Privacy Policy (Version 2, 30 September 2021 – 13 June 2022)

The UK Longitudinal Linkage Collaboration (UK LLC) is designed to support longitudinal research studies and researchers working within the UK. It has been set up in response to the coronavirus pandemic to allow for the investigation into high priority COVID-19 research questions and help inform public health and social policy.

The UK LLC Trusted Research Environment (TRE) contains data from millions of people who are study participants in over 20 of the UK’s top Longitudinal Population Studies. A TRE is a safe virtual place in which the data from these studies can be stored, curated and analysed by approved researchers.

Longitudinal studies follow aspects of people’s health and wellbeing over time. Longitudinal studies can involve collecting data about many aspects of their participants’ lives including health status, social status (e.g. occupation, family structure), biological samples (such as blood and saliva) which provide genetic information and environmental information (such as air pollution, the amount of green space around homes). This data can then be used for COVID-19 research purposes.

If you have enrolled into a longitudinal study then your data may well be in the UK LLC TRE. A list of the studies taking part in the UK LLC is available on our website https://ukllc.ac.uk/about

Who is involved?

The UK LLC TRE has been designed and built by longitudinal study managers and privacy experts on behalf of all the studies involved. The UK LLC is being led by the University of Bristol and the University of Edinburgh and is part of the Longitudinal Health & Wellbeing National Core Study, which is led by University College London (UCL).

The UK LLC does not outsource any of its data processing to commercial companies.

The studies which contribute data are involved in the design and operation of the TRE. Every collaborating study can see and control how its own supplied data is being used, and make sure it’s being used for the purposes that have been agreed.

How does it work?

All the data in the UK LLC TRE is de-personalised, preventing anyone from discovering the identity of any study participants. At no point in any process do UK LLC staff or researchers see names, addresses or other identifiers (e.g. NHS ID). All staff and researchers are subject to strict user agreements designed to protect the confidentiality of every single participant.

The UK LLC has put in place processes to make sure the data is curated and as well organised as possible. The UK LLC only grant access to this processed data, within the TRE, to approved and authorised researchers in order to conduct COVID-19 research.

The UK LLC works with the collaborating studies and data owners, such as the NHS, to protect the privacy of all individuals whose data is held in our database and also the privacy of users of the UK LLC. The UK LLC needs to collect and process the personal data of individuals who have volunteered to take part in the longitudinal population studies that have agreed to be a part of the UK LLC in order to fulfil its statutory functions and operate effectively. Personal data is processed for a variety of reasons relating to research; all personal data will be collected and processed in accordance with the requirements of the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018. The UK LLC is committed to handling, storing and using your data properly, lawfully and in an ethical way.

In this notice we will explain how participants’/your data will be used by UK LLC. We have defined some of the different categories of data and areas of responsibility for the data that we use in this document below:

Personal data means any data which can identify you directly or indirectly (whether itself or when combined with other data), regardless of the format or media on which the data is stored. This includes data that can identify you when combined with other data that is held separately (de-personalised data). For example, your name and date of birth.
De-personalised data means data which has had all identifiers removed and which is controlled to the point where re-identification is no longer reasonably likely. This de-personalised data will have a unique ID number for each individual in the dataset, but the users will not have access to the key that converts the ID number to identifiers such as name and date of birth.
Processing means any activity relating to your personal data including collection, use, alteration, storage, disclosure and destruction.
Data Controller is a term used in Data Protection law. A Data Controller can choose how to process data and has legal responsibility for the data under their control. For example, the Data Controller for many of the collaborating studies within the UK LLC will be UK based Universities.
Data Processor is a term used in Data Protection law. A Data Processor (such as an authorised researcher) processes data under the instruction of a Data Controller. A Data Processor must only process the data in the way they are instructed, they cannot use the data for any other purpose or in a different way.

We will also describe important types of data, all of which are relevant to COVID-19 research:

Study data means any data collected by collaborating studies taking part in the UK LLC. This can be from questionnaires, from interviews, from biological samples you may have given (including genetic data from DNA, or COVID-19 status data from COVID-19 test kits) or from other sources (such as linked records or smart devices).
Health data means official records collected by the NHS or other organisations which are related to your physical and mental health. This will include general practice records from your GP, hospital records, COVID-19 test and vaccination records, prescription data and specialist mental health care records. It may also include data from other sources such as the COVID-19 infection survey data held by the Office for National Statistics. The UK LLC will only access structured and coded data; we do not access the free text (detailed doctor’s notes) in your records.
Administrative data means the COVID-19 relevant records from other (not NHS) government departments. This will include records describing your occupation, employment status, information about your employer, tax and benefits, and information about education and schools, colleges and universities.
Environmental data means COVID-19 information about the area in which you live or where you spend time (e.g. near a workplace). This can be information about the environment such as air pollution records, how ‘green’ a place is, weather or noise records. It could also be about neighbourhoods and services such as a distance from your home to the nearest GP or pharmacy, what the crime rate is in your neighbourhood, what broadband services are available.

