目的定义是根据 GDPR 确定法律依据的关键步骤:对科学研究的影响。

IF 2.5 2区 哲学 Q1 ETHICS Journal of Law and the Biosciences Pub Date : 2024-02-01 eCollection Date: 2024-01-01 DOI:10.1093/jlb/lsae001
Regina Becker, Davit Chokoshvili, Adrian Thorogood, Edward S Dove, Fruzsina Molnár-Gábor, Alexandra Ziaka, Olga Tzortzatou-Nanopoulou, Giovanni Comandè
{"title":"目的定义是根据 GDPR 确定法律依据的关键步骤:对科学研究的影响。","authors":"Regina Becker, Davit Chokoshvili, Adrian Thorogood, Edward S Dove, Fruzsina Molnár-Gábor, Alexandra Ziaka, Olga Tzortzatou-Nanopoulou, Giovanni Comandè","doi":"10.1093/jlb/lsae001","DOIUrl":null,"url":null,"abstract":"<p><p>The General Data Protection Regulation (GDPR) of the European Union, which became applicable in 2018, contains a new accountability principle. Under this principle, controllers (ie parties determining the purposes and the means of the processing of personal data) are responsible for ensuring and demonstrating the overall compliance with the GDPR. However, interpretive uncertainties of the GDPR mean that controllers must exercise considerable judgement in designing and implementing an appropriate compliance strategy, making GDPR compliance both complex and resource-intensive. In this article, we provide conceptual clarity around GDPR compliance with respect to one core aspect of the law: the determination and relevance of the purpose of personal data processing. We derive from the GDPR's text concrete requirements for purpose specification, which we subsequently apply to the area of secondary use of personal data for scientific research. We offer guidance for correctly specifying purposes of data processing under different research scenarios. To illustrate the practical necessity of purpose specification for GDPR compliance, we then show how our proposed approach can enable controllers to meet their compliance obligations, using the example of the overarching GDPR principle of lawfulness to highlight the relevance of purpose specification for the identification of a suitable legal basis.</p>","PeriodicalId":56266,"journal":{"name":"Journal of Law and the Biosciences","volume":"11 1","pages":"lsae001"},"PeriodicalIF":2.5000,"publicationDate":"2024-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10834358/pdf/","citationCount":"0","resultStr":"{\"title\":\"Purpose definition as a crucial step for determining the legal basis under the GDPR: implications for scientific research.\",\"authors\":\"Regina Becker, Davit Chokoshvili, Adrian Thorogood, Edward S Dove, Fruzsina Molnár-Gábor, Alexandra Ziaka, Olga Tzortzatou-Nanopoulou, Giovanni Comandè\",\"doi\":\"10.1093/jlb/lsae001\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p><p>The General Data Protection Regulation (GDPR) of the European Union, which became applicable in 2018, contains a new accountability principle. Under this principle, controllers (ie parties determining the purposes and the means of the processing of personal data) are responsible for ensuring and demonstrating the overall compliance with the GDPR. However, interpretive uncertainties of the GDPR mean that controllers must exercise considerable judgement in designing and implementing an appropriate compliance strategy, making GDPR compliance both complex and resource-intensive. In this article, we provide conceptual clarity around GDPR compliance with respect to one core aspect of the law: the determination and relevance of the purpose of personal data processing. We derive from the GDPR's text concrete requirements for purpose specification, which we subsequently apply to the area of secondary use of personal data for scientific research. We offer guidance for correctly specifying purposes of data processing under different research scenarios. To illustrate the practical necessity of purpose specification for GDPR compliance, we then show how our proposed approach can enable controllers to meet their compliance obligations, using the example of the overarching GDPR principle of lawfulness to highlight the relevance of purpose specification for the identification of a suitable legal basis.</p>\",\"PeriodicalId\":56266,\"journal\":{\"name\":\"Journal of Law and the Biosciences\",\"volume\":\"11 1\",\"pages\":\"lsae001\"},\"PeriodicalIF\":2.5000,\"publicationDate\":\"2024-02-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10834358/pdf/\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Law and the Biosciences\",\"FirstCategoryId\":\"3\",\"ListUrlMain\":\"https://doi.org/10.1093/jlb/lsae001\",\"RegionNum\":2,\"RegionCategory\":\"哲学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"2024/1/1 0:00:00\",\"PubModel\":\"eCollection\",\"JCR\":\"Q1\",\"JCRName\":\"ETHICS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Law and the Biosciences","FirstCategoryId":"3","ListUrlMain":"https://doi.org/10.1093/jlb/lsae001","RegionNum":2,"RegionCategory":"哲学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2024/1/1 0:00:00","PubModel":"eCollection","JCR":"Q1","JCRName":"ETHICS","Score":null,"Total":0}
引用次数: 0

