Data Access Guidelines

Find out about the guidelines that the independent IDDO Data Access Committee uses when assessing applications to access data deposited on the IDDO platform. Please note that the information here is copyright protected

Last updated: 17th July 2025

This document describes how to access data hosted on the IDDO platform, and explains the processes and guidelines involved. It also describes how the independent IDDO Data Access Committee (DAC) evaluates applications for data access. 

We developed the Data Access Guidelines together with the independent IDDO DAC, who abide by these guidelines to make decisions on applications to access data. A separate Data Use Agreement sets out the conditions for the use of datasets approved for release: this agreement is signed by the Data Recipient and the University of Oxford (which is the legal entity that hosts the IDDO Platform)

The Infectious Diseases Data Observatory (IDDO) exists to promote the reuse of individual participant data across the global infectious disease community. IDDO curates submitted data to produce freely available harmonised datasets, enabling scientists to answer new research questions from existing data.


It also provides the methods, governance and infrastructure to translate health data into evidence to improve health outcomes worldwide. IDDO incorporates the pioneering work done by the WorldWide Antimalarial Resistance Network (WWARN), a collaborative data-sharing framework that proved it is possible to produce policy-changing scientific evidence from pooling existing data.


We comply with the data protection safeguards laid down in the UK Data Protection Act 2018, the European Union General Data Protection Regulation (EU GDPR) and UK General Data Protection Regulation (UK GDPR) that provide stringent global data protection standards.

The submission of published and unpublished data to IDDO is governed by legally binding Terms of Submission. For more details on procedures and definitions, please refer to the Data Access Committee Terms of Reference that can be requested at dataaccess@iddo.org.
 

IDDO is a data processor: the ownership of the data remains with the data contributors’ institution as the data controller. The data controller can make decisions on data access or can delegate that administrative function to the independent IDDO Data Access Committee (DAC). We encourage everyone contributing data to IDDO to delegate decisions about access to their data to the DAC for reducing administrative burden to data contributors and facilitating a prompt review of data request with clear and transparent review mechanisms.
 

The IDDO Data Access Committee (DAC) is an independent group of international experts who review and make decisions on the scientific relevance and ethical feasibility of data access applications for the curated data on the IDDO Platform. Currently, a staff member from the Special Programme for Research and Training in Tropical Diseases (TDR), nominated by the World Health Organization (WHO), chairs the DAC, which is independent of IDDO. The infectious diseases research community nominates members for the DAC, and it operates in accordance with the DAC Terms of Reference (ToR) that are agreed on and reviewed periodically by the IDDO Secretariat together with the DAC members.

Here is a short summary of the data access process:

  • The Data Requestor completes a Data Access Application Form and lists the data they are requesting.

     

  • The data requestor submits the completed application form to IDDO. There is no cost for data requestors to access the platform data.

     

  • We work with the Data Requestor to make sure that the Data Access Application Form is complete
    and then forward it to the data contributor or the independent IDDO Data Access Committee. If the data
    controller has chosen to delegate this function to the DAC, the DAC can decide to:
    • Approve the application;
    • Approve with conditions, such as approval subject to the Data Requestor obtaining funding and/or necessary approvals;
    • Reconsider the application, asking for further clarification or amendment by the Data Requestor;
    • Reject the application if the application does not meet the Data Access Guidelines. In that
      case, the DAC will provide written justification for all rejected applications.

The DAC will reconsider rejected applications and those for which they have requested amendments, if the issues raised by the DAC are addressed in a revised application. The DAC Chair or Vice Chairs will manage any dispute(s) and/or appeal(s) regarding data access decisions.
 

Depending on the nature of the request, the data requestor will receive a response from the IDDO DAC within two business weeks. When urgent research aims to address an active public health emergency, following the agreement from the DAC Chair, the DAC will respond within three business days.
 

All Data Recipients approved by the DAC to access Curated Data are required to invite the Data Contributor(s) to participate in their proposed research and/or to acknowledge the Data Contributors in the proposed research, as stipulated within Schedule 1 of the Data Use Agreement.