We will explain:

Collaborating studies and their contact details;
Where and how your data is stored;
Who is the Data Controller?;
Which sources are my data being linked to?;
The legal basis we have for studies providing your personal data into the UK LLC;
How the design of the UK LLC ensures the confidentiality of your data;
Who can access and use data in the UK LLC TRE and for what purposes;
What to expect if you are a participant in a collaborating study;
How long the UK LLC will retain your data;
The organisations with which your personal identifiers are shared;
How your data is being used:- for users of the UK LLC; for users of the UK LLC website, mailing lists and other communication channels; for users of the UK LLC and mailing lists only; and how you can withdraw your consent;
How you can withdraw consent for us (UK LLC) to hold your data;
Your rights;
Changes to our privacy policy.

This privacy notice is intended to be clear and does not cover every single way we handle your personal information in detail. We are happy to provide further information on request. You can do this by emailing us at info@ukllc.ac.uk

1. Collaborating studies and their contact details

This list will be completed as studies migrate copies of their data into the UK LLC database and will be made available on our website https://ukllc.ac.uk .

2. Where and how your data is stored

The data will be stored on secure servers controlled by the University of Bristol and physically located at the University of Swansea (data processors to University of Bristol for the UK LLC.) The University of Swansea are UK leaders in providing this type of secure research server in the UK and internationally. The servers are managed to Information Security best practice standards (ISO27001) (which is the global standard for high quality information security) and are regularly audited by IT and security professionals, the NHS and the UK statistics authorities.

3. Who is the Data Controller?

The University of Bristol is the Data Controller for the UK LLC. The organisation running your study (a University or part of the NHS) remains the owner and Data Controller of the study data for all other purposes. For certain important areas we work closely with your study to make sure we process the data in the right way. The terms of this are set out in a legally binding contract between the University of Bristol and the organisation running your study.

The University can be contacted at:
Data Protection Officer
University of Bristol
Beacon House
Queens Road
Bristol
BS8 1QU
UK
Email: data-protection@bristol.ac.uk

4. Which sources are my data being linked to?

Your study determines which linkages we are allowed to set up. This is based on any preferences you have set (e.g. through consent or opt-out) and what linkages the authorised researchers has described to you. Some studies have asked we only conduct spatial analysis to postcode level based on their study-level practice. Your study will provide a status file so we can apply these preferences accurately.

The current study linkage plan is as follows:

Study	Health	Zoe Symptom Tracker	Environmental: Full Address	Environmental: Postcode
National Survey of Health and Development (1946 cohort)	Y	TBC	Y	–
English Longitudinal Study of Ageing (ELSA)	Y	TBC	N	N
Generation Scotland	Y	TBC	Y	–
Extended Cohort for E-health, environment and DNA (EXCEED)	Y	TBC	Y	–
Genetic Links to Anxiety and Depression Study (GLAD)	Y	TBC	Y	–
UK Household Longitudinal Study (Understanding Society)	Y	TBC	N	Y
The Millennium Cohort Study (Child of the New Century)	Y	TBC	N	Y
NIHR BioResource	Y	TBC	Y	–
The Northern Ireland Cohort for the Longitudinal Study of Ageing (NICOLA)	TBC*	TBC	N	Y
Born in Bradford	Y	TBC	Y	–
Track-COVID	Y	TBC	N	N
National Child Development Study (1958 cohort)	Y	TBC	N	Y
British Cohort Study (1970 cohort)	Y	TBC	N	Y
Next Steps	Y	TBC	N	Y
TWINS UK	Y	TBC	N	Y

We are currently seeking to establish a basis for linking to NHS records in Scotland and NI

Note: In future we aim to link administrative data into the UK LLC TRE

5. The legal basis we have for studies providing your personal data into the UK LLC TRE

The UK LLC is tasked with supporting high priority COVID-19 scientific research by linking together longitudinal study data with participant health, administrative and environmental records. This is part of the purpose of the University of Bristol to conduct research aiming to improve scientific understanding.

Legal basis for using (NHS) Health records

A. In England and Wales

Currently, for the duration of the COVID-19 ‘emergency’, our legal basis is using Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002. This allows data sharing to support urgent COVID-19 research only and is in place until the end of March 2022.

This legal basis is a short-term measure brought in specifically to address the ability to answer important research questions quickly during the COVID-19 pandemic. Collaborating studies will revert to using their own legal basis once this legislation has expired. This will be based on either:

your opt in consent, or
based on providing you with clear information, a means to object and using Regulation 5 of the Health Service (Control of Patient Information) Regulations 2002

Our use of pandemic measures does not impact on your rights in any way. You are able to object to this use of your data and we will not seek to override any existing objections you have set with your study or with the NHS (we fully respect National Opt Out unless you have provided opt in consent to your study).

