This is CSI-COP’s second data management plan (DMP2). It is a mid-term report presenting new data that the project is collecting since the submission of the first data management plan (DMP1) to the EU in June 2020. The DMP2 complements the research ethics deliverable report D1.15/D31 (Shah et al., 2021). This deliverable presents CSI-COP’s data protection impact assessment (DPIA), and the resulting implementation of the general data protection regulation (GDPR) compliant processing across the project. This is in addition to following the F.A.I.R. principles as explained in DMP1. Data processing taking place in the current stage of the project includes following the ‘purpose limitation’ principle in the GDPR to collect limited personal data (name and email address). This limited personal data pertains to interested members of the general public participating as learners completing CSI-COP’s free informal education course ‘Your Right to Privacy Online’. The nature of the data collected in the whole project by CSI-COP reporting periods will be:
a) DMP1: literature review (Period 2: January 2020-December 2020).
b) DMP2: minimal personal data on members of the general public completing CSI-COP’s ‘Your Right to Privacy Online’ free informal education course (Period 2: January 2021-June 2022).
c) DMP3: investigations of GDPR compliance through tracking cookies in websites and in apps carried out by CSI-COP’s citizen scientists and CSI-COP researchers (Period 3: July 2022-June 2023). The previous data management plan reported on a) above. DMP3 will report on c) investigations of the extent of online tracking through cookies and similar technologies in websites and in apps. The final data management plan (DMP3) is due in Period 3: month 40 (April 2023). This DMP2 presents b) – the data collection and data management in the general public ‘informal learner’ phase in the CSI-COP project.