The General Data Protection Regulation

Similar documents
ISO/TR TECHNICAL REPORT. Intelligent transport systems System architecture Privacy aspects in ITS standards and systems

Ministry of Justice: Call for Evidence on EU Data Protection Proposals

IAB Europe Guidance THE DEFINITION OF PERSONAL DATA. IAB Europe GDPR Implementation Working Group WHITE PAPER

General Questionnaire

Justice Select Committee: Inquiry on EU Data Protection Framework Proposals

ARTICLE 29 Data Protection Working Party

ICC POSITION ON LEGITIMATE INTERESTS

THE LABORATORY ANIMAL BREEDERS ASSOCIATION OF GREAT BRITAIN

TechAmerica Europe comments for DAPIX on Pseudonymous Data and Profiling as per 19/12/2013 paper on Specific Issues of Chapters I-IV

ISO INTERNATIONAL STANDARD. Nomenclature Specification for a nomenclature system for medical devices for the purpose of regulatory data exchange

What does the revision of the OECD Privacy Guidelines mean for businesses?

ILNAS-EN 14136: /2004

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

The General Data Protection Regulation and use of health data: challenges for pharmaceutical regulation

Our position. ICDPPC declaration on ethics and data protection in artificial intelligence

At its meeting on 18 May 2016, the Permanent Representatives Committee noted the unanimous agreement on the above conclusions.

Position Paper.

Having regard to the Treaty establishing the European Community, and in particular its Article 286,

2

ITAC RESPONSE: Modernizing Consent and Privacy in PIPEDA

RECOMMENDATIONS. COMMISSION RECOMMENDATION (EU) 2018/790 of 25 April 2018 on access to and preservation of scientific information

(Non-legislative acts) DECISIONS

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Privacy framework

Proposal for a COUNCIL DECISION

clarification to bring legal certainty to these issues have been voiced in various position papers and statements.

Towards a Magna Carta for Data

ASSEMBLY - 35TH SESSION

Should privacy impact assessments be mandatory? David Wright Trilateral Research & Consulting 17 Sept 2009

Ocean Energy Europe Privacy Policy

The Revised EU Block Exemption Regulation for Research and Development Agreements

European Law as an Instrument for Avoiding Harmful Interference 5-7 June Gerry Oberst, SES Sr. Vice President, Global Regulatory & Govt Strategy

Details of the Proposal

Public Consultation: Science 2.0 : science in transition

Trade Barriers EU-Russia based in technical regulations

Privacy Policy SOP-031

COMMISSION DELEGATED DIRECTIVE../ /EU. of XXX

This policy sets out how Legacy Foresight and its Associates will seek to ensure compliance with the legislation.

IET Guidelines for Volunteers: Data Protection

DERIVATIVES UNDER THE EU ABS REGULATION: THE CONTINUITY CONCEPT

Official Journal of the European Union L 21/15 COMMISSION

Robert Bond Partner, Commercial/IP/IT

From a practical view: The proposed Dual-Use Regulation and Export Control Challenges for Research and Academia

Central and Eastern Europe Statistics 2005

ISO INTERNATIONAL STANDARD. Non-destructive testing Qualification of radiographic film digitisation systems Part 2: Minimum requirements

Pre-Commercial Procurement (PCP) Actions

Group of Administrative Co-operation Under the R&TTE Directive. 5 th R&TTE Market Surveillance Campaign on WLAN 5 GHz

This document is a preview generated by EVS

Fact Sheet IP specificities in research for the benefit of SMEs

Implementing the International Safety Framework for Space Nuclear Power Sources at ESA Options and Open Questions

ORGALIME Position. on the Proposal for a

Proposal for a COUNCIL REGULATION. on denominations and technical specifications of euro coins intended for circulation. (recast)

EU Ecolabel EMAS Environmental Technology Verification (ETV) State-of-play and evaluations

1. 3. Advantages and disadvantages of using patents as an indicator of R&D output

Building DIGITAL TRUST People s Plan for Digital: A discussion paper

Submission to the Productivity Commission inquiry into Intellectual Property Arrangements

