Can the GDPR Make Data Flow for Research Easier? Yes It Can, by Differentiating! a Careful Reading of the GDPR Shows How EU Data Protection Law Leaves Open Some Significant Flexibilities for Data Protection-Sound Research Activities

Abstract

Against the common perception of data protection as a road-block, we demonstrate that the GDPR can work as a research enabler. This study’s assumption is that the data protection framework for research is grounded in the two European data protection’s regulatory pillars, the first one related to the protection of data subjects’ fundamental rights and the second one regarding the promotion of the free flow of personal data. It demonstrates the existence of an architecture of layered data protection regimes for research, in which data subjects’ rights and controllers’ safeguards are either tightened or relaxed on the basis of the public or commercial interest underlying the processing. It further shows how each of the identified data protection regimes shape different “enabling regulatory spots” for the processing of sensitive personal data for research purposes.