Legislation relating to research ethics
It is your responsibility to be aware of all legislation relating to your research and ensure that you comply with it. For research outside the UK, you need to be aware of and comply with the laws of the host country and possibly with UK laws as well. If there is any conflict between legislation and your conditions of ethics approval, please refer to the Faculty Ethics Committee (FEC) or Subject Ethics Panel (SEP) immediately. Some of the key legislation follows; please note that this is not an exhaustive list.
If your research falls under legislation, the FEC/SEP will want to see that you are familiar with the legislation and evidence that you will adhere to it. It is also your responsibility to be aware of any legislation that comes into force during your research. If this requires further changes to your research, you must apply for approval for these revisions, as with any other amendments.
Research that involves collection and storage of personal data taken from human participants will require ethical approval and be subject to restrictions under the data protection act. The data protection act sets out the steps required to protect the security of all ‘personal information’ processed or shared by the University which relates to or identifies living individuals.
Data Protection Act 1998
If you handle personal information about individuals, you have a number of legal obligations to protect that information under the Data Protection Act 1998 (See the Information Commissioner’s Office (ICO) website for more information on how to interpret the Act). The following outlines the general principles . You must make sure the information is:
- used fairly and lawfully
- used for limited, specifically stated purposes
- used in a way that is adequate, relevant and not excessive
- kept for no longer than is absolutely necessary
- handled according to people’s data protection rights
- kept safe and secure
- not transferred outside the UK without adequate protection
There is stronger legal protection for more sensitive information, such as:
- ethnic background
- political opinions
- religious beliefs
- sexual health
- criminal records
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) enhances the current data protection regulations and means that for personal data, informed consent must be obtained at a granular level, all data processing must be in accordance with ‘privacy by design’, and personal data can only be collected for specific legitimate purposes. For more information please see the University of Wolverhampton Data Protection webpage
Loss or breach of confidential data can result in:
- Damage to University reputation
- Impediment or damage to the research process
- Distress to individuals or harm to personal safety
- Substantial financial or legal punitive penalties
For more information
You can also find further information on the Information Commissioner’s Office website at:
The Mental Capacity Act applies to England and Wales only, and is available here:
In Scotland, the inclusion of adults lacking capacity in research is governed by the provisions of Section 51 of the Adults with Incapacity (Scotland) Act 2000. In Northern Ireland, it is currently governed by the Mental Capacity Act (Northern Ireland) 2016.
The Mental Act generally relates only to people aged 16 years and over, to empower and protect people unable to make their own decisions, for example, relating to property and financial affairs or healthcare treatments. It also covers ‘intrusive research’ (i.e. that which would have normally required consent). The ‘ill treatment’ or ‘wilful neglect’ of people who lack capacity are criminal offences under the Act which carry a penalty of up to five years’ imprisonment.
The five key principles that underpin the Act are:
- a presumption of capacity (the starting point is that people have the right to make their own decisions)
- people have the right to be supported to make their own decisions
- people should be allowed to make what may be viewed as unwise decisions
- anything carried out for or on behalf of people who do not have capacity must be in their best interests
- the least restrictive option, in terms of people’s rights and freedom of action, must be taken.
There are a range of factors that can cause incapacity, including learning disabilities, dementia and mental health problems. Loss of capacity can also be temporary, for example due to shock or the effects of drugs or alcohol. Capacity is measured using a two-stage test:
- Is there an impairment or disturbance in the functioning of the person’s mind or brain?
- If yes, is this sufficient to cause the person to be unable to make that particular decision at the relevant time?
If the answer is yes, the research will need to meet all the requirements of the Mental Capacity Act. The ability of a person to make a decision should be assessed in each different situation. It is important to acknowledge that people may have the capacity to make some decisions, but not others, or their ability to do this may fluctuate over time.
The Act is accompanied by a statutory Code of Practice providing guidance on how it should be used.
University research ethics committees are not authorised to review research that falls under the Act. The research can only be approved by a Research Ethics committee recognised by the Secretary of State or Welsh Ministers:
The Ministry of Defence Research Ethics Committee (MoDREC) is also recognised as an Appropriate Body under the Mental Capacity Act 2005 for review of research involving UK Armed Forces personnel who are unable to consent for themselves.
Researchers who carry out research within the remit of the Act are also legally required to adhere to the Code of Practice, available at:
The Office of the Public Guardian’s website at www.publicguardian.gov.uk may also be useful.
Security-sensitive research material, that can be interpreted as engaging Terrorism Act (2006) provisions, should be kept off personal computers and on specially designated university servers supervised by university ethics officers (or their counterparts).
Ethics officers should be a first, or early, point of contact for both internal university enquiries and police enquiries about suspect security-sensitive material associated with a university or a university member. Such material should be treated as having a legitimate research purpose unless ethics officers cannot identify it or the relevant researcher responsible for it
This material could be accessed easily and securely by researchers, but would not be transmitted or exchanged. Examples of security-sensitive categories:
- commissioned by the military
- commissioned under an EU security call
- involve the acquisition of security clearances
- concerns terrorist or extreme groups
Sections 2 and 3 of chapter 11 of the Terrorism Act (2006) outlaw the dissemination of terrorist publications, including by electronic means, and give a very wide definition of ‘terrorist publication’ and ‘statements’ that could be construed as endorsing or promoting terrorism. This includes the web posting of material that encourages or endorses terrorist acts, even terrorist acts that have occurred in the past.