Preparing for the new Regulations for healthcare providers

Pan-Canadian Trust Framework Overview

Decision. On the authorization regime governing mobile satellite service (MSS) systems in the 2 GHz band

This document is a preview generated by EVS

Committee on the Internal Market and Consumer Protection. of the Committee on the Internal Market and Consumer Protection

EFRAG s Draft letter to the European Commission regarding endorsement of Definition of Material (Amendments to IAS 1 and IAS 8)

PRIMATECH WHITE PAPER COMPARISON OF FIRST AND SECOND EDITIONS OF HAZOP APPLICATION GUIDE, IEC 61882: A PROCESS SAFETY PERSPECTIVE

Economic and Social Council

COUNCIL OF THE EUROPEAN UNION. Brussels, 19 May 2014 (OR. en) 9879/14 Interinstitutional File: 2013/0165 (COD) ENT 123 MI 428 CODEC 1299

Draft executive summaries to target groups on industrial energy efficiency and material substitution in carbonintensive

EUROPEAN CENTRAL BANK

Re: Examination Guideline: Patentability of Inventions involving Computer Programs

GESIS Leibniz Institute for the Social Sciences

UMTS Forum key messages for WRC 2007

Recognised Spectrum Access (RSA) for Receive Only Earth Stations Statement on the making of regulations to introduce RSA in the frequency bands 7850

UNIVERSAL SERVICE PRINCIPLES IN E-COMMUNICATIONS

Media Literacy Policy

Munkaanyag

8th Floor, 125 London Wall, London EC2Y 5AS Tel: +44 (0) Fax: +44 (0)

Joint Convention on the Safety of Spent Fuel Management and on the Safety of Radioactive Waste Management

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Communicating Framework Programme 7. European Commission Research DG Pablo AMOR

European Charter for Access to Research Infrastructures - DRAFT

THE EUROPEAN DATA PROTECTION SUPERVISOR, Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

13460/15 CB/ek 1 DGE 2B

Spectrum for audio PMSE. Use of the 694 to 703 MHz band

Health Technology Assessment: What are the key challenges to assess medical devices? Rosanna Tarricone, PhD Director CERGAS Scientific Director EHTI

European Regulatory Approach to Orbital / Spectrum Registrations

UEAPME Think Small Test

The Information Commissioner s response to the Draft AI Ethics Guidelines of the High-Level Expert Group on Artificial Intelligence

Fiscal 2007 Environmental Technology Verification Pilot Program Implementation Guidelines

Mutual Learning Programme

ISO Graphical symbols Safety colours and safety signs Part 3: Design principles for graphical symbols for use in safety signs

Questions and answers on the revised directive on restrictions of certain dangerous substances in electrical and electronic equipment (RoHS)

Biometric Data, Deidentification. E. Kindt Cost1206 Training school 2017

Munkaanyag

Women on Boards. Vanessa Williams Managing Director, Awen Consultants Limited Founder, Governance for Growth Director & Lawyer, Excello Law Limited

ISO INTERNATIONAL STANDARD

COMMISSION OF THE EUROPEAN COMMUNITIES

24 May, Pan-European Private Equity and Venture Capital Activity

Consultation on the licensing of spectrum in the 800 MHz and 900 MHz bands

1. Introduction. defining and producing new materials with advanced properties, or optimizing industrial processes.

Resource Management Act 1991 ( Act ) KAWARAU JET SERVICES HOLDINGS LIMITED. Appellant QUEENSTOWN LAKES DISTRICT COUNCIL.

The EFPIA Perspective on the GDPR. Brendan Barnes, EFPIA 2 nd Nordic Real World Data Conference , Helsinki

PRIVACY ANALYTICS WHITE PAPER

Transcription:

