Türkçe
English
data protection related blog
DATA PROTECTION AND SCIENTIFIC RESEARCH
08 January 2020
The European Data Protection Supervisor (“EDPS”) has published a paper about their preliminary opinion on data protection and scientific research. The paper has explained the flexibility for science research provided by EU regulations about the application of data protection obligations and the possible problems and circumstances encountered in the sector.
In the report they are mentioned that;
- Scientific Research is subjected to the exchange of ideas, knowledge and information. When a scientific research has the processing of data of people located in the EU, then the rules including the General Data Protection Regulation (“GDPR”) and Regulation 1725/2018 for EU Institutions are applied to the processing in question. A degree of flexibility is provided for the genuine research by a special regime in the rules that is conducted within ethical frameworks and aims to improve society’s collective knowledge and wellbeing. In this context, some believes that the GDPR provides redundant flexibility however others say, vital research activity is threatened by the rules.
- Digitisation has made the generation and dissemination of personal data easier and cheaper than ever, and transformed how research is carried out. It is, in reality, harder than ever to recognise the line between private sector research and traditional academic research and the purpose of the research which benefits primarily for society or private interest. Social science research is usually faced with corporate secrecy obstacle especially in tech sector.
- Medical research and clinical trials, in particular, generally are carried out with an established framework of professional ethical standards. The European Data Protection Board is discussing the relation between the framework in question and the GDPR.
- Beside its application to usual principal like lawfulness and data subject right, the special regime brings flexibility for controller obligations. Under this flexibility, processing of personal data is supposed to be compatible if it is accompanied by appropriate safeguards or carried out in commercial context. The reason of this flexibility bases on the accepted opinion that researches serve the public. It is expected from the researcher to manage responsibly the risks inherent in the research that may sometimes be high where, for example, the data carries sensitive personal data such as health, political or religious view. Consent as a legal basis must be freely-give, specific, informed and unambiguous. Consent, in question, is conceptually and operationally different from the informed consent of human participants in research. However, “informed consent” may be treated as a safeguard in cases where consent is not appropriate as a legal basis.
- Data protection obligations should not be misunderstood like that private global companies in the sector can escape transparency and accountability. In this sense, researchers should be able to access necessary API and dependant on the principle of proportionality and appropriate safeguards.
It is recommended by the report that the principle of determining genuineness of a research should be defined. The report also mentions that EU codes of conduct for scientific research should be clear and EU research framework programmes and data protection standard should be in closer cooperation. Finally, it is noted by the report that holding of data by private companies and access of data by researchers should be dependent on public interest.
You can find the text of the Preliminary Opinion here.
Should you have any queries and/or remarks, please do not hesitate to contact us.
Kind regards,
Zumbul Attorneys-at-Law