Data Protection Regulations (GDPR) and the UK Data Protection Act 2018. The UK LLC is committed to handling, storing and using your data properly, lawfully and in an ethical way.
In this notice we will explain how participants/your data will be used by UK LLC:
We will explain:
This privacy notice is intended to be clear and does not cover every single way we handle your personal details in detail. We are happy to provide further information on request. You can do this by emailing us at firstname.lastname@example.org
The UK LLC is part of the University of Bristol, which is the Data Controller for the information placed in the UK LLC research database.
The University can be contacted at:Data Protection Officer
University of Bristol
high priority COVID-19 scientific research by linking together longitudinal study data with participant health and social records and making these data research ready within a centralised secure location. This is part of the wider purpose of the University of Bristol to conduct research aiming to improve scientific understanding.
There are two distinct channels that studies may use to contribute your information to enable this:
They will use for the duration of the COVID-19 ‘emergency’ Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002 to process confidential patient information without consent. This allows data sharing to support urgent COVID-19 research only.
This legal basis is a short-term measure brought in specifically to address the ability to answer important research questions quickly during the COVID-19 pandemic. Collaborating studies will revert to using their own legal basis once this legislation has expired (Sept 2021). This will either be based on
This does not impact on your rights in any way. You are able to object and we will not seek to override any existing objections set with your study.
This legal basis within GDPR and the Data Protection Act 2018 is separate to, and in addition to, the actions and legal basis of the contributing studies which establishes the basis for your data to be collected, processed and shared for research purposes.
The UK LLC only contains data that has had all identifiable information, such as name and address, removed. This type of data is referred to as ‘de-identified’. The way in which the UK LLC has been designed means the risk of any person being identified by users is minimised to the point where it is not likely to happen. The following step by step process explains how the data moves between all parties to ensure confidentiality.
This diagram helps to visualise the flow of data:
Through this separation principle, the full identifiable datasets remain with the data owners (e.g, contributing studies, the NHS). The DHCW only see identifiers and the UK LLC only access de-identified data. This principle has been used for over a decade in the SAIL Databank and is now used in research and statistical settings across the UK (for example, the Office for National Statistics use this approach for their research datasets).
Only the UK LLC staff (at the University of Bristol) and the IT staff keeping the system safe (at the University of Swansea) have access to all the UK LLC datasets. This is necessary for data management and preparation. Where it may be considered that the provisions of the UK GDPR apply to the UK LLC as a whole because of the breadth of data held, we rely on the provisions for research in the public interest (GDPR Article 6(1)(e) and 9(2)(j) as our lawful basis for processing.
Legitimate UK based researchers are able to apply to access the data in the UK LLC. They will need to demonstrate that they will be competent and safe users, that their project is in the public interest, is not run for profit making purposes, and will meet the requirements of the collaborating studies and data owners. If approved, the researchers will define the minimum data needed to conduct their research.
The UK LLC does not change your relationship with the study or studies you are part of.
Your study remains the owner and Data Controller of the study data and has ultimate control of how your data is used in the UK LLC. The UK LLC (University of Bristol) also control your data in terms of day to day processing and curation, establishing the linkages to routine records and integrating the data and the management of research users.
The UK LLC is not able to identify any individual in the data it holds. This means we cannot confirm if your or anyone else’s data is held in the UK LLC. This also means we do not have the ability to apply opt-out/objection requests from members of the collaborating studies. Only your study/studies can tell if your data is included.
Collaborating studies only provide data on some of their participants. Those who have opted out to the study using NHS and other records in research will be excluded from these linkages, and those who have withdrawn from the study will not be included at all.
Where participants change their mind (e.g. tell a study they do not want their NHS records used, or they want to withdraw from the study) then this information is regularly fed to the UK LLC and records will be deleted from the core UK LLC dataset. Where the data is already being used in research projects it is not possible to delete it, but we will make sure the data is not used in any new projects.
This list will be completed as studies migrate copies of their data into the UK LLC database. Currently there is no data in the UK LLC secure research database.
The UK LLC will hold your data for the indefinite future. This is appropriate and proportionate as it is for scientific public good purposes and it is specifically designed to support longitudinal research which takes place across very long time frames. We (UK LLC) respect the right of all participants to change their mind about how they participate in their study or if they want to withdraw. We will implement changes in a timely manner.
The Digital Health & Care Wales (DHCW) who will act as Data Processors tasked with securely distributing identifiers to relevant UK data owners; and to encrypt the identifiers into a de-identified list of individuals and to manage the encryption keys. This process is critical in allowing the UK LLC to function in a de-identified way.
In turn the Digital Health & Care Wales (DHCW) will share identifiers with:
The data will be stored on secure servers controlled by the University of Bristol and located at the University of Swansea (data processors to University of Bristol for the UK LLC.) The University of Swansea are UK leaders in providing this type of secure research server in the UK and internationally. The servers are managed to Information Security best practice standards (ISO27001) and are regularly audited by IT and security professionals, the NHS and the UK statistics authorities.
We will provide a full list of who is using UK LLC data, who they are employed by, what purpose they have, which data they are using and what the outcomes of their research investigations are. For this information you can email email@example.com
It applies to information we collect when you:
It also applies to the way we handle, process and store your information in:
You need to contact your study to let them know you wish to withdraw consent for the UK LLC to hold your data. Your study will then notify the UK LLC with this information and your data will be withdrawn. Your study is responsible for your consent preferences.
The UK LLC aims to meet the highest standards when collecting and using personal information. We encourage people to tell us if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving the way we handle your personal details.
The General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 provides individuals with rights over how their data are used. The UK LLC supports these rights.
Those who use the UK LLC or those accessing our website have a right to access their personal information, to object to the processing of their personal information, to rectify, to erase, to restrict and to port their personal information. Please visit the University of Bristol website pages on fair processing for further information in relation to your rights.
If you would like to complain about our handling of your data, contact the University’s Information Rights Officer via email at firstname.lastname@example.org.
Or by post to:Data Protection Officer
University of Bristol
Bristol BS8 1QU
If you remain dissatisfied, it is your right to complain directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at:Information Commissioner’s Office
Please note that UK LLC (University of Bristol) may change this notice by updating this page. This notice is Version 1 and was updated on the 31st March 2021.