Scientific research and GDPR: Guiding principles needed
Guidance across the EU should be technology neutral, relying both on co-regulation and a ‘toolbox’ of other measures, such as codes of conduct. By Camilla Ravazzolo of the UK Market Research Society.
Predictably, one of the countless consequences of the Covid-19 pandemic has been putting the GDPR under a stress test: what happens when the use of data is urgent and essential to cope with a challenge? Is the GDPR ready to provide the protection of fundamental rights it is vowed to defend? Do its derogations and exemptions provide room for Member States to strike the correct balance or do they just provide interesting loopholes?
While is it clearly too soon to talk about consequences, it is never too late to address the issues. The debate on the GDPR framework for scientific research regained some traction in January, when the European Data Protection Supervisor (EDPS) published A Preliminary Opinion on data protection and scientific research(1). Independently of its content, it is a very welcome beginning of a long overdue institutional conversation on the topic. A conversation that now needs to include all relevant EU bodies and institutions, industry sectors representations, academic societies and national Supervisory Authorities in order to achieve a common framework of understanding that can successfully be adopted as guiding principles for organisations across Europe.