We have implemented this aspect of the Act by building into our ethical approval procedures a requirement for researchers to a) notify indicate if their research could lead them to access such materials and b) keep them on a secure university server.
To discuss your needs for a secure document store, please contact Digital Services.
We have adopted the procedure outlined in the below guidance:
Universities UK, Oversight of security-sensitive research material in UK universities: guidance (October 2012), pp 3-4, [accessed 17 March 2016] available at:
The Counter-Terrorism and Security Act (2015) places a duty on ‘specified authorities’ (of which the University of Wolverhampton is one) to prevent people being drawn into terrorism. This is often referred to as the Prevent Duty. However, the Act also recognises the necessity for freedom of speech in universities which may involve researchers accessing material or producing research that falls under provisions of the Act.
We have implemented this aspect of the Act by building into our ethical approval procedures a requirement for researchers to a) indicate if their research risks being construed as encouraging terrorism or inviting support for proscribed organisations, or contains extremist views that risk drawing people into terrorism or are shared by extremist groups, b) store any materials on a secure university server, c) undergo Prevent awareness training and d) specify how they will address any concerns arising under the Prevent duty.
The Counter-Terrorism and Border Security Act 2019 updates, and closes gaps in existing counter-terrorism legislation to ensure that it is fit for the digital age and reflects contemporary patterns of radicalisation. It was introduced to the House of Commons on 6 June 2018, and received Royal Assent on 12 February 2019.
For further information, please refer to the government’s website:
The Human Tissue Act (2004) covers England, Wales and Northern Ireland. It is available here: http://www.legislation.gov.uk/ukpga/2004/30/contents . It came into force on 1 September 2006 and is not limited to healthcare settings. The Act regulates the removal, retention and storage of “relevant material” from people who have died and the retention and storage of such material from people who are living (removal from people who are living is covered by Common Law). There are also codes of practice with which you need to be familiar, available from the Human Tissue Authority website: www.hta.gov.uk.
The fundamental principle underpinning the Act is ‘appropriate consent’ for ‘scheduled purposes’. Research is defined as a scheduled purpose under the Act. Removing, storing or using human tissue for scheduled purposes without appropriate consent and carrying out licensable activities without holding a licence from the Human Tissue Authority, which has been appointed to oversee compliance with the Act, can lead to penalties including a fine and/or up to three years imprisonment.
The definition of human biological material or relevant material includes any material that contains one or more human cells. This includes but is not limited to: serum, blood, urine, saliva, hair, nails and gametes (sperm/ egg cells).
University of Wolverhampton Policy
The University Policy for Use of Human Tissue for Research (2019) establishes standards for collecting, obtaining, using, storing and disposing human biological samples in research and teaching activities in accordance with relevant laws, regulations and ethical principles.
Every country has rights over the genetic resources that exist within its borders, including animals, plants and organisms. The Nagoya Protocol is an international legal framework that enables equitable sharing of genetic material (plant, animal, microbial, other) including the traditional knowledge associated with the genetic resources, and the benefits that arise from their use.
Researchers have a legal obligation to comply with the Nagoya Protocol. The Protocol only applies to genetic resources accessed: 1) from a country that is party to the Nagoya Protocol and that has Access and Benefit Sharing legislation and 2) for the purpose of ‘utilisation of genetic resources’ after 12th October 2014.
The Nagoya Protocol was adopted by European legislation through Regulation (EU) No. 511/2014and came into force on 12th October 2014. It was implemented into UK law through the Statutory InstrumentNo. 821 ‘The Nagoya Protocol (Compliance) Regulations 2015’.The legislation is implemented and enforced in the UK by the Office forProduct Safety and Standards (OPS&S).
The legislation is implemented and enforced in the UK by the Office for Product Safety and Standards (OPS&S).
For more information
Visit the University guidance on The Nagoya Protocol on Access & Benefit Sharing
The GMO (CU) Regulations(2014) provide for human health and safety and environmental protection from genetically modified micro-organisms in contained use, and human health and safety from genetically modified plants and animals. The key requirement of the GMO (CU) Regulations is to assess the risks of all contained uses and to ensure the sure that any necessary controls are put in place. The GMO (CU) Regulations provide a framework for making these judgments, and place clear legal obligations on people who work with GMOs.
For more information
Visit the Government webpage https://www.legislation.gov.uk/uksi/2014/1663/contents/made
When designing a research project you must consider the health and safety of the person or persons undertaking the project and of the subjects of the research project. For advice and guidance on Health and Safety issues please refer to the University Health & Safety Policy.
The countries of the UK differ in their legislation and this may impact on your research. For example:
- Independent Health Care (Wales) Regulations (2011)
- Independent Health Care (Northern Ireland) Regulations (2005)
- Residential Care Homes Regulations (Northern Ireland) (2005)
- Nursing Home Regulations (Northern Ireland) (2005)
For further information please see the Health Research Authority website http://www.hra.nhs.uk/