B. In Scotland and Northern Ireland

We are in discussions with the NHS in Scotland and NI to establish a legal basis for using NHS Scotland and Health and Social Care Northern Ireland records.

Legal basis for using non-health administrative records

The UK LLC will use the research provisions of the Digital Economy Act 2017 to link to administrative records (such as those held by HM Revenue and Customs, the Department for Work and Pensions, and the Department for Education and its devolved equivalents). We will access existing de-personalised data from these sources from the UK’s statistical authorities and agencies. The Digital Economy Act provides a legal basis for the transfer of confidential information by public authorities for research purposes in a way that does not breach any duty of confidentiality owed to the individual by the public authority.

The legal basis for the UK LLC under UK GDPR and the Data Protection Act 2018:

In addition to needing a legal basis for the use of NHS and non-health administrative data, the UK LLC also needs a legal basis to comply with Data Protection laws. Our basis for these are:

Performance of a task carried out in the public interest (Article 6(1)(e) in the GDPR); and, where sensitive personal information is involved;
Scientific or historical research purposes or statistical purposes (Article 9(2)(j) in accordance with Article 89(1)).The GDPR defines ‘sensitive personal information’ as information that reveals a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership; and the processing of genetic data or biometric data for the purpose of uniquely identifying a person; data concerning health or data concerning sex life or sexual orientation.

This legal basis within UK GDPR and the Data Protection Act 2018 is separate to, and in addition to, the actions and legal basis of the collaborating studies which establishes the basis for your data to be collected, processed and shared for research purposes.

6. How the design of the UK LLC ensures the confidentiality of your data

The UK LLC only contains data that has had all identifiable information, such as name and address, removed. This type of data is referred to as ‘de-personalised’.

The design of the UK LLC TRE means the risk of any person being identified by users is minimised to the point where it is not likely to happen. This works by involving two ‘trusted third parties’ who process parts of the data, but only access either personal identifiers or de-personalised data. These ‘trusted third parties’ are Digital Health and Care Wales (the NHS authority in Wales who process NHS data for research purposes) and SeRP (a part of University of Swansea who provides specialist IT equipment and systems for researchers using linked records). This diagram helps to visualise the flow of data:

Through this separation principle, the full identifiable datasets remain with the data owners (e.g, contributing studies, the NHS). Digital Health and Care Wales only sees identifiers and the UK LLC only access de-personalised data. This principle has been used for over a decade in the Secure Anonymised Information Linkage (SAIL) Databank and is now used in research and statistical settings across the UK (for example, the Office for National Statistics use this approach for their research datasets).

Only the UK LLC staff (at the University of Bristol) and the IT staff keeping the system safe (at the University of Swansea) have access to all the UK LLC datasets. This is necessary for data management and preparation. Where it may be considered that the provisions of the UK GDPR apply to the UK LLC as a whole because of the breadth of data held, we rely on the provisions for research in the public interest (GDPR Article 6(1)(e) and 9(2)(j) as our lawful basis for processing.

7. Who can access and use data in the UK LLC TRE and for what purposes
Approved UK-based researchers are able to apply to access the data in the UK LLC TRE. They will need to demonstrate that they will be competent and safe users, that their project is in the public interest, is not run for profit making purposes, and will meet the requirements of the collaborating studies and data owners. If approved, the researchers will define the minimum data needed to conduct their research.

This diagram shows how the data access process works:

Researchers can work for any type of organisation, including Universities, Government and NHS, Charities, Private Sector companies. However, all users must abide by the usage rules and are bound to these by legal contract. We will only approve applications from researchers from organisations which are capable of high-quality public benefit research. In practice this will mean researchers and their organisations will need to commit to conducting ‘bona fide’ research as defined by the Medical Research Council and to be ‘Safe Researchers’ as defined by the Office for National Statistics. This will only be possible where research is either the main purpose or a substantial sub-purpose of an organisation.

The data can only be used for research purposes relating to COVID-19.

Only UK-based researchers can access the UK LLC.

8. What to expect if you are a participant in a collaborating study

The UK LLC does not change your relationship with the study or studies you are part of.

Your study remains the owner and Data Controller of the study data and has ultimate control of how your data is used in the UK LLC. The UK LLC (University of Bristol) also control your data in terms of day-to-day processing and curation, establishing the linkages to routine records and integrating the data and the management of research users.

The UK LLC is not able to identify any individual in the data it holds. This means we cannot confirm if your or anyone else’s data is held in the UK LLC TRE. This also means we do not have the ability to apply opt-out/objection requests from members of the collaborating studies. Only your study/studies can tell if your data is included.

