Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Categories
Closed Consultations

Jisc response to DCMS consultation on GDPR Research implementation

Jisc responded to the DCMS consultation on implementing the Research provisions of the GDPR into UK law.


The exemptions from certain obligations and data subject rights contained in section 33 of the Data Protection Act 1998 have been vital in enabling long-term research studies, including in health and social sciences, while ensuring the protection of individuals whose data may be used in those studies. We consider it important for the continuation of those studies and datasets that the same conditions continue to apply under the General Data Protection Regulation (GDPR). Any requirement on researchers to change their existing practice, or any new right of data subjects to prevent or place conditions on processing, could damage ongoing research and make future work unviable. We therefore encourage the Government to use the derogations in Article 89 to reproduce, so far as possible, the current Data Protection Act s.33 regime.

In particular we welcome the European Data Protection Supervisor’s recent suggestion (Opinion 6/2017, p.16) that Member States should use Article 89 to provide “additional, limited and specific exceptions in the ePrivacy Regulation, for example … to allow processing for the purposes of scientific research”. As provider of Janet, the UK’s National Research and Education Network, Jisc both benefits from and supports advanced network research in the UK. We therefore encourage the Government to use the Article 89 derogations to provide a legal regime that supports such research while providing appropriate safeguards for users of electronic communications systems.

We also note that Article 85 requires the Government to provide exemptions or derogations to several sections of the GDPR in order to protect the right to freedom of expression and information for the purposes of academic expression. The dissemination and publication of research represent speech of very high importance to society, which should be awarded an appropriately high level of legal protection. Subject to conditions to protect individuals (again, section 33(1) of the Data Protection Act 1998 provides an appropriate model) we consider that academic expression requires and deserves the same level of protection as currently provided for journalistic expression by section 32 of the Data Protection Act 1998. We therefore encourage the Government to use its obligation under Article 85 to provide that protection.

Additional Question – cost impact

Probably the greatest cost impact on UK organisations will be if, after leaving the European Union, they are required to include Model Clauses in, or obtain permission from EU regulators for, every contract with an EU counter-party. We therefore consider it essential that the UK seeks and obtains a declaration of adequacy under Article 45(3) of the General Data Protection Regulation, and would be concerned if derogations or other measures in the UK’s implementation risked reducing the likelihood of obtaining such a declaration.

By Andrew Cormack

I'm Chief Regulatory Advisor at Jisc, responsible for keeping an eye out for places where our ideas, services and products might raise regulatory issues. My aim is to fix either the product or service, or the regulation, before there's a painful bump!

Leave a Reply

Your email address will not be published. Required fields are marked *