This Article analyses the framework of rules governing the processing of personal data for scientific research purposes established by the European Data Protection Regulation (“GDPR”). The GDPR upheld the social function of data processing in the context of scientific research and confirmed the facilitating regime with only minor changes compared to the Directive 95/46/EC. At the same time, the GDPR didn’t exhaustively regulate key issues of data protection in this field and ultimately left to Member States the task of reconciling the benefits to society deriving from scientific research with the participants’ rights to data protection. As the EU legislator had to give up the aim to harmonize data protection rules in the context of research, only “the consistency mechanism”(which is the main institutional novelty of the GDPR) may prevent the regulatory fragmentation and legal uncertainty that the Data Protection Reform Package sought to remove.
OpenAI Fined €15 Million for GDPR Violations in Italy
The Italian Data Protection Authority fined OpenAI €15 million for using personal data without legal grounds and lacking age verification […]