The General Data Protection Regulation Advice to Justice and Home Affairs Ministers Executive Summary Market, opinion and social research is an essential tool for evidence based decision making and policy. It is robustly self-regulated by a family of national and international codes of conduct, ensuring that data collected for research is strictly limited to research only, preventing harm or adverse consequences to individuals. We are deeply concerned by proposals being discussed in the Council of Ministers, and by the text adopted by the European Parliament on March 12. We believe that, if adopted, these texts will render the use of personal data for essential research unworkable, if not illegal. Therefore we are asking Justice and Home Affairs ministers to adopt the following proposals: We propose amending Recital 126 to explicitly include market, opinion, and social research in the application of Article 83 thereby ensuring legal certainty for our sector. We strongly recommend that, in order to preserve essential access to personal data for research purposes subject to robust ethical and process safeguards, the Council of Ministers agree to retain the Commission s proposed text for Article 83. We strongly support the amendments to Article 5 and 6 recommended by the Article 29 Working Party in the Opinion on Purpose limitation. Introduction We represent the market, opinion, and social research sector, a sector that represents an annual turnover (in 2012) of 28.16 billion worldwide and 11.26 billion in Europe alone. The sector produces the research outcomes that inform decisions of public authorities (e.g. the Eurobarometer, TV audience measurement), the non-profit sector (opinion polling), and business (satisfaction surveys, product improvement). In a society increasingly driven by data, our sector ensures access to quality, relevant, reliable, and aggregated data sets, leading to better decision-making, targeted and cost-effective public policy, and economic development by informing and supporting more effective evidence-based decision making in public and private organizations leading to growth and jobs.

Since the 1940s, market, opinion and social research has been robustly self-regulated by a family of national and international codes of conduct and practice supported by strong compliance and disciplinary frameworks. The fundamental principles shared by these codes are that: Research must be conducted with the voluntary participation of respondents, based on the principle of informed consent. Respondents must not be harmed or disadvantaged as a result of participating in a research project; and Personal data collected for research purposes must not be used for other purposes. Any assurances regarding anonymity must be honoured. The research sector has also developed an international quality standard for market social and opinion research, ISO 20252. 1 The primary role of this standard is to ensure robust and adequate process quality. The standard is based on long established national standards, reflecting traditional concerns with research integrity and data security. Recital 126 Market, opinion, and social research are scientific and often provide outcomes of public interest. We draw attention to Recital 126 defining the scope of the term scientific research. In order to reflect the existing practice of including of market, opinion, and social research as statistical and scientific research, we would welcome an explicit reference to these categories of applied scientific research falling within the Recital 126 definition of scientific research. Studies conducted by our sector, for example the British Crime Survey, or the Eurobarometer, or indeed TV audience measurement all meet the test of scientific research, whilst satisfaction surveys and product improvement research serve the public interest in ensuring that the products and measures brought to market or in society reflect the needs and wishes of consumers and citizens, and securing the effective and efficient allocation of scarce resources Recital 126 also recognises the importance of research regardless of its source of funding, either from the private or public sector. We believe it is essential that this is maintained. We propose amending Recital 126 to explicitly include market, opinion, and social research in the application of Article 83 thereby ensuring legal certainty for our sector. Article 83 1 ISO 20252:2012 Market, opinion and social research -- Vocabulary and service requirements Page 2 of 9

The exemption for research, subject to adequate safeguards, is part of the Council of Europe Convention 108 and Directive 95/46/EC and should be maintained. These provisions currently allow the use of existing datasets to compile research and statistical records, informing better and more accurate assessment of, and decision making on, important economic and social activities in Europe. Safeguards should be in place, preventing the abuse of the historical, statistical and scientific research exemption to make decisions about the data subject. Accordingly, further processing for historical, statistical and scientific research should not be considered incompatible with the purposes for which data were originally collected, within the scope of the Regulation. Research purposes vs. Purposes We note the Council s most recent working drafts propose to remove the word research from Article 83, referring only to historical, statistical and scientific purposes. As statistical and scientific are methods applicable to a variety of purposes, not limited to research, they are not defined purposes in themselves. The removal of the word research expands the scope and application of the exceptions contained in Article 83 in potentially unforeseeable ways. Research is commonly understood to be the collection, use or analysis of information about a sample of individuals or organisations representing a universe intended to establish facts, acquire knowledge or reach conclusions. It does not lead to direct action in regards to those individuals or making decisions about them. This is an important qualification about the processing of data, which is missing from the Council s revised text. The Council introduces a greater risk of legal uncertainty for all research activities including that of market, opinion, and social research underpinned by our self-regulatory codes. It further risks undermining consumer confidence in providing data for historical, statistical, and scientific research as there is greater risk for other sectors to use the enlarged exemption for incompatible objectives. Separating historical statistical and scientific The Council s latest working draft significantly expands Article 83, dividing it into three new articles 83a, 83b and 83c relating to historical, statistical and scientific purposes respectively. Market, opinion, and social research is primarily based on the applied social sciences and also may contain historical and/or statistical elements. In practice, there is no clear distinction between historical, statistical, and scientific, and therefore they should properly be treated as a single class as they have been since Convention 108 was drafted in 1981. Page 3 of 9

