This Article analyses the framework of rules governing the processing of personal data for scientific research purposes established by the European Data Protection Regulation (“GDPR”). The GDPR upheld the social function of data processing in the context of scientific research and confirmed the facilitating regime with only minor changes compared to the Directive 95/46/EC. At the same time, the GDPR didn’t exhaustively regulate key issues of data protection in this field and ultimately left to Member States the task of reconciling the benefits to society deriving from scientific research with the participants’ rights to data protection. As the EU legislator had to give up the aim to harmonize data protection rules in the context of research, only “the consistency mechanism”(which is the main institutional novelty of the GDPR) may prevent the regulatory fragmentation and legal uncertainty that the Data Protection Reform Package sought to remove.
Norway DPA publishes statement on X’s use of data for AI training
X has resumed processing EU/EEA users' posts for AI training, requiring users to opt out to protect their personal data.