GDPR is coming – Are we prepared?

The other day, my chair roped me into a meeting with the director of the new super nifty, super secure, super large storing and processing system for all kinds of data that we want to keep and play with, but need to keep secure. Finally!

A new law: The General Data Protection Regulation (GDPR) is coming into effect in the EU, with strict rules about collecting, storing, and sharing data about individuals. It is stricter than the current Swedish law, which guides the Ethics committee I sit in. This will matter for us who advocate Open Science/Open Data. And, I don’t see a lot of discussion about it.

The law, as I understand it, is mainly there to restrict what the international behemoths of data-gathering (e.g. google, facebook,) get to do with all the metrics they collect from our searches, our gps-tracked wanderings and our participating in crappy fun facebook tests of which Orc we are (I’d like to be Snaga); perhaps to force them to remove that hatchet job on a character that now turns up as the first google search. (Or, even possibly, make sure that the fake plastic eating fish story is not all over the first search page, with the info on it being removed because fraud ending up many scrolls down).

But this can very much impact how we do research, especially the type of research where we collect potentially sensitive information (illness, politics, religion, sex, crime) and possible identifying information – as in information that could be triangulated back to an individual. This encompasses a lot of social, clinical and medical sciences, and may very well impact our ability to share data with other researchers, both inside and outside the EU, unless we start planning now on how to handle this now.

We want open data. We want participant protection. We need to stay within the law as they change.