Print  Close

Updating Privacy Policies for OpenNeuro Data Archive

Presented During:

Educational, Data Protection, and Social Aspects of Brain Imaging  
Wednesday, June 25, 2025: 5:45 PM - 7:00 PM
Brisbane Convention & Exhibition Centre  
Room: M4 (Mezzanine Level)  

Poster No:

1819 

Submission Type:

Abstract Submission 

Authors:

Anita Jwa1, Joshua Buckholtz1, Christopher Markiewicz1, Russell Poldrack1

Institutions:

1Stanford University, Stanford, CA

First Author:

Anita Jwa  
Stanford University
Stanford, CA

Co-Author(s):

Joshua Buckholtz  
Stanford University
Stanford, CA
Christopher Markiewicz  
Stanford University
Stanford, CA
Russell Poldrack  
Stanford University
Stanford, CA

Introduction:

OpenNeuro is a BRAIN Initiative data archive that provides the ability to openly share data from a broad range of brain imaging data types following the FAIR principles [1]. OpenNeuro has adopted a public sharing model under CC0 [2] or PDDL [3] license, if the datasets are deidentified following the standards under the HIPAA. However, given the wide spectrum of neuroimaging data that has been, and will be, collected as part of the BRAIN Initiative, there is a critical need to equip OpenNeuro to hold more diverse neuroimaging data, which may differ in their specific privacy risks and in limitations on subsequent use of data. Sharing data with various levels of sensitivity and restrictions will require not only infrastructural support but also a carefully contemplated scheme to protect data privacy. As an effort to build this scheme, we devised an updated policy that delineates new privacy measures for data shared through OpenNeuro.

Methods:

When assessing the overall privacy risk of a dataset, it is crucial to consider both the likelihood of risk occurrence and the potential magnitude of harm. We have classified brain imaging datasets into four categories based on the combination of these two factors: high or low probability of risk occurrence and high or low magnitude of harm (Table 1). Since data reidentification represents the primary risk event, the likelihood of risk occurrence is determined by evaluating the identifiability of the dataset. For example, established privacy metrics (i.e. K-anonymity [4]) can assess the identifiability of a dataset based on its demographic and clinical metadata. The magnitude of harm, on the other hand, depends on the nature of the dataset-specifically, whether it contains sensitive information and the potential consequences to data subjects if such information is disclosed. The new policy for OpenNeuro adopts the data classification guide from Harvard Information Security and Data Privacy [5] to define sensitive datasets. Under this guide, sensitive datasets are those that could be damaging to the subjects' financial standing, career or economic prospects, personal relationships, insurability, reputation, or be stigmatizing; place the subject at risk of significant criminal or civil liability; or place the subject at severe risk of harm, such as data contain extremely sensitive medical records or genetic information.
Supporting Image: Screenshot2024-12-17at105552AM.png
 

Results:

The new policy introduces key measures to enhance privacy for datasets on OpenNeuro. First and foremost, it prohibits users from attempting to reidentify data subjects for any reason and from attempting to contact subjects directly. This prohibition applies retroactively, meaning users who have previously downloaded data are also subject to this term. The policy recommends that data owners assess the privacy risks associated with their datasets before uploading them to OpenNeuro even when the datasets are deidentified. If datasets are determined to fall under Category D-low likelihood of risk occurrence and low magnitude of harm-they can be dedicated to the public domain. Datasets with a high likelihood of risk occurrence must be revised to minimize their identifiability. If a publicly shared dataset is later identified as having a high likelihood of reidentification, it will be immediately set to private, even if the potential harm is deemed low (Category A or B). The OpenNeuro team will offer assistance to the data owners to revise the datasets and reduce the reidentification risk. Finally, for datasets considered sensitive under the new policy, a tiered approach is adopted. This allows data contributors to restrict access to and regulate the subsequent use or distribution of their datasets regardless of the likelihood of reidentification (Category A or C).

Conclusions:

The new privacy policy for OpenNeuro aims to promote more responsible sharing of brain imaging data by enhancing the protection of subject privacy and data confidentiality, while maximizing the benefits of open science practices.

Education, History and Social Aspects of Brain Imaging:

Education, History and Social Aspects of Brain Imaging 2

Neuroinformatics and Data Sharing:

Databasing and Data Sharing 1

Keywords:

Open Data

1|2Indicates the priority used for review

Abstract Information

By submitting your proposal, you grant permission for the Organization for Human Brain Mapping (OHBM) to distribute your work in any format, including video, audio print and electronic text through OHBM OnDemand, social media channels, the OHBM website, or other electronic publications and media.

I accept

The Open Science Special Interest Group (OSSIG) is introducing a reproducibility challenge for OHBM 2025. This new initiative aims to enhance the reproducibility of scientific results and foster collaborations between labs. Teams will consist of a “source” party and a “reproducing” party, and will be evaluated on the success of their replication, the openness of the source work, and additional deliverables. Click here for more information. Propose your OHBM abstract(s) as source work for future OHBM meetings by selecting one of the following options:

I do not want to participate in the reproducibility challenge.

Please indicate below if your study was a "resting state" or "task-activation” study.

Other

Healthy subjects only or patients (note that patient studies may also involve healthy subjects):

Healthy subjects

Was this research conducted in the United States?

Yes

Are you Internal Review Board (IRB) certified? Please note: Failure to have IRB, if applicable will lead to automatic rejection of abstract.

Not applicable

Were any human subjects research approved by the relevant Institutional Review Board or ethics panel? NOTE: Any human subjects studies without IRB approval will be automatically rejected.

Not applicable

Were any animal research approved by the relevant IACUC or other animal research panel? NOTE: Any animal studies without IACUC approval will be automatically rejected.

Not applicable

Please indicate which methods were used in your research:

Other, Please specify  -   policy analysis

Provide references using APA citation style.

[1] Markiewicz, C. J., Gorgolewski, K. J., Feingold, F., Blair, R., Halchenko, Y. O., Miller, E., ... & Poldrack, R. (2021). The OpenNeuro resource for sharing of neuroscience data. Elife, 10, e71774.
[2] Creative Commons (n.d.). CC0. https://creativecommons.org/public-domain/cc0/
[3] Open Data Commons (n.d.). Public Domain Dedication and License (PDDL). https://opendatacommons.org/licenses/pddl/
[4] Sweeney, L. (2002). k-anonymity: A model for protecting privacy. International journal of uncertainty, fuzziness and knowledge-based systems, 10(05), 557-570.
[5] Harvard Information Security and Data Privacy (n.d.). Data Classification – Research Examples. https://privsec.harvard.edu/data-security-levels-research-data-examples

UNESCO Institute of Statistics and World Bank Waiver Form

I attest that I currently live, work, or study in a country on the UNESCO Institute of Statistics and World Bank List of Low and Middle Income Countries list provided.

No