A data access application will need to be amended even after DAC review and approval for access to data if:
 

  • New members are added to the Research Team
    By default, only the research team members listed in the original data access application have permission to use the requested data in the research programme. However, the Data Use Agreement does allow for new additions to be made to the research team: data requestors need to provide the IDDO Secretariat with an updated application form, which will then be reviewed and appended to the original Data Use Agreement.
     
  • Additional data is required
    Once the DAC has completed their review, no further amendments can be made to the existing application without additional review (the only exception is the addition of new research team members, as described above). If any further data is required later, the DAC Chair will need to approve the amended application, provided that there are no changes to the original research question and methodology. More significant alterations, such as changes to the research question or methodology, will require a new application to the DAC.

The independent IDDO DAC will consider for approval applications that aim to:
• deliver research that addresses knowledge gaps of importance to those affected by, or at risk of infectious diseases of poverty and emerging infections;
• protect the rights and privacy of individuals and communities from whom the data originate;
• operate in a transparent manner and promote equitable collaboration that recognises and protects the interests of those who generate the data; and
• conduct research which contributes towards improving research capacity, health and policy in regions affected by or at risk of infectious diseases.
 

IDDO will release data to applications approved by the DAC after the execution of a Data Use Agreement (DUA). The DUA outlines the contractual terms of data use.

Promotion of Access
The IDDO DAC provides an independent decision-making committee that evaluates and decides whether requests to access data are consistent with the Data Access Guidelines and responds accordingly to applicants. If an application complies with these guidelines, and there are no concerns about scientific value or ethics, then the application will be approved.

 

The DAC evaluates data access applications according to the following criteria:

Scientific Value

The DAC will ensure that the proposal has scientific value by verifying that the research question:

  • is in line with research areas highlighted in published global research agendas or those from diseases-affected communities, or has received a credible and favourable scientific peer-review;
  • addresses a knowledge gap and avoids duplication and unnecessary competition;
  • benefits the wider public health community.

Plans to publish and disseminate the research results must enable open access to the results.

Scientific Justification

  • The Data requested must be capable of answering the research question.
  • The methodology proposed to answer the research question must be sound.
  • Each variable requested must be required for the successful completion of the research project (in line with GDPR principles of proportionality and minimisation).
  • To avoid unnecessary duplication, the DAC may reject an application or return it for reconsideration if the application is considered to be significantly overlapping with ongoing or completed research using the Data from the Platform.

Researchers' commitments

Access to data is limited to Data Requestors working in a relevant field and with a formal affiliation to a health, research, humanitarian, government, inter-government or academic institution with legal status.

The Data Requestor will have either an academic record consistent with execution of the proposed analysis, or the support of a supervising co-applicant with appropriate expertise.

The Data Requestor will attest that sufficient funding to perform the proposed research has been secured or is sought for this purpose.

The Data Requestor will not have previously violated any of the requirements for data access outlined in these Guidelines or any data use agreement.

Ethical considerations

The DAC must be satisfied that there are no concerns about the ethical aspects of the application. The DAC will consider all applicable ethical and legal regulations, including without limitation: (i) of the country where the data have been collected or originate from; and (ii) international best standards and rules relating to medical obligations, data protection and data access. 

Whilst secondary data analysis does not always require ethics approval, the DAC will rely on Data Requestors to provide evidence to the Committee that they have complied with all and any requirements for ethics and regulatory approvals required in their institutions or jurisdictions, including proof of any ethics committee review waiver.

Collaboration and Knowledge Sharing

We and our partners operate under a mandate to build local research capability, particularly in low-resource settings, where infectious diseases have a disproportionate impact on already fragile health systems. Applications should provide details of how the research will involve local partners having generated data and/or bring benefit to these communities and some examples of such initiatives are included in the Data Access Application. 

A Data Use Agreement (DUA) with the University of Oxford must be signed by the appropriate signatory from the Data Requestor’s institution, before Data is released to the data Requestor. Where the Lead Investigator is employed by the University of Oxford, the appropriate signatures are executed by the respective Principal Investigators, using a cover letter that acknowledges the terms of the IDDO data use agreement. In all cases, the data use agreement imposes obligations on the Data Requestor that are intended to ensure compliance with the key principles underpinning the Platform.

The breach of any of the terms outlined in the data use agreement will result in a withdrawal of approval to access and/or use of the Data.

See the IDDO Frequently Asked Questions (FAQs) for more information.