[Taxacom] New EU Policy Regulation (GDPR) and Museum Data Processing

James Beach beach at specifysoftware.org
Tue Apr 24 17:58:20 CDT 2018 

Taxacomers --

The EU's new privacy law, the General Data Protection Regulation (GDPR,
https://www.eugdpr.org/) goes into effect next month. It has legal standing
and non-compliance penalties.  It applies to personal data of EU citizens
wherever they are processed and broadly for almost any reason including in
research databases.  Names, addresses, phone numbers, email addresses,
photos, etc. are considered personal data.

I wonder if any biological collections institutions, particularly in the
EU, are anticipating taking any steps to comply with the GDPR for the
personal data contained in their databases on living, EU collectors,
determiners, or agents in other roles.  Is there more of a wait-and-see
response for how or when personal data in museums are exempted from these
far-reaching safeguards?

The GDPR is large with many detailed proscribed rules. The bit that seems
most applicable to scientific databases is Article 89, Paragraph 2.

* Article 89 *

*Safeguards and derogations relating to processing for archiving purposes
in the public interest, scientific or historical research purposes or
statistical purposes *

[derogations = exemptions]


2. Where personal data are processed for scientific or historical research
purposes or statistical purposes, Union or Member State law may provide for
derogations from the rights referred to in Articles 15, 16, 18 and 21
subject to the conditions and safeguards referred to in paragraph 1 of this
Article in so far as such rights are likely to render impossible or
seriously impair the achievement of the specific purposes, and such
derogations are necessary for the fulfilment of those purposes.

There are a large number of proscribed safeguards and guidelines (i.e.
laws) in the Regulation for handling personal data, e.g. 'Data Subjects'
must actively OPT-IN to approval to use their personal information in
electronic processing. There are many other additional rules when personal
data are being used for research. Most of them seem to aimed at medical
research data sets where personal info is collected for health or
epidemiological studies, etc.

Paragraph 160 in Article 1 seems relevant to biological museums.

Where personal data are processed for historical research purposes, this
Regulation should also apply to that processing. This should also include
historical research and research for genealogical purposes, bearing in mind
that this Regulation should not apply to deceased persons.

Thank goodness for that.😀

I'm curious if GDPR, and what the EU considers 'personal data', is
perceived by any institution particularly in the EU (GBIF?) as an issue for
museum databases.

We are pondering the potential need to comply with these regulations in
future Specify software releases.

Thanks!

Jim B.


James H. Beach
Specify Collections Consortium
Biodiversity Institute
University of Kansas
1345 Jayhawk Boulevard
Lawrence, KS 66045, USA

beach at specifysoftware.org
www.specifysoftware.org
Office: +1 785-864-4645
Cell: +1 785-331-8508
Skype: beach53

Zoom: https://kansas.zoom.us/my/specify

More information about the Taxacom mailing list