(157) By coupling information from registries, researchers can obtain new knowledge of great
value with regard to widespread medical conditions such as cardiovascular disease, cancer
and depression. On the basis of registries, research results can be enhanced, as they draw
on a larger population. Within social science, research on the basis of registries enables
researchers to obtain essential knowledge about the long-term correlation of a number of
social conditions such as unemployment and education with other life conditions. Research
results obtained through registries provide solid, high-quality knowledge which can
provide the basis for the formulation and implementation of knowledge-based policy,
improve the quality of life for a number of people and improve the efficiency of social
services. In order to facilitate scientific research, personal data can be processed for
scientific research purposes, subject to appropriate conditions and safeguards set out in
Union or Member State law.
Where personal data are processed for archiving purposes, this Regulation should also
apply to that processing, bearing in mind that this Regulation should not apply to deceased
persons. Public authorities or public or private bodies that hold records of public interest
should be services which, pursuant to Union or Member State law, have a legal obligation
to acquire, preserve, appraise, arrange, describe, communicate, promote, disseminate and
provide access to records of enduring value for general public interest. Member States
should also be authorised to provide for the further processing of personal data for
archiving purposes, for example with a view to providing specific information related to
the political behaviour under former totalitarian state regimes, genocide, crimes against
humanity, in particular the Holocaust, or war crimes.
Online Remove password from protected PDF file
Online Remove Password from Protected PDF file. Download Free Trial. Remove password from protected PDF file. Find your password-protected PDF and upload it. pdf password unlock; add password to pdf file
(159) Where personal data are processed for scientific research purposes, this Regulation should
also apply to that processing. For the purposes of this Regulation, the processing of
personal data for scientific research purposes should be interpreted in a broad manner
including for example technological development and demonstration, fundamental
research, applied research and privately funded research. In addition, it should take into
account the Union's objective under Article 179(1) TFEU of achieving a European
Research Area. Scientific research purposes should also include studies conducted in the
public interest in the area of public health. To meet the specificities of processing personal
data for scientific research purposes, specific conditions should apply in particular as
regards the publication or otherwise disclosure of personal data in the context of scientific
research purposes. If the result of scientific research in particular in the health context
gives reason for further measures in the interest of the data subject, the general rules of this
Regulation should apply in view of those measures.
Where personal data are processed for historical research purposes, this Regulation should
also apply to that processing. This should also include historical research and research for
genealogical purposes, bearing in mind that this Regulation should not apply to deceased
For the purpose of consenting to the participation in scientific research activities in clinical
trials, the relevant provisions of Regulation (EU) No 536/2014 of the European Parliament
and of the Council
Regulation (EU) No 536/2014 of the European Parliament and of the Council of
16 April 2014 on clinical trials on medicinal products for human use, and repealing
Directive 2001/20/EC (OJ L 158, 27.5.2014, p. 1).
Where personal data are processed for statistical purposes, this Regulation should apply to
that processing. Union or Member State law should, within the limits of this Regulation,
determine statistical content, control of access, specifications for the processing of personal
data for statistical purposes and appropriate measures to safeguard the rights and freedoms
of the data subject and for ensuring statistical confidentiality. Statistical purposes mean any
operation of collection and the processing of personal data necessary for statistical surveys
or for the production of statistical results. Those statistical results may further be used for
different purposes, including a scientific research purpose. The statistical purpose implies
that the result of processing for statistical purposes is not personal data, but aggregate data,
and that this result or the personal data are not used in support of measures or decisions
regarding any particular natural person.
The confidential information which the Union and national statistical authorities collect for
the production of official European and official national statistics should be protected.
European statistics should be developed, produced and disseminated in accordance with
the statistical principles as set out in Article 338(2) TFEU, while national statistics should
also comply with Member State law. Regulation (EC) No 223/2009 of the European
Parliament and of the Council
provides further specifications on statistical confidentiality
for European statistics.
Regulation (EC) No 223/2009 of the European Parliament and of the Council of
11 March 2009 on European statistics and repealing Regulation (EC, Euratom)
No 1101/2008 of the European Parliament and of the Council on the transmission of data
subject to statistical confidentiality to the Statistical Office of the European Communities,
Council Regulation (EC) No 322/97 on Community Statistics, and Council
Decision 89/382/EEC, Euratom establishing a Committee on the Statistical Programmes of
the European Communities (OJ L 87, 31.3.2009, p. 164).
(164) As regards the powers of the supervisory authorities to obtain from the controller or
processor access to personal data and access to their premises, Member States may adopt
by law, within the limits of this Regulation, specific rules in order to safeguard the
professional or other equivalent secrecy obligations, in so far as necessary to reconcile the
right to the protection of personal data with an obligation of professional secrecy. This is
without prejudice to existing Member State obligations to adopt rules on professional
secrecy where required by Union law.
(165) This Regulation respects and does not prejudice the status under existing constitutional law
of churches and religious associations or communities in the Member States, as recognised
in Article 17 TFEU.