摘要

2018 年开始适用的欧盟《一般数据保护条例》(GDPR)包含一项新的问责原则。根据该原则,控制方(即确定个人数据处理目的和方式的各方)有责任确保并证明整体符合 GDPR。然而,GDPR 在解释上的不确定性意味着控制者在设计和实施适当的合规策略时必须做出大量判断,这使得 GDPR 合规变得既复杂又耗费资源。在本文中,我们将从概念上阐明 GDPR 合规性的一个核心方面:个人数据处理目的的确定和相关性。我们从 GDPR 的文本中得出了目的说明的具体要求,随后将其应用于个人数据在科学研究中的二次使用领域。我们为在不同研究情景下正确说明数据处理目的提供指导。为了说明目的说明对遵守 GDPR 的实际必要性,我们随后以 GDPR 的首要原则 "合法性 "为例,展示了我们建议的方法如何使控制者履行其合规义务,从而强调了目的说明对确定合适的法律依据的相关性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Purpose definition as a crucial step for determining the legal basis under the GDPR: implications for scientific research.

The General Data Protection Regulation (GDPR) of the European Union, which became applicable in 2018, contains a new accountability principle. Under this principle, controllers (ie parties determining the purposes and the means of the processing of personal data) are responsible for ensuring and demonstrating the overall compliance with the GDPR. However, interpretive uncertainties of the GDPR mean that controllers must exercise considerable judgement in designing and implementing an appropriate compliance strategy, making GDPR compliance both complex and resource-intensive. In this article, we provide conceptual clarity around GDPR compliance with respect to one core aspect of the law: the determination and relevance of the purpose of personal data processing. We derive from the GDPR's text concrete requirements for purpose specification, which we subsequently apply to the area of secondary use of personal data for scientific research. We offer guidance for correctly specifying purposes of data processing under different research scenarios. To illustrate the practical necessity of purpose specification for GDPR compliance, we then show how our proposed approach can enable controllers to meet their compliance obligations, using the example of the overarching GDPR principle of lawfulness to highlight the relevance of purpose specification for the identification of a suitable legal basis.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Journal of Law and the Biosciences
Journal of Law and the Biosciences Medicine-Medicine (miscellaneous)
CiteScore
7.40
自引率
5.90%
发文量
35
审稿时长
13 weeks
期刊介绍: The Journal of Law and the Biosciences (JLB) is the first fully Open Access peer-reviewed legal journal focused on the advances at the intersection of law and the biosciences. A co-venture between Duke University, Harvard University Law School, and Stanford University, and published by Oxford University Press, this open access, online, and interdisciplinary academic journal publishes cutting-edge scholarship in this important new field. The Journal contains original and response articles, essays, and commentaries on a wide range of topics, including bioethics, neuroethics, genetics, reproductive technologies, stem cells, enhancement, patent law, and food and drug regulation. JLB is published as one volume with three issues per year with new articles posted online on an ongoing basis.
期刊最新文献
How do we justify research into enhanced warfighters? The new EU-US data protection framework's implications for healthcare. The new regulation of non-medical neurotechnologies in the European Union: overview and reflection. Implementing the human right to science in the context of health: introduction to the special issue. Biosimilar approval pathways: comparing the roles of five medicines regulators.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1