> [...] Applications and interpretations of GDPR fail to consider adequately how research uses of personal data differ from other types, particularly as the data are pseudonymised.
> The present state of play is unsettling. Scientists are struggling to find a legal basis for sharing data under the regulation. US federal agencies such as the National Institutes of Health, the largest global funder of biomedical research, and its sister public agencies have no pathway available to receive pseudonymised data collected by research partners in the EU. Without an adequacy decision, US agencies and many publicly supported research universities are legally barred from agreeing to GDPR data-transfer requirements. [...]
Every time I read complaints about GDPR, I am getting increasingly glad that it exists. The article doesn't describe the actual hurdles in the way of making the exchange of data for scientific purposes conform to the required level of data protection. Pseudonymised data is a really, really bad excuse for "oh, but it's fine, what can happen!" - there is a reason the GDPR explicitly doesn't allow for this kind of data transfer.
Given that no reason is mentioned aside from economical concerns, I have to assume that the reason for pseudonymised access is due to the much greater value it provides, since the pseudonymization can presumably be reversed. So - thank you EU for protecting our data!
2 comments
[ 1.9 ms ] story [ 8.1 ms ] thread> The present state of play is unsettling. Scientists are struggling to find a legal basis for sharing data under the regulation. US federal agencies such as the National Institutes of Health, the largest global funder of biomedical research, and its sister public agencies have no pathway available to receive pseudonymised data collected by research partners in the EU. Without an adequacy decision, US agencies and many publicly supported research universities are legally barred from agreeing to GDPR data-transfer requirements. [...]
Every time I read complaints about GDPR, I am getting increasingly glad that it exists. The article doesn't describe the actual hurdles in the way of making the exchange of data for scientific purposes conform to the required level of data protection. Pseudonymised data is a really, really bad excuse for "oh, but it's fine, what can happen!" - there is a reason the GDPR explicitly doesn't allow for this kind of data transfer.
Given that no reason is mentioned aside from economical concerns, I have to assume that the reason for pseudonymised access is due to the much greater value it provides, since the pseudonymization can presumably be reversed. So - thank you EU for protecting our data!