惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
WordPress大学
WordPress大学
博客园 - 【当耐特】
Engineering at Meta
Engineering at Meta
IT之家
IT之家
Apple Machine Learning Research
Apple Machine Learning Research
小众软件
小众软件
美团技术团队
S
SegmentFault 最新的问题
The GitHub Blog
The GitHub Blog
Martin Fowler
Martin Fowler
Recorded Future
Recorded Future
H
Help Net Security
aimingoo的专栏
aimingoo的专栏
Y
Y Combinator Blog
博客园_首页
A
About on SuperTechFans
MongoDB | Blog
MongoDB | Blog
阮一峰的网络日志
阮一峰的网络日志
V
Visual Studio Blog
D
DataBreaches.Net
人人都是产品经理
人人都是产品经理
大猫的无限游戏
大猫的无限游戏
B
Blog
The Register - Security
The Register - Security
I
InfoQ
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
雷峰网
雷峰网
Last Week in AI
Last Week in AI
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
月光博客
月光博客
酷 壳 – CoolShell
酷 壳 – CoolShell
Blog — PlanetScale
Blog — PlanetScale
N
Netflix TechBlog - Medium
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
有赞技术团队
有赞技术团队
Stack Overflow Blog
Stack Overflow Blog
Jina AI
Jina AI
Security Archives - TechRepublic
Security Archives - TechRepublic
Hacker News - Newest:
Hacker News - Newest: "LLM"
U
Unit 42
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
W
WeLiveSecurity
Latest news
Latest news
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 叶小钗
L
Lohrmann on Cybersecurity
博客园 - Franky
Recent Commits to openclaw:main
Recent Commits to openclaw:main
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO

EDPB News

EDPB calls for legal basis for cross-regulatory information sharing EDPB requires Belgian DPA to handle the merits of NOYB cookie banner complaint EDPB sheds light on anonymisation and web scraping for generative AI and adopts final version of guidelines on blockchain EDPB and AMLA to develop Joint Guidelines on partnerships for information sharing One-Stop-Shop case digest on right to object and right to erasure updated Supporting GDPR consistency: EDPB launches dedicated form EDPB gets a new look: discover the new website and brand identity Coordinated Supervision Committee extends scope to include Eurodac Coordinated Supervision Committee extends scope to include Eurodac EDPB meets with EU Commissioner McGrath and adopts common data breach notification template EDPB meets with EU Commissioner McGrath and adopts common data breach notification template The Italian SA imposed a 40 000 EUR fine on a company for violating the confidentiality of a employee's email account after the end of his employment The Italian SA fined Poste Vita for data breach Imposition of fine on a telecommunications company for violations of data subject’s rights The Italian Supervisory Authority fined a company 120 000 EUR for tracking five employees who drove company cars Italian SA fines a company for post-sick leave questionnaires The Italian Supervisory Authority has fined Verisure Italia for unlawful processing of personal data for direct marketing purposes EDPB and EDPS support strengthening EU’s cybersecurity and easing compliance while protecting individuals’ personal data Europe Day 2026: let’s celebrate together Marking 10 years of the GDPR: the evolution of the European data protection landscape Stakeholder event on competition and data protection: save the date Stakeholder event on competition and data protection Enhancing compliance and consistency: EDPB adopts DPIA template EDPB annual report 2025: supporting stakeholders through guidance and dialogue EDPB conference on cross-regulatory cooperation: what we learned CEF 2026: EDPB launches coordinated enforcement action on transparency and information obligations under the GDPR EDPB and EDPS support strengthening EU’s cybersecurity and easing compliance while protecting individuals’ personal data EDPB and EDPS support harmonisation of clinical trials under European Biotech Act, but call for specific safeguards for sensitive health data Stakeholder event on political advertising: agenda available now Conference on cross-regulatory cooperation in the EU (17 March) - Programme available now AI-generated imagery and protection of privacy: EDPB supports joint Global Privacy Assembly’s statement EDPB identifies challenges hindering the full implementation of the right to erasure Making GDPR compliance easier through new initiatives: a key focus of the EDPB work programme 2026-2027
EDPB brings clarity to data processing for scientific research, speeds up the finalisation of the anonymisation guidelines and approves first European data protection seal as a tool for transfers
2026-04-16 · via EDPB News

Brussels, 16 April – During its latest plenary, the EDPB has adopted Guidelines on processing of personal data for scientific research purposes. In addition, the Board has created a team to speed up the finalisation of the guidelines on anonymisation. The EDPB has also adopted two opinions on the two sets of the Europrivacy certification criteria for approval as European Data Protection Seals, one of which to be used as a tool for transfers.

Many areas of scientific research rely on the processing of individuals’ personal data, and this has driven significant scientific breakthroughs that benefit society. The rise of new technologies, such as artificial intelligence, also contributes to scientific progress by enabling researchers to use and analyse data in innovative ways.

