Preiskel & CoPreiskel & Co
Preiskel & Co
  • Home
  • About Us
    • Diversity, Social Responsibility, and Pro Bono
  • Services
    • Corporate
    • Commercial
    • Regulatory
    • Competition & Antitrust
    • Data Protection, Privacy, and Retention
    • Intellectual Property
    • Dispute Resolution
    • Employment
  • Sectors
    • Telecommunications
    • IT, Technology, & Internet
    • Media and Broadcasting
    • Websites, Blogging, & Social Media
    • Film & Television
    • Gambling & Online Gaming
    • Leisure & Retail
    • Energy & Minerals
    • Cryptocurrency & Blockchain
    • Creative Industries
  • People
    • Daniel Preiskel
    • Ronnie Preiskel
    • Tim Cowen
    • Jose Saras
    • Robert Dougans
    • Tina Cowen
    • D A T Green
    • Karthyaeni Vittala
    • Richard Stewart
    • Mor Swiel
    • Ilanit Appelfeld
    • Stephen Dnes
    • Daniel Oakland
    • Robert Harvey
    • Martina Raciti
    • Joanna Coombs-Huang
    • Xavier Prida
    • Mark Clough
    • Stewart White
    • Alison MacFarlane
    • Hannah Leader
    • Peter Dally
    • Antony Corel
    • Sue Warwick
    • Shardi Shameli
    • Stephen Hornsby
    • Ewelina Korgol
    • Maria Constantin
    • Sophia Yakhno
  • International
  • Blog
  • News
    • Publications
  • Contact
Menu back  

ICO consultation on draft guidance for the research provisions within the UK GDPR and the DPA 2018

April 20, 2022By Preiskel & Co

The Information Commissioner’s Office (“ICO”) has published a draft guidance on the research provisions in the UK General Data Protection Regulation (Regulation (EU) 106/679) (the “UK GDPR”) and the Data Protection Act 2018 (the “DPA”) (the “Draft Research Guidance”) and launched a public consultation seeking feedback on the Draft Research Guidance.

The Draft Research Guidance highlights:

  • the provisions relating to research in the legislation;
  • how they fit together and their practical effect; and
  • definition of key terms.

The ICO clarified that the Draft Research Guidance is intended to help those engaged in research to carry out their processing in compliance with the law and to provide researchers confidence to make use of the provisions where appropriate.

The UK GDPR and the DPA contain a number of provisions for processing personal data for research purposes. The Draft Research Guidance lists three types of “research related purposes”:

  • archiving purposes in the public interest;
  • scientific or historical research purposes; and
  • statistical purposes.

It provides a useful list of criteria that can be used to identify whether a purpose for processing personal data is likely to be considered a research related purpose.

The UK GDPR and the DPA provisions cover three broad areas of data protection:

  1. The data protection principles
    • The purpose limited principle (Article 5 UK GDPR) allows processing of personal data for specified, explicit and legitimate purposes. Any further processing must be compatible with the original processing unless it is for a research related purpose.
    • This means that there is no requirement to identify a further lawful basis for further processing for research unless the original lawful basis was consent. Where the original lawful basis was consent, fresh consent to re-use will be required.
    • The ICO says the processing must still be generally fair and lawful, and privacy information should be updated to ensure the processing is transparent.
    • Article 5 UK GDPR provides a further exception to the storage limitation principle, which says that personal data can be kept indefinitely to the extent that it is processed for one of the research related purposes.
  1. A condition for processing special category data and criminal offence data
    • Article 9(1) UK GDPR creates a prohibition on processing special category data, which is data that requires more protection because it is considered sensitive and relates to matters such as race, ethnicity, health, genetic and biometric data, unless a condition applies. One of these conditions is that the processing is necessary for a research related purpose.
    • The DPA sets some requirements on relying on this condition and the Draft Research Guidance provides some helpful commentary on its understanding of these requirements.
    • For any personal data relating to criminal convictions and offences or related security measures, a lawful basis is required for its processing along with the fulfilment of other conditions in the DPA.
  1. Exemptions from data subjects’ rights
    • The UK GDPR and DPA contain a number of exemptions to complying with a data subject rights requests received from an individual. Such requests can include the right of access, erasure, rectification, portability, restriction and objection. For some of these rights, an exception is available if the data is processed for a research related purpose.
    • However, in relation to some of the rights, relying on this exemption is allowed only if complying with the request (i) would prevent or seriously impair achieving the purpose for processing and the processing is subject to the safeguards set out in Article 89(1) UK GDPR, (ii) is not likely to cause substantial damage or distress, and (iii) is not used to measure or make decisions about individuals.

