Submission date: 
19 July 2021

Background: The General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as GDPR or the Regulation) 1 has given European countries a unique opportunity to harmonize their legal framework, and to improve the conditions for research and cross-border data flow. Although one of the rationales behind the GDPR was to harmonize the legal framework for data processing to improve conditions for research and cross-border data flow. This represents both risks and opportunities.

Main aim: Deliverable “5.7 Report on the impact of the GDPR and its implications for EOSC” of the Horizon 2020 project “Social Sciences & Humanities Open Cloud” (hereinafter referred to as “SSHOC”, GA Number 823785) examines the impact of the GDPR and possible implications for EOSC. The main aim of this deliverable is to describe and compare national implementation of the GDPR in a few randomly selected countries.

Methodology: The national implementation of the GDPR with focus on research in Norway, Denmark, Sweden, Finland, Germany, and Italy is described and compared. The first four countries were chosen as their national privacy legislation has been a subject to review in a previous not published report. Germany and Italy, on the other hand, were chosen as they had relevant national legislation available in understandable language. The deliverable also addresses the case of UK and the GDPR, with focus on how “Brexit” can affect cross border data flow between EU/EEA countries and the UK. The articles in the GDPR with the highest relevance for research conditions were included, interpretations and solutions of the GDPR were investigated, and 14 researchers were interviewed regarding their experience with the GDPR and how the GDPR has affected the research environment.

Main outcome: Some of the selected countries have implemented provisions in their national legislation that are beneficial for research, whilst some have not focused on research as a task in the public interest. Furthermore, there seems to be different interpretations from judicial experts on how the law should be interpreted in some countries, as well as different national supplementary provisions, making harmonization more challenging.

Publication type: 
SSH GDPR Code of Conduct