(166) In order to fulfil the objectives of this Regulation, namely to protect the fundamental rights
and freedoms of natural persons and in particular their right to the protection of personal
data and to ensure the free movement of personal data within the Union, the power to
adopt acts in accordance with Article 290 TFEU should be delegated to the Commission.
In particular, delegated acts should be adopted in respect of criteria and requirements for
certification mechanisms, information to be presented by standardised icons and
procedures for providing such icons. It is of particular importance that the Commission
carry out appropriate consultations during its preparatory work, including at expert level.
The Commission, when preparing and drawing-up delegated acts, should ensure a
simultaneous, timely and appropriate transmission of relevant documents to the European
Parliament and to the Council.
(167) In order to ensure uniform conditions for the implementation of this Regulation,
implementing powers should be conferred on the Commission when provided for by this
Regulation. Those powers should be exercised in accordance with Regulation (EU)
No 182/2011. In that context, the Commission should consider specific measures for
micro, small and medium-sized enterprises.
(168) The examination procedure should be used for the adoption of implementing acts on
standard contractual clauses between controllers and processors and between processors;
codes of conduct; technical standards and mechanisms for certification; the adequate level
of protection afforded by a third country, a territory or a specified sector within that third
country, or an international organisation; standard protection clauses; formats and
procedures for the exchange of information by electronic means between controllers,
processors and supervisory authorities for binding corporate rules; mutual assistance; and
arrangements for the exchange of information by electronic means between supervisory
authorities, and between supervisory authorities and the Board.
(169) The Commission should adopt immediately applicable implementing acts where available
evidence reveals that a third country, a territory or a specified sector within that third
country, or an international organisation does not ensure an adequate level of protection,
and imperative grounds of urgency so require.
(170) Since the objective of this Regulation, namely to ensure an equivalent level of protection
of natural persons and the free flow of personal data throughout the Union, cannot be
sufficiently achieved by the Member States and can rather, by reason of the scale or effects
of the action, be better achieved at Union level, the Union may adopt measures, in
accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on
European Union (TEU). In accordance with the principle of proportionality as set out in
that Article, this Regulation does not go beyond what is necessary in order to achieve that
(171) Directive 95/46/EC should be repealed by this Regulation. Processing already under way
on the date of application of this Regulation should be brought into conformity with this
Regulation within the period of two years after which this Regulation enters into force.
Where processing is based on consent pursuant to Directive 95/46/EC, it is not necessary
for the data subject to give his or her consent again if the manner in which the consent has
been given is in line with the conditions of this Regulation, so as to allow the controller to
continue such processing after the date of application of this Regulation. Commission
decisions adopted and authorisations by supervisory authorities based on
Directive 95/46/EC remain in force until amended, replaced or repealed.
(172) The European Data Protection Supervisor was consulted in accordance with Article 28(2)
of Regulation (EC) No 45/2001 and delivered an opinion on 7 March 2012
OJ C 192, 30.6.2012, p. 7.
(173) This Regulation should apply to all matters concerning the protection of fundamental rights
and freedoms vis-à-vis the processing of personal data which are not subject to specific
obligations with the same objective set out in Directive 2002/58/EC of the European
Parliament and of the Council
, including the obligations on the controller and the rights of
natural persons. In order to clarify the relationship between this Regulation and
Directive 2002/58/EC, that Directive should be amended accordingly. Once this
Regulation is adopted, Directive 2002/58/EC should be reviewed in particular in order to
ensure consistency with this Regulation,
HAVE ADOPTED THIS REGULATION:
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002
concerning the processing of personal data and the protection of privacy in the electronic
communications sector (Directive on privacy and electronic communications) (OJ L 201,
31.7.2002, p. 37).
Subject-matter and objectives
This Regulation lays down rules relating to the protection of natural persons with regard to
the processing of personal data and rules relating to the free movement of personal data.
This Regulation protects fundamental rights and freedoms of natural persons and in
particular their right to the protection of personal data.
The free movement of personal data within the Union shall be neither restricted nor
prohibited for reasons connected with the protection of natural persons with regard to the
processing of personal data.
This Regulation applies to the processing of personal data wholly or partly by automated
means and to the processing other than by automated means of personal data which form
part of a filing system or are intended to form part of a filing system.
This Regulation does not apply to the processing of personal data:
(a) in the course of an activity which falls outside the scope of Union law;
(b) by the Member States when carrying out activities which fall within the scope of
Chapter 2 of Title V of the TEU;
(c) by a natural person in the course of a purely personal or household activity;
(d) by competent authorities for the purposes of the prevention, investigation, detection
or prosecution of criminal offences, the execution of criminal penalties, including the
safeguarding against and the prevention of threats to public security.
For the processing of personal data by the Union institutions, bodies, offices and agencies,
Regulation (EC) No 45/2001 applies. Regulation (EC) No 45/2001 and other Union legal
acts applicable to such processing of personal data shall be adapted to the principles and
rules of this Regulation in accordance with Article 98.
This Regulation shall be without prejudice to the application of Directive 2000/31/EC, in
particular of the liability rules of intermediary service providers in Articles 12 to 15 of that
Documents you may be interested
Documents you may be interested