The Draft Research Guidance advises that where possible, research should be carried out using anonymous or pseudonymous data. If not possible, the Draft Research Guidance will be helpful in navigating the various compliance hurdles in order to rely on the flexibility provided in the UK GDPR and DPA for processing data for research related purposes.

The consultation on the Draft Research Guidance is open for feedback  till  5 pm on Friday 22 April 2022.

 

Please contact Jose Saras if you have any questions regarding the above.

The material contained in this article is only for general review of the topics covered and does not constitute any legal advice. No legal or business decision should be based on its content.

Leave Comment

Cancel reply

Your email address will not be published. Required fields are marked *

clear formSubmit

Latest Preiskel & Co blog posts
  • Claim against NHS Trust for breach of DPA 1998 and misuse of private information dismissed
    April 28, 2022
  • TikTok Class action for the Misuse of Child Personal Data
    April 28, 2022
  • ICO consultation on draft guidance for the research provisions within the UK GDPR and the DPA 2018
    April 20, 2022
  • European Strategy for Artificial Intelligence – a framework to regulate AI and its potential impact on the UK
    April 19, 2022
  • Meta hit by 17 million euro fine by Irish regulator
    April 19, 2022
  • Ofcom has mandated that telecoms providers ensure British Sign Language (BSL) for 999
    March 18, 2022
  • Ofcom publishes statement on the future of telephone numbers
    March 15, 2022
  • German court sends biometric data questions to the ECJ
    February 23, 2022
  • Meta fined £1.5m by CMA
    February 7, 2022
  • International data transfer agreement and addendum laid before Parliament
    February 4, 2022
  • CMA publishes statement of scope in music and streaming market study
    February 1, 2022
  • Google Privacy Sandbox faces European Commission complaint from German publishers
    January 24, 2022

The Preiskel Blog

  • Claim against NHS Trust for breach of DPA 1998 and misuse of private information dismissed 28 Apr 2022
  • TikTok Class action for the Misuse of Child Personal Data 28 Apr 2022
  • ICO consultation on draft guidance for the research provisions within the UK GDPR and the DPA 2018 20 Apr 2022
  • European Strategy for Artificial Intelligence – a framework to regulate AI and its potential impact on the UK 19 Apr 2022

Preiskel news

  • Daniel Preiskel and Xavier Prida lecturing to Academia Mexicana del Derecho Informático and Abogado Digital
  • Preiskel & Co advises Mexico-based premium content production company Dopamine
  • Danny Preiskel was ranked as a Global Elite Thought Leader in Telecoms & Media by WhosWhoLegal Data 2022
  • Danny Preiskel featured in GCCM (Global Carrier Community Magazine)
Preiskel tweets
  • @jwrosewell @m4aow @w3c @IABTechLab Our pleasure!59 days ago
  • RT @jwrosewell: Great work from @Preiskel and the whole @m4aow team. Thank you. Much for @w3c, @IABTechLab, and others to consider in this…59 days ago
  • RT @TC_4KBW: Google’s battle with publishers shows that at every turn it seeks to block others from competing. it blocked header bidding, b…59 days ago
Preiskel & Co LLP
4 King's Bench Walk,
Temple,
London
EC4Y 7DL
United Kingdom

Tel: +44 20 7332 5640
Email: info@preiskel.com

Find us on:

TwitterLinkedinMail
© Preiskel & Co LLP 2022 | Site map | Legal notices | Privacy | Cookie Policy | Privacy | Fraud Notice

   

We use analytic cookies to help us understand how many visitors we have and how they move around our website. This helps us improving our website. You can accept or reject our use of analytic cookies and update your choices at any time. See our Cookie Policy to learn more about how we use essential and analytic cookies and to update your choices.OKReject analyticsCookie policy