The Pandemic Crisis as Test Case to Verify the European Union’s Personal Data Protection System Ability to Support Scientific Research

The pandemic crisis currently sweeping the world provides the European Union’s personal data protection system with a test of its ability to support scientific research to tackle the health emergency. This chapter aims to analyse the main questions arising from the Guidelines 03/2020 in the context of the COVID-19 outbreak adopted by the European Data Protection Board (EDPB) on 21 April 2020, which are relevant in the framework of the use of health data in the context of scientific research. According to the Guidelines, the provisions of the Regulation (EU) 2016/679 (GDPR) on scientific research – if correctly applied – are able to protect personal health data in the context of COVID-19 research activities, with some particular conditions regarding their application. While it is true that GDPR includes several provisions on scientific research that favour such research (or, rather, that favour an understanding of its specific needs), the application of this Regulation is not always easy in the context of research, or at least is not well understood by researchers themselves. Thus, the research community needs some reactions and specific suggestions from the European Union (EU) authorities in order to harmonise and strengthen, across the EU, the application of the GDPR to research activity using health data. This chapter introduces some suggestions for the EDPB with a view to harmonising, across the EU, the application of the GDPR to research activity that uses health data