Market, opinion, and social research is and should continue be recognised as falling within this class of purpose, and is clearly cited as such by data protection legislation and authorities, for example by the explicit legal permission in Section 30a of the German Federal Data Protection Act, in the UK Information Commissioner s Office Anonymisation Code of Practice and in the Article 29 Working Party s Opinion 03/2013 on Purpose Limitation. Preparing for the future open data and data analytics While much of research past and present, has been based on a direct interaction with individuals, the increased production, use and storage of data means that in the future historical, statistical and scientific research will be directed at looking at actual, as opposed to reported, behaviour. This in turn means that the provisions of Article 83 will be subject to increased use by data controllers, and by researchers in particular. Current Open Data initiatives spearheaded by the Commission and Member States to make the re-use of public sector information easier underlines why the provisions of Article 83 need to be sufficiently flexible and overarching to facilitate this important development. We strongly recommend that, in order to preserve essential access to personal data for research purposes subject to robust ethical and process safeguards, the Council of Ministers agree to retain the Commissions proposed text for Article 83. Article 5 and 6 We strongly support the amendments recommended by the Article 29 Working Party in the Opinion on Purpose limitation: Article 6(4) of the proposed Data Protection Regulation, attempts to provide a very broad exception from the requirement of compatibility, which would severely restrict its applicability. This text would in effect mean that it would always be possible to remedy the lack of compatibility by simply identifying a new legal ground for the processing. The only legal ground which could not in itself be sufficient to compensate for incompatibility would be the legitimate interest of the controller under point (f). These new provisions would, if adopted, risk eroding this key principle. The WP29 therefore recommends that the proposed paragraph 4 should be deleted. This is because the prohibition of incompatible use and the requirement of a legal basis under Article 7 of the Directive are cumulative requirements. Therefore, for a change of purpose, one of the legal grounds (points a to f) needs to apply anyway. The Directive, which is currently in effect, does in principle not allow for Page 4 of 9

a change of purpose without a favourable compatibility assessment, and this level of protection should be maintained in the proposed Data Protection Regulation as well. Further, to complement the existing general and concise provisions on the purpose limitation principle, and to provide for more legal certainty, the WP29 recommends the adoption of the provisions set out in Annex 1 to this Opinion. The proposed provisions aim to provide a non-exhaustive list of the relevant factors that should be assessed to determine whether any further use may be considered compatible. Although this presentation of key factors is not fully exhaustive, it attempts to highlight the typical factors that should be considered in a balanced approach: neither too general so as to be meaningless, nor too specific so as to be overly rigid. Finally, and for similar reasons, the WP29 proposes to delete Article 6(2), which attempts to provide a new legal ground for all processing for historical, statistical or scientific research (subject to the conditions and safeguards referred to in Article 83 but not subject to a broader compatibility assessment). This provision may be replaced by a similar, but more nuanced provision in Article 5, which discusses the 'principles relating to personal data processing'. Page 5 of 9

