HARMONISED LEGAL FRAMEWORK
-DIVERSITY OF IMPLEMENTATIONS
Linn-Merethe Röd, NSD
DASISH Final Conference
November 2014 Gothenburg
VCC AND HANDBOOK ON L&E ISSUES
Germany, Netherlands, Denmark, Iceland, Sweden, Norway,
Finland, Spain, UK, Estonia
Legal and Ethical approval, Informed consent, Preservation,
Access and reuse, Copyright
Administrative data, Audio-visual data, Measurement data,
Survey data, Paradata, Text data, Web data, Metadata
DASISH Final Conference
November 2014 Gothenburg
MAIN OBSTACLES
Uneven framework conditions across EU
Unique Data Protection Authorities, compliance
structures, notification and approval processes
Other bureaucratic or regulative procedures
DASISH Final Conference
November 2014 Gothenburg
WHAT IS PERSONAL DATA?
UK:
Personal data: data relating to a living individual who
can be identified from those data and/or other
information which is in the possession of, or is likely to
come into the possession of, the data controller
Anonymisation: the process of turning data into a form
which does not identify individuals and where
identification is not likely to take place
DASISH Final Conference
November 2014 Gothenburg
The Netherlands:
Whether a person is identifiable depends on
the possibilities the controller has at disposal.
If actual identification is reasonably excluded
because of encryption of the data and/or
agreements about the access to the data, the
person is not identifiable
DASISH Final Conference
November 2014 Gothenburg
Estonia:
Personal data includes any data concerning an identified
natural person or a natural person to be identified,
regardless of the form or format in which such data
exists
DASISH Final Conference
November 2014 Gothenburg
Iceland:
Personal data includes any information that
can be traced to a specific individual,
deceased or living
DASISH Final Conference
November 2014 Gothenburg
NOTIFICATION OR APPROVAL
Processing of sensitive personal data:
Sweden: ethical approval (consent/non-consent)
Germany: approval by the data protection officer (nonconsent) If based on consent, sufficient with notification
UK: yearly notification to the DPA including all the processing
of personal data conducted at the research institution
DASISH Final Conference
November 2014 Gothenburg
EXEMPTIONS FROM CONSENT
Alternatives to consent-based processing
included in the law
Diversity of whether consent is seen as the
main condition
Diversity of how strict the conditions for nonconsent processing are
DASISH Final Conference
November 2014 Gothenburg
CONCLUDING REMARKS
Diversity in law and legal practice
Barriers for cross-country research and data
sharing
Illustrates the need to harmonise legal
framework and practice
DASISH Final Conference
November 2014 Gothenburg