[Purpose/significance] This paper provides reference for the protection of personal data in the process of open sharing of scientific data in China by analyzing the relevant provisions of the European Union's General Data Protection Law (GDPR).[Method/process] Using text analysis method, this paper reviewed the researches of GDPR and personal data protection, and analyzed the applicabilities of and the functions of GDPR to personal data protection in open sharing of scientific data and its enlightenments to China.[Result/conclusion] GDPR has many normative functions for the personal data protection in open sharing of scientific data, including defining the basic concepts of personal data protection and the scope of protection objects, the main principles, the main rights of the data subjects, the main responsibilities and obligations of the data controllers and processors, and laying the legitimacy foundation of personal data processing. GDPR's enlightenment to China is that we should establish and perfect the legal system of personal data protection in China, strengthen the risk management of personal data in open sharing of scientific data, and build a dynamic and traceable open sharing system of scientific data, so as to realize the protection of personal data in open sharing of scientific data in China.
[1] LAMBERT P. Understanding the new European data protection rules[M].Boca Raton:CRC Press, 2018:35.
[2] THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)[EB/OL].[2020-08-04]. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679.
[3] BREITBARTH P. The impact of GDPR one year on[J].Network security,2019(7):11-13.
[4] 中国电子技术标准化研究院.《信息安全技术个人信息安全规范》(2020年版)国家标准正式发布[EB/OL].[2020-08-06].http://www.cesi.cn/202003/6213.html.
[5] 王比学.个人信息保护法已列入立法规划[N].人民日报,2019-06-05(4).
[6] PASQUETTO I V, RANDLES B M, BORGMAN C L. On the reuse of scientific data[J].Data science journal,2017,16(8):1-9.
[7] PAUL Q, LIAM Q. Big genetic data and its big data protection challenges[J].Computer law & security review, 2018,34(5):1000-1018.
[8] SULLIVAN C. EU GDPR or APEC CBPR? a comparative analysis of the approach of the EU and APEC to cross border data transfers and protection of personal data in the IoT era[J]. Computer law & security review, 2019,35(4):380-397.
[9] 李明阳.论欧盟通用数据保护制度与中国的法律应对——以《通用数据保护条例》为切入点[D].上海:华东政法大学,2019:12-14.
[10] 金晶. 欧盟《一般数据保护条例》:演进、要点与疑义[J].欧洲研究,2018, 36(4):1-26.
[11] 欧洲数据保护委员会,敖海静.关于《一般数据保护条例》适用的地域范围的指南[J].经贸法律评论,2020(2):135-158.
[12] SHARMA S. Data privacy and GDPR handbook[M]. Hoboken:John Wiley & Sons, Inc.,2020.
[13] ZIEGLER S, EVEQUOZ E, HUAMANI A M P. The impact of the European General Data Protection Regulation (GDPR) on future data business models:toward a new paradigm and business opportunities[M]//AAGAARD A. Digital business models:driving transformation and innovation. Cham:Springer Nature Switzerland AG,2019:201-226.
[14] 丁晓东.什么是数据权利?——从欧洲《一般数据保护条例》看数据隐私的保护[J].华东政法大学学报,2018(4):39-53.
[15] 王雪乔.论欧盟GDPR中个人数据保护与"同意"细分[J].政法论丛,2019(4):136-146.
[16] 吴琳玲.欧盟2016年《一般数据保护条例》研究[D].武汉:武汉大学,2017.
[17] 刘江山.欧盟通用数据保护条例中的数据保护官制度[J].中国科技论坛,2019(12):173-179.
[18] 杨雪.欧盟法中的个人数据保护问题研究——以欧盟跨境流动数据的保护为核心[D].北京:外交学院,2017.
[19] 沈煜昊.欧盟《一般数据保护条例》中的数据可携权研究[D].上海:上海外国语大学,2019.
[20] POLITOU E, MICHOTA A, ALEPIS E, et al. Backups and the right to be forgotten in the GDPR:An uneasy relationship[J]. Computer law & security review,2018,34(6):1247-1257.
[21] 卢冰洋.欧盟《通用数据保护条例》中被遗忘权制度研究[D].上海:上海师范大学,2020.
[22] 耿希,顾翠峰,马俊坚.欧盟《一般数据保护条例》对我国患者隐私保护的启示[J].中国医学伦理学,2019,32(8):1000-1003,1009.
[23] MULDER T,TUDORICA M. Privacy policies, cross-border health data and the GDPR[J]. Information & communications technology law, 2019,28(3):261-274.
[24] BIEKER F, MARTIN N, FRIEDEWALD M, et al. Data protection impact assessment:a hands-on tour of the GDPR's most practical tool[C]//HANSEN M, KOSTA E, NAI-FOVINO I, et al. Privacy and identity management:the smart revolution. Cham:Springer International Publishing AG, 2018:207-220.
[25] CORTINA S, VALOGGIA P, BARAFORT B. Designing a data protection process assessment model based on the GDPR[C]//WALKER A, O'CONNOR R V, MESSNARZ R. Systems, software and services process improvement. Cham:Springer Nature Switzerland AG, 2019:136-148.