Appendix 1 Proposed Amendments Amendment i Proposal for a regulation Recital 126 Text proposed by the Commission (126) Scientific research for the purposes of this Regulation should include fundamental research, applied research, and privately funded research and in addition should take into account the Union's objective under Article 179(1) of the Treaty on the Functioning of the European Union of achieving a European Research Area. Amendment (126) Scientific research for the purposes of this Regulation should include privately and publicly funded fundamental research and applied research, including market, social and opinion research, and in addition should take into account the Union s objective under Article 179(1) of the Treaty on the Functioning of the European Union of achieving a European Research Area. Justification: Research is a systematic investigation intended to establish facts, acquire new knowledge and reach new conclusions. This recital should be clarified to reflect the scope of scientific research in Europe both theoretical and applied, funded and carried out by the public and private sector. The inclusion of market social and opinion research as scientific research is essential to the self-regualtory and coregulatory schemes in Member States. Amendment ii (proposed by Article 29 Working Party) Principles relating to personal data processing Article 5 Text proposed by the Commission Personal data must be: (a) (...) (b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes; (c-f) (...) Amendment 1. Personal data must be: (a) (...) (b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes; (c-f) (...) 2. When assessing whether further Page 6 of 9

processing of personal data is incompatible with the purposes for which those data have been collected, within the meaning of point (b) of paragraph 1, account shall be taken in particular of: (a) the relationship between the purposes for which the personal data have been collected and the purposes of further processing; (b) the context in which the personal data have been collected and the reasonable expectations of the data subjects as to their further use; (c) the nature of the personal data and the impact of the further processing on the data subjects; (d) the safeguards applied by the controller to ensure fair processing and to prevent any undue impact on the data subjects. 3. Further processing of personal data which is necessary for the purposes of historical, statistical or scientific research, shall not be considered as incompatible, subject to the conditions and safeguards referred to in Article 83 and provided that appropriate measures are applied to prevent any undue impact on the data subjects. Justification: To complement the existing provision on purpose limitation, and to provide for more legal certainty, a list of relevant factors should be taken into account when assessing whether any further processing is compatible with the purposes of data collection. A specific provision on historical, statistical or scientific research is required to ensure that appropriate safeguards will continue to be applied in this context Amendment iii (proposed by Article 29 Working Party) Lawfulness of processing Page 7 of 9

Article 6 Text proposed by the Commission 1. Personal data shall be lawful only if and to the extent that at least one of the following applies: Amendment No change (a) - (f) (...) 2. Processing of personal data which is necessary for the purposes of historical, statistical or scientific research shall be lawful subject to the conditions and safeguards referred to in Article 83. Deleted 3. (...) 2. (...) 4. Where the purpose of further processing is not compatible with the one for which the personal data have been collected, the processing must have a legal basis at least in one of the grounds referred to in points (a) to (e) of paragraph 1. This shall in particular apply to any change of terms or general conditions of a contract. Deleted 5 (...) 3. (...) Justification: The deletion of paragraphs 2 and 4 ensures that the requirement of compatible use in Article 5 and the lawfulness of processing under Article 6 continue to function as cumulative requirements and that the current level of protection is maintained in the proposed Data Protection Regulation. Page 8 of 9

EFAMRO has 16 member associations: ADM-Germany, AIMRO-Ireland, ANEIMO-Spain, APODEMO- Portugal, ASSIRM- Italy, BAMOR-Bulgaria, Febelmar-Belgium, LRSTA-Lithuania, MOA-Netherlands, MRS-United Kingdom, OFBOR-Poland, OIROM-Russia, SMIF-Sweden, SMTL-Finland, Virke-Norway and VSME-ASMS-Switzerland. These countries together represent about 31% of the global research industry, or 7.46 billion. For further information on EFAMRO and its activities, contact Barry Ryan, Director of Policy & Communication. EFAMRO Bastion Tower, level 20 Place du Champ de Mars 5 B-1050 Brussels Website : www.efamro.eu Tel : +32 (0)2 550 3548 Fax : +32 (0)2 550 3584 Email : barry.ryan@efamro.eu ESOMAR is the essential organisation for encouraging, advancing, and elevating market, social, and opinion research worldwide. Representing nearly 5000 professionals and over 250 corporate members on the supply and client sides globally, ESOMAR has support the sector since 1948. For further information on ESOMAR and its activities, contact Kim Smouter, Government Affairs Manager. ESOMAR Atlas Arena 5 th Floor Hoogoordreef 5 1083 HN Amsterdam The Netherlands Website : www.esomar.org Tel: +31 20 664 2141 Fax: +31 20 664 2922 Email : kim.smouter@esomar.org Page 9 of 9

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback