Jessica Bell, Stergios Aidinlis, Hannah Smith, Miranda Mourby, Heather Gowans, Susan E Wallace, Jane Kaye

European Data Protection Law Review, Volume 5 (2019), Issue 1, Page 43 - 53

The EU General Data Protection Regulation (‘GDPR’) seeks to balance the public interest in research with privacy rights of individuals, in particular, through research exemptions and safeguards set out in Article 89. While this affords Member States limited opportunities to modify the application of the GDPR at a national level, including for data processing that is necessary for the performance of a task carried out in the public interest, it is necessary for national approaches to conform with Article 89 safeguards where appropriate. One development of interest to the research community in the UK is a statutory power for public authorities to disclose administrative data for research under the Digital Economy Act 2017 (DEA). This article uses the DEA as a case study for analysis of the GDPR provisions governing processing of data for research purposes—including de-identification—and draws on human rights norms and jurisprudence to interpret the broad requirement for ‘appropriate safeguards’ for the ‘rights and freedoms of the data subject’ under Article 89. This analysis is important for data controllers seeking to meet their obligations under the UK framework and for those in other EU Member States considering the development of similar national provisions for data processing for research purposes. Keywords: GDPR, Public Interest Research, Privacy

Adam Panagiotopoulos

European Data Protection Law Review, Volume 4 (2018), Issue 4, Page 459 - 469

This article addresses the question of whether and under which conditions a communitarian approach could be embedded in the data protection regime, focusing on the concept and regulation of genetic data under the General Data Protection Regulation (GDPR). Reflecting on the collective and relational dimension of genetic data, this article challenges the communitarian doctrine, which underlies the relevant GDPR provisions, and suggests that the common good should not have ipso facto primacy over individual rights. The rights to data protection and privacy should be considered as individual rights, duties and shared ends. Keywords: Communitarianism, Genetic Data, Data Protection, Privacy, Public Interest