Data-related legislation such as the General Data Protection Regulation (GDPR), the Directive on the Re-use of Public Sector Information (PSI Directive), and the Regulation on the Free Flow of Non-personal Data needs to reflect the practices and needs of researchers and provide legal certainty for their activities.
Why does data-related legislation matter?
Researchers need legal certainty on how they can produce and use data. As research is often done in collaborative and cross-border projects, legal certainty has to be provided by harmonised legislation on an EU level that takes into account the needs and practices of research.
Why does the General Data Protection Regulation (GDPR) matter for research?
GDPR applies to any type of scientific research that uses personal data, such as studies in (bio)medicine, the social sciences, and the arts and humanities. It affects EU researchers who need to be able to collect, process, and re-process personal data and collaborate internationally. During the four year legislative process, that ended in 2016, Science Europe successfully advocated an exemption from several of the general requirements for scientific research in order to facilitate data collection and processing. The provisions became directly applicable in all member state in May 2018, two years after the Regulation entered into force.
Why does the Free Flow of non-personal data Regulation matter for research?
The Regulation on the Free Flow of Non-personal Data, applicable as of May 2019, sets the rules for the collection, processing, and storage of any data that is not considered personal data. New digital technologies and developments, such as cloud computing, big data, artificial intelligence, and the ‘Internet of Things’ rely on the use of large amounts of data to maximise efficiency, enable economies of scale, and develop new services. The Regulation deals with aspects such as data localisation restrictions, lack of trust in the digital market, and data portability. Together with GDPR this Regulation aims to provide certainty on how to deal with data in a legally correct way. Science Europe analysed the 2017 proposal for the regulation and monitored the legislative process up to the adoption of the new Regulation in autumn 2018.
How are GDPR and the Free Flow on Non-personal Data Regulation connected?
The 2018 Regulation on a Framework for the Free Flow of Non-personal Data complements the 2016 General Data Protection Regulation (GDPR). Together the two set the rules for the handling of data in the EU and are part of the European Commission’s ambition to create a ‘European Data Economy’ which should promote the best possible use of digital data.
A European Commission Communication from May 2019 explains the interaction of both regulations in the case of mixed datasets (datasets that consist of personal and non-personal data). In case of a mixed dataset, GDPR applies to the personal data in the dataset and the Regulation on Free Flow of Non-personal Data applies to non-personal data. In cases where personal and non-personal data are linked and cannot be treated separately, GDPR applies to the entire dataset, notwithstanding the portion of personal data in the dataset.
Why does the Directive on the Re-Use of Public Sector Information (PSI) matter for research?
The PSI Directive aims to make as much data as possible held by public-sector organisations available for re-use. The goal is to increase transparency and promote data-driven innovation and fair competition. With its latest revision, which was adopted by the European Institutions in spring 2019, the scope of the Directive was broadened to include research data. Member States will now have to implement policies that foster the sharing of publicly funded research data. Throughout the legislative process, which started in 2017, Science Europe successfully advocated the FAIR data principles, i.e. the requirement of research data being Findable, Accessible, Interoperable, and Re-usable in the final text of the Directive.
In its response to the European Data Protection Board (EDPB) Science Europe welcomes the detailed guidance on identifying whether controllership is joint or separate within a given collaboration and identifying an appropriate legal form to establish an agreement. However further clarification through the EDPB Guidelines would be helpful for public research organisations.
In its response to the European Commission, Science Europe highlights that future EU legislation on AI needs to strike the right balance between safeguards for users and developers of AI systems, and a legal environment that fosters R&I.
In its response to the European Commission, Science Europe highlights that the foreseen scope of the new legislation is not clearly defined and greater clarification should be introduced to ensure that the Digital Services Act does not have unintended effects on research.
In its response to the European Commission Roadmap for an upcoming legislative proposal on the governance of common European data spaces, Science Europe reinforces the need to consider sectoral policies to ensure coherence.
Science Europe calls on the European Commission to take into account the important role of the research sector as producer and user of data. The longstanding experience of the research sector should feed into the development of an overarching EU data strategy that promotes data access across sectors.
In its response to the EC consultation on the European Strategy for Data, Science Europe also underlines the need to consider sectoral policies to ensure coherence between overarching and sectoral policies.
In this joint statement research and Innovation stakeholders call on the EU institutions to seek a balanced approach to data sharing in response to the European Commission’s proposal for a revision of the Directive on re-use of public sector information (PSI Directive). While the partners are supportive of the European agenda to promote Open Science and innovation, and share a common commitment to the principle of making research data ‘as open as possible and as closed as necessary’, there is a need to focus on the optimal re-use of research data and not on the (unconditional) opening of such data.
Response to the Consultation on the Review of the Directive on the Re-Use of Public Sector Information
Science Europe supports the principle that research data should be “as open as possible and as closed as necessary.” However, the particularity of research data as well as of data about research activities requires careful consideration on which aspects are better dealt with by legislative acts or by guidelines developed by the research sector.
Joint Statement on Implementing the General Data Protection Regulation to Maintain a Competitive Environment for Research in Europe: Position of Research and Patient Organisations
This joint statement on the implementation of the Data Protection Regulation (DPR), facilitated by Science Europe and Wellcome and released by the wider research community, highlights the crucial role Member States must now play in its implementation by reviewing and amending their current laws to enable research to take place.
The recent legislative proposal from the European Commission to reform EU copyright law addresses some needs, but not to the full extent required. Science Europe calls for research and data mining exceptions to ensure that copyright legislation is friendly to research and innovation.
The Benefits of Personal Data Processing for Medical Sciences in the Context of Protection of Patient Privacy and Safety
This paper expresses the concerns of the medical and health research communities about the lack of a specific consideration when regulating the privacy of individuals and protecting personal data in the context of medical and health research in the General Data Protection Regulation.