It had been suggested that we add an additional clause to the DUA that would put the onus on the user to abide by all local laws.
This mainly is in response to GDPR, where, for example, European users of eICU-CRD or MIMIC may be viewed as processing data from within Europe and subject to GDPR. I am confused on this as I imagine are many others. In reality, it is impossible for us to be aware of every country's laws on data, and should be up to the user to make sure they are in compliance, not LCP.
Adding a clause like:
I agree to abide by all local laws relevant to my use of the data.
It had been suggested that we add an additional clause to the DUA that would put the onus on the user to abide by all local laws.
This mainly is in response to GDPR, where, for example, European users of eICU-CRD or MIMIC may be viewed as processing data from within Europe and subject to GDPR. I am confused on this as I imagine are many others. In reality, it is impossible for us to be aware of every country's laws on data, and should be up to the user to make sure they are in compliance, not LCP.
Adding a clause like:
I agree to abide by all local laws relevant to my use of the data.
Just trying to get the discussion started.