The General Data Protection Regulation (EU) 2016/679 (hereinafter GDPR or this Regulation) has given European countries a unique opportunity to harmonise their legal framework, and to improve the conditions for research and cross-border data flow. Although one of the rationales behind the GDPR was to harmonise the legal framework for data processing to improve conditions for research and crossborder data flow, this has not necessarily been the case.
To facilitate harmonisation across EU/EEA and sectors, the EU Commission has highlighted creation and use of Codes of Conducts as an important tool to ensure such harmonisation1 . A Social Science and Humanities (hereinafter SSH) GDPR Code of Conduct may lead to such a harmonised practice within the SSH environment. The main aim of this deliverable is to initiate the work on enabling the creation of a draft SSH GDPR Code of Conduct.
This Deliverable, 5.8, is a part of Task 5.3, Work Package (hereinafter WP) 5 within SSHOC. In Task 5.3, Legal Issues of Innovative Data Access, Deliverable 5.7, the impact of the GDPR and its possible implications for cross-border research have been analysed. The task team also arranged a SSH GDPR Code of Conduct Stakeholder workshop in March 2021. This workshop has been reported, as part of Deliverable 5.19. The task team`s understanding of Deliverable 5.8, is to start the initiative of creating a SSH GDPR Code of Conduct draft, by explaining what a Code of Conduct is, what it entails, and the purpose and benefits of creating a SSH GDPR Code of Conduct. This will be performed by e.g., literature studies, to get a better understanding of the scope of focus. This is intended to strengthen the will of creation of a SSH GDPR Code of Conduct draft in the SSH Environment. Further, the deliverable explains which terms must be fulfilled to be able to create and get a SSH GDPR Code of Conduct draft admissible. The Deliverable also provides some suggestions for what a SSH GDPR Code of Conduct draft may regulate.
As the deliverable highlights, significant actions remain needed before a SSH GDPR Code of Conduct draft can be finalised, including planning how to fulfil all terms in order to get a SSH GDPR Code of Conduct admissible and organized. However, it also specifies the benefits of doing the work and why the SSH environment should be motivated to get involved in the upcoming work.
To conclude, SSH GDPR Codes of Conduct contributes to research taking place within the framework of regulations. The GDPR is general and applies to all processing of personal data. A SSH GDPR Code of Conduct can explain how processing of personal data within the SSH environment can be carried out in accordance with this Regulation. Without Codes of Conduct within the field of research, European cooperation can be demanding. It can be virtually impossible to collect large amounts of research data for long-term storage and sharing across European countries. Such a consequence will not only be a loss for research, but also for the society. The deliverable is a part of Task 5.3 Legal Issues of Innovative Data Access, Work package (hereinafter WP) 5 Innovation in Data Access, and will be further developed in Task 8.3, WP 8 of SSHOC. In this deliverable the task team addresses what a Code of Conduct is, what it entails, why it can be helpful, what a SSH GDPR Code might regulate, and which assessments and actions needs to be taken to enable a SSH GDPR Code of Conduct draft to be created. By doing this, the task team intend to facilitate and suggest how the initiative can be further developed in WP8 - Governance/ Sustainability/ Quality Assurance, T.8.3 Legal and Ethical issues. The task team also address some suggestions on what a SSH Code of Conduct might regulate. However, the scope and purpose of the SSH GDPR Code of Conduct can`t be decided by the task team, at the procedures for developing a Code of Conduct indicated that this must be jointly decided within the SSH Environment2 . The task team therefore suggests that different Stakeholders within the SSH Environment should be consulted in the upcoming work in Task 8.3. Different suggestions and opinions on what a SSH GDOR Code of Conduct should regulate must thereafter be assessed, when determining the scope of the Code.