The Conference of the Independent Data Protection Supervisory Authorities of the Federal and State Governments has emphasized that scientific research and data protection are compatible.
According to GDPR, scientific research must be in accordance with the original purpose for which the data was once collected. Article 5(1)(b) provides that failure to comply with the compatibility requirement has serious consequences. The processing of personal data in a way incompatible with the purposes specified at collection is unlawful and therefore not permitted. Article 89 of GDPR points out that the processing of personal data for scientific research is subject to appropriate safeguards for the rights and freedoms of the persons concerned within the meaning of GDPR.
GDPR aims to strike a balance between freedom of research on the one hand and the right of the individual. Organizations must ensure that the principle of data minimization is respected.
The DPAs strongly support the promotion and research of methods to process research data in such a way that the personal rights of citizens are protected as best as possible. Where identifiable information cannot be rules out using suitable innovative methods, other methods should be provided for:
- Anonymization
- Pseudonymization
- Data trusteeships
- Other instruments
The legislator is called to:
- Create a prohibition on the seizure of personal medical research data
- Criminalize the unauthorized disclosure of personal medical research data a punishable offense
- Create a right to refuse to testify for researchers and their professional assistants.
See more data and privacy news from around the world.
