Marjut Salokannel
SaReCo Oy
5th May 2015



Directive 95/46/EC on the protection of individuals with
regard to the processing of personal data and on the free
movement of such data
January 2012 Proposal for a Regulation of the European
parliament and of the council on the protection of
individuals with regard to the processing of personal data
and on the free movement of such data (General Data
Protection Regulation); and
Proposal for a Directive of the European parliament and of
the council on the protection of individuals with regard to
the processing of personal data by competent authorities
for the purposes of prevention, investigation, detection or
prosecution of criminal offences or the execution of
criminal penalties, and the free movement of such data
Salokannel, Safely across borders,
Hanasaari, May 5, 2015

Directly applicable law in all Member States
after having entered into effect
Salokannel, Safely across borders,
Hanasaari, May 5, 2015






Different versions on the table
a) Commission’s original proposal
b) Parliament’s legislative resolution from
March 2014
c) Council planning to reach a common
position in June 2015
Trilogue btw. different institutions during fall
Final adoption by the end 2015
Salokannel, Safely across borders,
Hanasaari, May 5, 2015



personal data, revealing race or ethnic origin,
political opinions, religion or beliefs, trade-union
membership, as well as genetic data or data
concerning health or sex life or criminal
convictions or related security measures
Health data: any information which relates to the
physical or mental health of an individual, or to
the provision of health services to the individual;
Genetic data: all data, of whatever type,
concerning the characteristics of an individual
which are inherited or acquired during early
prenatal development
Salokannel, Safely across borders,
Hanasaari, May 5, 2015


Processing of sensitive data is prohibited
unless there is specific legal justification for
the processing
Consent or separate legal basis
Salokannel, Safely across borders,
Hanasaari, May 5, 2015



With the consent of the data subject
Processing is necessary for research purposes
under the conditions of Article 83 of the
Regulation
Research is defined as fundamental research,
applied research, and privately funded
research research taking into the Union's
objective under Article 179(1) of the Treaty
on the functioning of the European Union of
achieving a European Research Area
Salokannel, Safely across borders,
Hanasaari, May 5, 2015






Processing of personal data for research
permitted
1) by consent of the data subject
2) by virtue of a legal obligation
3) with anonymized data
4) with pseudonymised data under highest
technical protection standards preventing
unwarranted re-identification of data subjects
With regard to health data processing of
pseudonymized data permitted without consent
in relation to research serving high public
interest (Parliament); for population based
registers, cf. following
Salokannel, Safely across borders,
Hanasaari, May 5, 2015


According to both Parliament and Italian
presidency versions access to official documents
and re-use of such documents under PSI directive is determined under the Member State
law or Union law (Art. 80a & 80 aa)
Access to population based public registers for
research purposes is determined by the national
freedom of information law (offentlighetslag) and
the further processing of data is determined by
the data protection law and law relating to ethical
review on research involving humans (Sweden)
Salokannel, Safely across borders,
Hanasaari, May 5, 2015



According to the Italian presidency text the
conditions for processing personal data for
scientific research are determined primarily
by national law with the eventual possibility
of Union legislation
Access to population based registers is
determined by national freedom of
information law and processing is subject to
data protection law
No agreement yet on processing of health
data in the Council
Salokannel, Safely across borders,
Hanasaari, May 5, 2015


The Council text has more flexibility with
regard to processing of personal data for
research under the condition that the
appropriate technological safeguards for the
processing are in place
and the data is pseudonymized.
Salokannel, Safely across borders,
Hanasaari, May 5, 2015

THANK YOU !
Salokannel, Safely across borders,
Hanasaari, May 5, 2015





Regardless of the final wording of the EU
Regulation cross-border processing of
sensitive data will be possible
1) with the consent of the data subject
2) with anonymized data
3) with pseudonymized data under
technologically protected circumstances
Linking of data from different registers
should also be conducted by technological
means.
Salokannel, Safely across borders,
Hanasaari, May 5, 2015