Re-using Personal Data for Statistical and Research Purposes in the Context of Big Data and Artificial Intelligence

Abstract

This paper analyzes the purpose limitation principle under the General Data Protection Regulation and the opportunities for re-using personal data, in particular for statistical and research purposes. It examines the conditions and the scope of application of the research exemption and the safeguards that must be in place for organisations to be able to re-use personal data without asking for consent from individuals. In general, it is argued that the research exemption could have a rather broad interpretation and application, including in the context of Big Data and Artificial Intelligence. The creation of privacy “regulatory sandboxes” is also proposed as a new form for cooperation between innovators and regulators which could enable the development of privacy-designed innovation products and projects, while keeping supervisory authorities abreast of the risks and impacts posed by the emerging technologies to individuals’ privacy and the society at large.