The main objective of the EDPB guidelines on scientific research is to provide more clarity for researchers and make GDPR compliance easier, while ensuring the protection of individuals’ fundamental rights.

“Scientific research can drive societal progress and improve our daily lives. 
Our guidelines facilitate innovative research by helping researchers to navigate the GDPR.

The EDPB is committed to supporting the scientific community and unlocking the full potential of scientific research in the EU while upholding data protection rights."

EDPB Chair, Anu Talus

In its guidelines, the Board provides clarifications on the concept of ‘scientific research’. To determine if the processing takes place for scientific research purposes in the meaning of the GDPR, the Board provides six key-indicative factors that should be considered, in addition to the nature, scope, context and purposes of processing. These are: 1) methodical and systematic approach, 2) adherence to ethical standard, 3) verifiability and transparency, 4) autonomy and independence, 5) objectives of the research, and 6) potential to contribute to existing scientific knowledge or apply existing knowledge in novel ways. If the research activities meet these six factors, they can be presumed to constitute scientific research. Otherwise, the controller should justify and be able to demonstrate why the activities should be considered scientific research, within the meaning of the GDPR.

Further processing for scientific research purposes is presumed to be compatible with the initial purpose for collecting individuals’ personal data. Therefore, controllers are not obliged to do the purpose compatibility test under the GDPR to determine if the new processing is compatible with the original purpose of collection. However, controllers must still make sure that the legal basis of the initial processing is also suitable for the further processing of personal data for scientific research purposes.

Controllers can rely on “broad consent” where the purposes of research are not fully known at the time of collecting the personal data. In this case, researchers should respect ethical standards for scientific research and put additional safeguards in place to compensate for the lack of purpose specification. Controllers can also ask individuals to consent to different individual research projects separately, as soon as the purposes of those projects become known (dynamic consent). A combination of both broad and dynamic consent is also possible.

In addition, the EDPB clarifies rights of individuals when their personal data are processed for scientific purposes. This includes the rights to erasure and object for which limitations may apply when personal data are processed for scientific research purposes. The Board provides examples to explain when the right to erasure can be considered likely to render impossible or seriously impair the objective of conducting scientific research. The EDPB also explains when controllers may reject an individuals’ objection to the processing of their personal data for scientific research purposes. This can be the case when processing is necessary for the performance of a task carried out for reasons of public interest.

The Board recalls that when several entities are involved in the processing of personal data for scientific research purposes, it is necessary to assess and document how responsibilities are allocated among the entities. In this regard, the Guidelines provide useful examples to clarify in which situations entities can qualify as controller, joint controllers or processor.

Finally, the Board explains how controllers can assess the appropriate technical and organisational measures, such as anonymisation or pseudonymisation, when processing personal data for scientific research purposes. The EDPB provides examples of other safeguards that could be implemented depending on the risks posed by the research activities carried out. These include independent or ethical oversight, secure processing environments, privacy enhancing technologies, protective measures for publication of research results, confidentiality arrangements, and conditions for further use.

The guidelines will be subject to public consultation until 25 June, providing stakeholders with the opportunity to comment and provide feedback.

A “sprint team” to finalise the work on anonymisation

To speed up the finalisation of the upcoming guidelines on anonymisation, the Board created a dedicated "sprint team" that will complete the work by the summer.

Europrivacy opinions

The EDPB adopted an Opinion approving the updated set of Europrivacy certification criteria as European Data Protection Seal* pursuant to Art. 42 (5) GDPR. The Board had first approved the Europrivacy certification criteria on 10 October 2022 as the first European Data Protection Seal through the EDPB Opinion 28/2022. The scope of the Europrivacy certification scheme has been extended to include controllers and processors established outside Europe who are subject to Art. 3(2) GDPR, either because they provide goods or services to individuals in Europe or because they monitor their behaviour.

In addition, for the first time, the Board adopted an Opinion recognising the Europrivacy certification criteria as European Data Protection Seal to be used as a tool for transfers in accordance with Art. 42 and 46 GDPR.  Data importers outside Europe who are not subject to the GDPR can now apply to the Europrivacy certification scheme for the transfers of data they receive. This certification will facilitate the fulfillment of the obligation of the controllers and processors in Europe to demonstrate that they provide appropriate safeguards for personal data transfers to third countries or international organisations.

These approvals bring further light on the GDPR certification mechanisms, confirming their key role as GDPR compliance tool.

Note to editors

*The European Data Protection Seal is a GDPR-certification mechanism recognised all over Europe. The Seal must satisfy specific criteria approved by the EDPB and must be granted by a certification body accredited under Art. 43 GDPR to prove compliance with GDPR standards.