AUSSDA discusses the GDPR @ the Austrian Climate Day

08.05.2018

Sebastian Seebauer (JOANNEUM RESEARCH) and Dimitri Prandner (AUSSDA ) co-moderated a workshop on data protection and the implications of the General Data Protection Regulation (GDPR) at the 19th Austrian Climate Day. Guiding questions were: Which information falls under the GDPR, what does it mean for my work and what is being discussed in the media?

The Climate Change Centre Austria hosted the 19th Austrian Climate Day at the University of Salzburg and offered more than just spectacular spring weather. The annual conference encourages an open dialogue between researchers, policy makers and the public to create a deeper awareness of the dangers of climate change, while providing the opportunity to engage with a broader scientific community outside the confinements of conferences hosted by organizations firmly rooted in specific fields.

A great chance for AUSSDA to co-host a workshop on data protection and gain insight into the communities’ worries when it comes to the changes the GDPR will bring. This was only days after a public debate concerning potential issues that may arise as local laws interfere with the general intent of the GDPR.

Thus the aim of the workshop was clear: bring together people from different fields and discuss the implications of the General Data Protection Regulation within the Austrian context. The ten participants came not only from medical research, geography and the social sciences, but also from infrastructure and logistic enterprises - all highly qualified scholars and professionals eager to discuss their challenges that have arisen with the new laws. The core issues articulated and discussed in the session were:

  • The uncertainty about the implementation of the GDPR in many fields
  • The need to clarify what types of consent and limitations of consent exist and need to be given
  • The kinds of materials  affected by the GDPR
  • The kind of data that can be saved and how data collected in the past are affected by the regulation
  • Establishing “best practice” scenarios in participants’ organizations  

The first point arises from the fact that there are hundreds of affected paragraphs and new legal text has been written in various European countries. As some of these texts are phrased in a very general language and have to be seen in context to each other, there is a certain amount of uncertainty, which will take time and practical experience to resolve.

Secondly, questions about informed consent and the fact that the person providing data has to fully comprehend what will be done with his or her information can also pose a challenge, especially when it comes to publically available datasets and datasets that public institutions created in conjuncture with private organizations, as well as researchers. To address this issue, AUSSDA is currently drafting documents that can be used to get informed consent from participants. This does not only concern research data, but has to be considered in everyday work, since even mailing lists are concerned. It is crucial to make it possible to work with data, archive it, as well as publish it within specific licenses.

The third topic proved to be another tricky problem, as all the information gathered from and about individuals is affected by the laws that tie into the GDPR and has to be processed in very specific ways to pass anonymization. Rule of thumb: If you can break it down to describe a specific individual, it falls under the legislation tied to the GDPR.

The fourth point is equally problematic: Individuals have tons of material that has been accumulated over decades of work and research. There are countless files on shared drives, be they shared servers within organizations or cloud-based solutions like Dropbox, Google Drive or OneDrive. The GDPR also applies to those files and uncertainty regarding how consent may be managed remains.

All those problems may be seen as facets of one central topic: What can we do and what shall we do – as researchers, as individuals, as members of society – to protect the rights of each one who is involved when data is created. What normative wishes do we articulate? The simple conclusion was: Do our best to keep the raw data limited to as few people as possible; think about what kind of information we would be willing to share on our own and how to create insight without creating oversight.

Building of the faculty of natural sciences of the University of Salzburg

The faculty of natural sciences of the University of Salzburg hosted the Climate Day 2018 (photo: Dimitri Prandner)

Seite einer Flipchart mit verschiedenen Punkten, die in einem Brainstorming entstanden sind

Bei einem Brainstorming erarbeiteten die Teilnehmenden einige Ideen zu "Good Practice" im Datenschutz (Foto: Dimitri Prandner)