Big data research poses new challenges to ethics committees

A new study highlights the need for the training of research ethics committees tasked with reviewing data-intense research protocols where data protection and data sharing are important. This is to better handle the ethical, legal and social implications of big data-related research, which are inadequately supported by legislative and enforcement frameworks.

The sharing of research data is of increasing interest, with many funders advocating for, or even requiring researchers to share data sets as a condition of funding to maximise their utility and value.

Despite the benefits of data sharing, finding the right balance between making data accessible and safeguarding privacy, preventing data misuse, determining authorship and protecting intellectual property is challenging.

This challenge has been reported to be greater in low- and middle-income countries such as those in Sub-Saharan Africa (SSA) because of the gap in decision-making between data producers and data users.

Some SSA countries have introduced data protection regulations in response to the recent digital revolution. They have put in place regulatory and legal data-protection frameworks to safeguard valuable information from exploitation, compromise and loss or theft – in other words, data governance.

These frameworks govern how certain data types are collected, processed and shared. This secures the privacy, availability and integrity of data through frameworks that set out how sensitive data, in particular, and privacy should be managed via the provision of tools and policies that restrict the unauthorised access, use and-or transfer of data.

Variations in legal and ethical frameworks

However, legal and ethics frameworks that guide data-sharing and protect the interests of data donors in the region appear to vary considerably in their structure, terms, procedures and authority.

There are governance challenges relating to data protection in research, as not all countries in SSA have a legal framework to regulate the use of big data in research – that is, large volumes of a variety of raw data processed at high speed and frequency.

Instead, there is a spectrum of legal regulation, ranging from the strict, comprehensive protection of data to no legal frameworks at all. Likewise, research ethics policies and guidelines suffer the same level of variability across the subcontinent where big data are concerned.

Unfortunately, data governance within SSA continues to be inadequately supported by legislative and enforcement frameworks.

Research ethics committees (RECs) have traditionally been established to protect the rights of research participants. However, they also play a key role in reviewing data-intense research protocols where data protection and data sharing are important.

The recent pandemic has placed increasing demands on RECs as research engaging with big data and artificial intelligence (AI) was accelerated.

In a recent study, we aimed to determine REC members’ perceptions of data governance (safeguarding valuable information from exploitation, compromise and loss or theft) in SSA and to describe related challenges.

It is unclear how REC members navigate governance structures and processes and review such protocols. This study is part of a bigger project exploring the ethical, legal and social implications of big data and AI in SSA.


We found that only 58% of the REC members surveyed indicated that laws existed at a national level, with the remainder indicating no knowledge or uncertainty about the existence of such laws. More specifically, a quarter (24%) of REC members were uncertain about whether such frameworks existed within their respective countries or institutions.

Although just under two-thirds of respondents were unaware of laws relating to data-intense research, only half were aware of laws relating to the cross-border transfer of data.

This suggests that research data may be crossing borders without agreements or export permits in place. Suboptimal awareness of the existence of data protection laws or the lack thereof among REC members in the sample was concerning. This will impact negatively on how data-intense protocols are reviewed.

Most worrying is the apparent lack of legislative frameworks for the cross-border transfer of big data on the subcontinent and out of Africa to other parts of the world.

The lack of legal and ethics expertise within RECs was recognised as a challenge in adequately reviewing research protocols that related to big data, research transfer agreements and in developing frameworks and policies.

This is important because of the historical concern with data and samples leaving SSA in an unregulated manner, which raises concerns about exploitative research practices.

Notably, although our findings indicate the absence of Data Transfer Agreements (DTAs) or Material Transfer Agreements (MTAs) at some institutions within SSA, most respondents (74%) indicated that their RECs were still responsible for reviewing these legal documents together with data sharing-related research protocols when required.

Training for members of ethical committees

This raises concerns about the quality of review being conducted on the Data Transfer Agreements or Material Transfer Agreements submitted to RECs.

A DTA is a legal contract governing the transfer of de-identified human subject data, or identifiable human subject data in cases where a respondent has given voluntary, informed and electronic consent.

In many countries in SSA, biological samples are regulated in legislation via MTAs. However, data, and particularly big data, are excluded.

Respondents emphasised that these DTAs should be stringent, with importance placed on institutions instigating mechanisms to improve regulatory compliance.

Suggestions included consultation with legal experts in the development of new DTAs, or improvements to current DTAs to ensure that they are aligned to existing laws or regulations.

The implementation of access control systems that concentrate on standard criteria for data use and propositions may reduce the likelihood of data misuse, and may legally complement data transfer across borders.

Our study highlights the need for the training of REC members in Africa to better handle the ethical, legal and social implications of big data-related research. These members recognised a deficit in their experience and expertise pertaining to the review of research protocols involving big data and related research transfer agreements.

In addition, established RECs across SSA would benefit from the reformation of practices and oversight mechanisms, expertise and regulations to better cater for the big data research context.

Transparent, robust and standardised data governance may promote shared ethical values to conduct research with big data on the subcontinent.

Equipping RECs with basic epistemological advantages, in the form of skills and knowledge in big data, would allow them to better fulfil their roles in effectively reviewing data-sharing protocols.

Nezerith Cengiz, Siti Kabanda and Keymanthri Moodley are affiliated with the division of medical ethics and law in the faculty of medicine and health sciences (FMHS) at Stellenbosch University (SU), South Africa. Tonya Esterhuizen works in the division of epidemiology and biostatistics in the FMHS at SU. This article is an abridged version of their paper, ‘Exploring perspectives of research ethics committee members on the governance of big data in Sub-Saharan Africa’, published recently in the South African Journal of Science.