What future for cooperation in scientific research under the new GDPR?

Few weeks ago the EU General Data Protection Regulation (GDPR)[i] entered into force. Apart from introducing new guarantees for privacy and data protection, the Regulation also affects the sharing of research data among researchers (see, for example, the case of health and medical data).[ii] In a scientific and academic environment which tends to encourage cooperation among researchers and co-production of knowledge, the implications of the GDPR for research need to be questioned.

Recently, a trend of improving science and academic practice through a greater sharing of data and findings has expanded, especially at the EU level. This trend is demonstrated by a number of initiatives aimed at stimulating openness of research findings. Within this ‘push’ towards a more reflexive science, the EU Open Data and Open Science programs, enhanced by the EU Horizon 2020 strategy and by the ‘Science with and for Society’ framework, can be situated. A statement launched during the workshop ‘Open Data in Science: Challenges and Opportunities for Europe’ (Brussels, 31 January 2018) summarizes this trend: it is affirmed that ‘publicly funded scientists [should] make their research data available in reusable format in order to enhance the quality and effectiveness of science and as a contribution to help address societal and environmental challenges.’ The availability and openness of research output (but also of meta-data) seems the key to achieving the sought co-production of scientific knowledge. This ultimate aim resonates with the FAIR Principle, also stressed during the workshop: a ‘Findable, Accessible, Interoperable, Reusableresearch is presented as the way forward to ensure verifiability and robustness of science. A change in research culture is welcomed in the closing words of the Statement. The assessment of scientific practice and research should no longer reward ‘closed science’, rather the cooperation among researchers to better find answers to the complex interrogatives of today society should be considered and acknowledged as a value.

A recent example of the EU Open Science’s aims is represented by the ‘European Open Science Cloud’ initiative (EOSC), an EU virtual infrastructure where scientists are invited to share scientific data across disciplinary, social and geographical.[iii] Another noteworthy example is the ‘Open Access’ (OA) policy promoted at the EU level. OA aims at freely providing access to scientific information in a reusable format. The co-production here is brought a step further: not only openness and sharing among researchers, but also inclusion of society in the dissemination of scientific results. This inclusion appears the first step to ensure that civil society actors take a leading role in the co-production of knowledge.

The move towards Open Science at the EU level intersects with the ‘Science and Society’ Action Plan promoted by the European Commission with the aim of better connecting science and EU citizens. This action plan developed into the ‘Science in Society’, underlining the need for public engagement of civil society in science, and recently became ‘Science with and for Society’. In an EU research agenda where science should be devoted to social inclusion and should be placed ‘at the service’ of society, it seems worth to question which research data and scientific results can still be freely made open and shared, under the new GDPR.

A visual representation of networked research centers

The question of the implications of the GDPR for scientific openness derives from the principles underlying the new regulation, namely that of data minimization. In addition, the GDPR provides for more stringent limits for data sharing and data storage. On one side the research exemption inserted within the GDPR (Art. 89 GDPR) seems ensuring that scientific research will be mostly unaffected, however research practices will strongly have to change in order to be aligned with the new provisions. If both Open Science and data protection are goals currently prioritized in the EU agenda, it is opportune to question whether a conflict between the two aims may exist.

What seems worrisome is the possible disincentive that the GDPR will produce on research cooperation. The GDPR indeed mandates for more stringent requirements for data sharing among research units. Researchers in different research centres, for example, in two universities based in two different countries working on the same research project, will be prevented from sending material via mail or other online services, unless a data treatment agreement will be signed among them. Apart from the consequences for research speed, there is the risk that these additional requirements will discourage researchers from collaborating and sharing research findings.

In view of this possible adverse consequences of the GDPR for research cooperation, it will be advisable for European universities to ensure data processing agreements with extra-EU research units, in order to facilitate the sharing of research findings by individual researchers. In addition, accessible procedures and modules should be developed in order to align research practices to the GDPR, without harming the goal of openness. A balance between cooperation in research and data protection will have to be careful established, to the benefit of the research process and of society at large.

[i] EU General Data Protection Regulation (GDPR): Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ 2016 L 119/1.

[ii] Menno Mostert and others, ‘Big Data In Medical Research And EU Data Protection Law: Challenges To The Consent Or Anonymise Approach’ (2015) 24 European Journal of Human Genetics.

[iii] The Commission High Level Expert Group on the European Open Science Cloud. Realising the European Open Science Cloud (Publications Office of the European Union 2016), p.6.

Il presente articolo illustra le possibili conseguenze che il Nuovo Regolamento Europeo per la Protezione dei Dati (GDPR) avrà sulla cooperazione tra ricercatori. La recente tendenza a livello europeo verso una scienza ‘trasparente’ e in costante dialogo con la società viene illustrata attraverso rilevanti esempi, come i programmi ‘Open Science’, ‘Open Access’ e ‘Science with and for Society’ lanciati negli ultimi anni dall’UE. Nonostante tali iniziative, la GDPR sembra suggerire la necessità di ridurre la condivisione di dati tra ricercatori e di coprire tale condivisione con specifici accordi. Ciò potrebbe sostanzialmente disincentivare la collaborazione tra ricercatori, specialmente con unità di ricerca al di fuori del territorio UE. La necessita di bilanciare le esigenze di protezione dei dati con quelle di una scienza ‘accessibile’ risulta evidente.