[26] 许鑫,毛璐.科研数据出版中的数据保护问题研究——基于欧盟GDPR的启示[J].信息资源管理学报,2010,10(2):99-106.
[27] 陆康,刘慧,任贝贝,等.智慧图书馆用户数据隐私保护研究——基于《中华人民共和国网络安全法》和《一般数据保护条例》的文本启示[J].图书馆理论与实践,2020(3):17-21.
[28] LOIDEAIN N N. A port in the data-sharing storm:the GDPR and the Internet of things[J]. Journal of cyber policy, 2019,4(2):178-196.
[29] 林凌,李昭熠.个人信息保护双轨机制:欧盟《通用数据保护条例》的立法启示[J].新闻大学,2019(12):1-15,118.
[30] 商希雪.超越私权属性的个人信息共享——基于《欧盟一般数据保护条例》正当利益条款的分析[J].法商研究,2020,37(2):57-70.
[31] 许济沧,安小米,孙嘉睿,等.基于GDPR的个人数据保护企业自评指标体系研究[J].图书情报工作,2018,62(23):113-118.
[32] DEURSEN S, KUMMELING H. The new silk road:a bumpy ride for Sino-European collaborative research under the GDPR?[J].Higher education, 2019,78(5):911-930.
[33] SHABANI M, BORRY P. Rules for processing genetic data for research purposes in view of the new EU General Data Protection Regulation[J]. European journal of human genetics, 2018, 26(2):149-156.
[34] DEMOTES-MAINARD J, CORNU C, GUERIN A, et al. How the new European data protection regulation affects clinical research and recommendations?[J].Therapie,2019, 74(1):31-42.
[35] DE HERT P, GUTWIRTH S. Privacy, data protection and law enforcement:opacity of the individual and transparency of power[M]//CLAES E, DUFF A, GUTWIRTH S. Privacy & the criminal law. Oxford:Intersentia, 2006:61-104.
[36] BLUME P. The citizens' data protection[EB/OL].[2020-08-06]. https://warwick.ac.uk/fac/soc/law/elj/jilt/1998_1/blume/.
[37] WALTERS R, TRAKMAN L, ZELLER B. Data protection law:a comparative analysis of Asia-Pacific and European approaches[M]. Gateway East:Springer Nature Singapore Pte Ltd.,2019:15.
[38] DOVE E S. The EU General Data Protection Regulation:implications for international scientific research in the digital era[J]. Journal of law, medicine & ethics,2018,46(4):1013-1030.
[39] LEENES R. Do they know me? deconstructing identifiability[J].University of Ottawa law and technology journal, 2007,4(1/2):135-161.
[40] EUROPEAN COMMISSION. Guidelines on open access to scientific publications and research data in horizon 2020(version 3.2)[EB/OL].[2020-08-06]. https://ec.europa.eu/research/participants/data/ref/h2020/grants_manual/hi/oa_pilot/h2020-hi-oa-pilot-guide_en.pdf.
[41] MONDSCHEIN C F, MONDA C. The EU's General Data Protection Regulation (GDPR) in a research context[M]//KUBBEN P, DUMONTIER M, DEKKER A. Fundamentals of clinical data science. Cham:Springer Nature Switzerland AG,2019:55-71.
[42] PURTOVA N. The law of everything:broad concept of personal data and overstretched scope of EU data protection law[J].Law, innovation and technology,2018,10(1):40-81.
[43] 申晓雨,吴雅涵.从谷歌被罚看GDPR数据隐私保护[J].法人,2019(4):98-100.
[44] RADBOUD UNIVERSITY. FAQ GDPR in research[EB/OL].[2020-08-01]. https://www.ru.nl/rdm/gdpr-research/faq-gdpr-research/.
[45] What is a data subject?[EB/OL].[2020-08-06]. https://eugdprcompliant.com/what-is-data-subject/.
[46] 盛小平,吴红.科学数据开放共享活动中不同利益相关者动力分析[J].图书情报工作,2019, 63(17):40-50.
[47] 中华人民共和国民法典[EB/OL].[2020-08-07]. http://www.npc.gov.cn/npc/c30834/202006/75ba6483b8344591abd07917e1d25cc8.shtml.
[48] 刁胜先,何琪.论我国个人信息泄露的法律对策——兼与GDPR的比较分析[J].科技与法律, 2019(3):49-57.
[49] HERT P, PAPAKONSTANTINOU V. The data protection regime in China:in-depth analysis[R]. Brussels:European Union,2015.
[50] KATULIC' T, KATULIC' A. GDPR and the reuse of personal data in scientific research[C]//SKALA K, KORICIC M, GRBAC T G, et al. 201841st international convention on information and communication technology, electronics and microelectronics (MIPRO). Rijeka:Croatian Society for Information and Communication Technology, Electronics and Microelectronics-MIPRO, c2018:1311-1316.
[51] 肖冬梅,谭礼格.欧盟数据保护影响评估制度及其启示[J].中国图书馆学报,2018,44(5):76-86.
