Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Categories
Articles

EDPS preliminary opinion on Data Protection and Scientific Research

The European Data Protection Supervisor has just published an interesting paper on the research provisions in the GDPR. The whole thing is worth reading, but some things particularly caught my eye:

  • Stresses (again) that research-consent is not the same as GDPR-consent, though the former may still be an “appropriate safeguard” when using a legal basis other than consent (pp18-20).
  • Tries (pp9-10) to distinguish GDPR provisions on “academic expression” from those on “scientific research”. The breadth of the former should not be a way to avoid the safeguards required by the latter.
  • Scratches head (pp20-21) on how to reconcile the right to information with research that requires subjects not to know what is actually being researched.
  • “Requires controllers to assess honestly and manage responsibly the risks inherent in their research projects” (p2)
  • Sees ethics review boards as key to that: in particular to distinguishing between public interest research (which should qualify for the various GDPR exemptions/presumptions) and “research which serves primarily private or commercial ends” (which should not). There’s a three-step test on p12, and a recommendation on p25 that Data Protection Officers should work with research ethics boards to refine both the rules and the applicable safeguards.
  • Suggests (p25) EU-level Code(s) of Practice to govern research practices in different fields.
  • Muses (p26) on a future right of access to large commercial datasets for research in the public interest.

Although the report concludes that “there is no evidence that the GDPR itself hampers genuine scientific reearch”, there is a recognition that “more time is needed to see how the special regime for data protection in the field of scientific research plays out on the ground”. As the list above indicates, several areas are identified as requiring further discussion, either within the research and data protection communities, or wider public debate.

By Andrew Cormack

I'm Chief Regulatory Advisor at Jisc, responsible for keeping an eye out for places where our ideas, services and products might raise regulatory issues. My aim is to fix either the product or service, or the regulation, before there's a painful bump!

Leave a Reply

Your email address will not be published. Required fields are marked *