Governance of academic research data under the GDPR—lessons from the UK

The General Data Protection Regulation (GDPR or ‘the Regulation’)1 provides EU Member States with a new power to make exemptions for academic expression. The obvious question which arises, and which this article aims to address, is whether academics processing data for research therefore stand to ha...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:International data privacy law Ročník 9; číslo 3; s. 192 - 206
Hlavní autori: Mourby, Miranda, Gowans, Heather, Aidinlis, Stergios, Smith, Hannah, Kaye, Jane
Médium: Journal Article
Jazyk:English
Vydavateľské údaje: Oxford Oxford University Press 01.08.2019
Oxford Publishing Limited (England)
Predmet:
Data processing
General Data Protection Regulation
Personal information
Privacy
Regulation
United Kingdom > UK
ISSN:2044-3994, 2044-4001
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:The General Data Protection Regulation (GDPR or ‘the Regulation’)1 provides EU Member States with a new power to make exemptions for academic expression. The obvious question which arises, and which this article aims to address, is whether academics processing data for research therefore stand to have greater freedom under the GDPR? In sum, it appears that the GDPR derogations which could, hypothetically, provide for greater freedom in academic research data processing in fact set the bar high for their exercise by Member States. The Regulation only allows for derogation to the extent that it is ‘necessary’ for academic expression, or would cause impossibility or serious impairment to research. We have seen from the UK’s example that these restrictions in the GDPR, combined with the impact of privacy rights wherever they may be engaged by research, significantly limit the scope of academic freedom in personal data processing. The answer to the question posed at the beginning of this paper—‘do academic researchers stand to have more freedom in their data processing under the GDPR?’—therefore appears to be ‘no’, at least as far as can be established from analysis of the UK’s implementation of the Regulation. The derogations should rightly be seen as the exceptions which prove the rule of public authority obligations which apply to many universities within the territorial scope of the Regulation. Our secondary lesson is therefore that the innovations in the GDPR of more significance for academic research are the provisions specifically relating to public authorities. These shifts may be subtle in their impact, but the need for researchers to consider appropriate balances of power with data subjects cannot be ignored under the new Regulation.
Bibliografia:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2044-3994
2044-4001
DOI:10.1093/idpl/ipz010