Should you give the data out?
I would only consider giving the data out after sufficient steps are done to ensure that none of my participant’s privacy would be violated and that all of my actions are in line with the local privacy laws. If this is not possible, I would refuse to give out the data.
How do you not violate any of the General Principles of Informatics Ethics?
Checking compliance: under what agreement did the participants provide us with their data? if they only agreed for their data to be used in our study, it would be both illegal and unethical to pass on their data to some other research team. if they did agree that their data could be used in any purposes beforehand, we still need to know what are the ethical codes of the foreign research team? are they credible and have stringent data protection principles? there are a lot of questions we need to ask to ensure that our actions are in line with the principles of ethics
Anonymizing the data: are all the identifiers really necessary to the team? why would they need every partipicant’s individual address? if this is not required, all personal identifiers of participants could be erased to ensure that there is no breach of privacy
Informed consent: make sure that all participants from the study know that their personal data would be relayed to a foreign research team, whose action are not under the control of our current team
If you want to provide the data to them, what and how will you do it?
First, I would ask about the advice from the project head, as I am only the one who manages the data but do not necessarily have authority to decide what to do with it on my own. I don’t own the data. When it comes to big decisions like this, making the decision alone instead of consulting with the local research team first is a big taboo. Then, if everyone in the team is okay with the decision, we would review the current data agreement to see whether the participants gave us consent beforehand for their data to be used elsewhere. If they did not, we would need to re-obtain their consent. After that, we would try our best to erase all the unnecessary identifiers to the participant’s data. Only after all of these processes, I would send the data to the foreign team. I would also need to maintain regular communication with them to ask them about the usage of this data and ensure that everything is in line with code.