Collaborating studies only provide data on some of their participants. Those who have opted out to the study using NHS and other records in research will be excluded from these linkages, and those who have withdrawn from the study will not be included at all.

Where participants change their mind (e.g. tell a study they do not want their NHS records used, or they want to withdraw from the study) then this information is regularly fed to the UK LLC and records will not be used in future research investigations and new data from linkages will not be collected. Where the data is already being used in research projects it is not possible to delete it, but we will make sure the data is not used in any new projects.

9. How long the UK LLC will retain your data

The UK LLC will hold your data for the indefinite future subject to our relevant data sharing contracts remaining in place. This is appropriate and proportionate as it is for scientific public good purposes and it is specifically designed to support longitudinal research which takes place across very long time frames. We (UK LLC) respect the right of all participants to change their mind about how they participate in their study or if they want to withdraw. We will implement changes in a timely manner.

10. Your personal identifiers are shared by your study with the following organisations:

Digital Health and Care Wales (DHCW) who will act as Data Processors tasked with securely distributing identifiers to relevant UK data owners; and to encrypt the identifiers into a de-personalised list of individuals and to manage the encryption keys. This process is critical in allowing the UK LLC to function in a de-personalised way.

In turn DHCW will share identifiers with:

The UK NHS authorities which share records with researchers (including NHS Digital in England, Public Health Scotland/eDRIS/National Records of Scotland in Scotland, SAIL databank in Wales, NHS Northern Ireland Business Development Organisation in NI). They will use these identifiers to find study participant records within their databases and to extract relevant information from them, de-personalise these extracts and make them available to the UK LLC for research purposes. This process will not alter the health record (it will only take a copy) and will not impact on service provision;
The UK statistical agencies (including the Office for National Statistics in England and Wales, eDRIS/National Records of Scotland in Scotland, Northern Ireland Statistics & Research Agency in NI). They will use these identifiers to find study participant records within their databases and to extract relevant information from them, de-personalise these extracts and make them available to the UK LLC for research purposes. This process will not alter the underlying record (it will only take a copy) and will not impact on service provision. This process will not be a way in which government departments will find out new information about members of the public;
The University of Leicester will receive address data or postcode data only (depending on study permissions) in order to link to the precise location of the property/postcode and then map information to the property; such as air pollution, noise data, services and the amount of green space around the property. The University of Leicester will not know which address relates to any person or their involvement in any study. Randomly selected real UK addresses will be added to the list to make sure nothing can be inferred from this process.

11. How your data is being used

We will provide a full list of who is using UK LLC data, who they are employed by, what purpose they have, which data they are using and what the outcomes of their research investigations are. We are developing a page on our website to show this, but in the meantime you can request this by emailing info@ukllc.ac.uk.

It applies to information we collect when you:

Visit our website
Post information on social media
Complete an online proposal form (researchers)
Complete a data access agreement, data transfer agreement, material transfer agreement, confidentiality agreement or data user responsibilities agreement (researchers)
Submit a manuscript for review (researchers)

It also applies to the way we handle, process and store your information in:

Sending mail and email
Providing research data for use in scientific research

12. How you can withdraw consent for us (UK LLC) to hold your data

You need to contact your study to let them know you wish to withdraw consent for the UK LLC to hold your data. Your study will then notify the UK LLC with this information and your data will be withdrawn from all future use by the UK LLC. Your study is responsible for your consent preferences.

13. Your rights

The UK LLC aims to meet the highest standards when collecting and using personal information. We encourage people to tell us if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving the way we handle your personal details.

The General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 provides individuals with rights over how their data are used. The UK LLC supports these rights.

Those who use the UK LLC or those accessing our website have a right to access their personal information, to object to the processing of their personal information, to rectify, to erase, to restrict and to port their personal information. Please visit the University of Bristol website pages on fair processing for further information in relation to your rights: http://www.bristol.ac.uk/secretary/data-protection/gdpr/rights-of-data-subjects/

If you would like to complain about our handling of your data, contact the University’s Information Rights Officer via email at data-protection@bristol.ac.uk.

Or by post to:

Data Protection Officer
University of Bristol
Beacon House
Queens Road
Bristol BS8 1QU
UK

If you remain dissatisfied, it is your right to complain directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
ico.org.uk

14. Changes to our privacy policy

Please note that UK LLC (University of Bristol) may change this notice by updating this page. This notice is Version 2 and was updated on the 30th September 2021

Previous versions of the privacy notice will be available here – Privacy Policy, Version 1, 31 March 2021 – 30 September 2021

UK Longitudinal Linkage Collaboration
University of Bristol
Oakfield House
Oakfield Grove
Bristol BS8 2BN

Email: info@ukllc.ac.uk

A University of Bristol and a University of Edinburgh project