Buchumschlag

Purpose definition as a crucial step for determining the legal basis under the GDPR: implications for scientific research

The General Data Protection Regulation (GDPR) of the European Union, which became applicable in 2018, contains a new accountability principle. Under this principle, controllers (ie parties determining the purposes and the means of the processing of personal data) are responsible for ensuring and dem...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Becker, Regina (VerfasserIn) , Chokoshvili, Davit (VerfasserIn) , Thorogood, Adrian (VerfasserIn) , Dove, Edward S (VerfasserIn) , Molnár-Gábor, Fruzsina (VerfasserIn) , Ziaka, Alexandra (VerfasserIn) , Tzortzatou-Nanopoulou, Olga (VerfasserIn) , Comandè, Giovanni (VerfasserIn)
Dokumenttyp: Article (Journal)
Sprache:Englisch
Veröffentlicht: January-June 2024
In: Journal of law and the biosciences
Year: 2024, Jahrgang: 11, Heft: 1, Pages: 1-30
ISSN:2053-9711
DOI:10.1093/jlb/lsae001
Online-Zugang:Verlag, kostenfrei, Volltext: https://doi.org/10.1093/jlb/lsae001
Volltext
Verfasserangaben:Regina Becker, Davit Chokoshvili, Adrian Thorogood, Edward S. Dove, Fruzsina Molnár-Gábor, Alexandra Ziaka, Olga Tzortzatou-Nanopoulou and Giovanni Comandè
Beschreibung
Zusammenfassung:The General Data Protection Regulation (GDPR) of the European Union, which became applicable in 2018, contains a new accountability principle. Under this principle, controllers (ie parties determining the purposes and the means of the processing of personal data) are responsible for ensuring and demonstrating the overall compliance with the GDPR. However, interpretive uncertainties of the GDPR mean that controllers must exercise considerable judgement in designing and implementing an appropriate compliance strategy, making GDPR compliance both complex and resource-intensive. In this article, we provide conceptual clarity around GDPR compliance with respect to one core aspect of the law: the determination and relevance of the purpose of personal data processing. We derive from the GDPR’s text concrete requirements for purpose specification, which we subsequently apply to the area of secondary use of personal data for scientific research. We offer guidance for correctly specifying purposes of data processing under different research scenarios. To illustrate the practical necessity of purpose specification for GDPR compliance, we then show how our proposed approach can enable controllers to meet their compliance obligations, using the example of the overarching GDPR principle of lawfulness to highlight the relevance of purpose specification for the identification of a suitable legal basis.
Beschreibung:Veröffentlicht: 01. Februar 2024
Gesehen am 18.06.2024
Beschreibung:Online Resource
ISSN:2053-9711
DOI:10.1093/jlb/lsae001

Ähnliche Einträge