A Data Use Agreement (DUA) is a legal contract between the entity that owns access to a data source, typically a dataset or database, and a secondary entity that will receive the data, or a subset of it, for reuse. A DUA outlines terms and limitations on how the shared data can be used, and the secondary entity may need to meet certain criteria, such as their affiliated institution, their faculty status, and IRB approval for their research study. Examples of limitations include restricting access to the shared data, requiring that any research dissemination include citation of the data and its originating entity, requiring that data files are destroyed at the completion of research period, and restrictions on data use for commercial purposes. DUAs are frequently required for access to data that contain protected health information (PHI).
Sample DUA for human subjects data: https://dataverse.org/best-practices/sample-dua
Many research institutions have information on data use agreements which may contain some institution-specific information, but have very useful general information. For example:
FAQs from the Stanford University Privacy Office: https://privacy.stanford.edu/other-resources/data-use-agreement-dua-faqs
A toolkit from the Oklahoma State University Center for Health Sciences: https://medicine.okstate.edu/research/human-subjects-research/guides/osuchsdatauseagreement.pdf