Review of Codes of Conduct
for the PANELFIT project
Presented on 2020-09-14. Internal presentation for the PANELFIT project.
Pranesh Prakash
Affiliated Fellow
Information Society Project, Yale Law School
Karen Soacha
Investigadora
Instituto de Ciences del Mar (ICM-CSIC)
CC-BY-SA 4.0: (copy, share, adapt: sharing is caring)
no proprietary standards or software were used in the making of this slide deck
What is the Code of Conduct for Responsible Research and Innovation?
“a set of basic ethical standards and guidelines for researchers working in the ICT field that could serve as a day-to-day assessment tool” (p. 5)
What is the Code of Conduct for Responsible Research and Innovation?
“an essential tool for researchers who must deal with the challenges addressed by PANELFIT routinely … meant to facilitate the primary aims of ethical compliance from the very beginning, hindering the appearance of ethical and legal issues regarding both data protection and security/cyber-security” (p. 8)
What is the Code of Conduct for Responsible Research and Innovation?
“mainly responding to the issues and gaps detected … based on the materials included in The Guidelines” (p. 18)
What is the Code of Conduct for Responsible Research and Innovation?
“written in strict accordance with the requirements of RRI” (p. 23)
Why this review?
-
Better understand what questions and issues should be addressed through the CCRRI
-
What kinds of Codes of Conduct and other guidance documents already exist that cover such questions and issues
-
How best to move forward creating it.
Methodology
Examples of CoCs
-
Relating to research & data protection
-
Relating to ICTs and AI
-
Relating to RRI
-
Mentioned in the Draft Guideline
Methodology
-
CoC-related issues in the Critical Analysis
-
Academic articles on:
-
CoCs and GDPR
-
CoCs and RRI
-
Codes of Conduct
EU-level, under GDPR
None approved so far under Art. 40 of the GDPR
Codes of Conduct
EU-level, under GDPR
One submitted:
Code of Conduct on Data Protection in Online Gambling.
(In Malta. Multi-year preparation process, and 18-24 months for approval.)
Codes of Conduct
EU-level, under GDPR
Some being submitted for approval, formulated, conceptualized, etc.:
-
EU Cloud Code of Conduct (SCOPE Europe)
-
Code of Conduct on Health Research (BBMRI-ERIC)
-
Code of Conduct on Language Research (CLARIN)
Codes of Conduct
EU-level / EU-funded Guidance on Research
-
RESPECT Code of Practice for Socio-Economic Research.
-
Guidelines on Data Protection Issues Relating to European Socio-Economic Research.
-
European Charter for Researchers.
-
European Code of Conduct for Research Integrity.
-
Global Code of Conduct for Research in Resource-Poor Settings.
Codes of Conduct
EU-level / EU-funded Guidance on Research
-
Code of Practice on Secondary Use of Medical Data in European Scientific Research Projects.
-
Preliminary Opinion on Data Protection and Scientific Research, by the European Data Protection Supervisor.
-
EFAMRO & ESOMAR’s Guidance Note for the Research Sector: Appropriate use of different legal bases under the GDPR.
-
Guidelines for Responsible Research and Innovation.
-
EU Code of Conduct on Agricultural Data Sharing by Contractual Agreement.
Codes of Conduct
EU-level / EU-funded Guidance on Research
The Responsible Innovation Compass project has catalogued 130 publicly funded RRI projects in Europe, including 19 focussed on the ethics component of RRI.
Codes of Conduct
Globally, on AI and Ethics
-
At least 84 sets of ethical guidelines on AI
-
13 from EU member-states and
-
6 from EU institutions
-
Codes of Conduct
CoCs on Research and DP in EU member-states
None approved post-GDPR on research.*
Pre-2018 examples like Dutch "Code of Conduct for the Use of Personal Data in Scientific Research"
*Post-2018 examples exist, like Spain's "Code of Best Practices on Data Protection for Big Data Projects", but that's not focussed on research
Codes of Conduct
Research on CoCs & Research
CoCs weren't successful under DPD.
But hope is GDPR has addressed concerns & incentives.
Codes of Conduct
Research on CoCs & Research
Genomics, Language, Bio-banks, etc.
Benefits of CoCs include harmonization, increase legal certainty due to specificity.
Codes of Conduct
Research on CoCs & Research
Pessimism:
(Koscik & Myska)
"It is difficult to find an institution that would have the mandate to speak for a research community" (ALLEA, EUA?)
Codes of Conduct
Research on CoCs & Research
Pessimism:
"We presume that the adoption of a Europe-wide code of conduct for data protection in research is very unlikely."
Codes of Conduct
Research on CoCs & Research
Pessimism:
"Each research discipline uses specific methods and many scientific disciplines do not need to process personal data at all."
Codes of Conduct
Research on CoCs & Research
However:
"… likely that individual codes of conduct will be adopted for some narrow research fields and specific research-related activities such as biobanking, genomic research, social networks research, and sociological surveys."
CoC-Related Issues in the Critical Analysis
Six issues:
(1) harmonization of data protection practices to enable cross-country research within the EU.
Only Art. 40 CoCs and EDPB guidance can address. Scholarly opinions can't.
Unlikely that non-Art. 40 CoC can address adequately. (Harmonization required.)
CoC-Related Issues in the Critical Analysis
Six issues:
(2) question of when, under which legal bases, and under what circumstances, reuse of personal data for a secondary purpose of research is permissible.
Unlikely that non-Art. 40 CoC can address adequately.
CoC-Related Issues in the Critical Analysis
Six issues:
(3) whether multiple legal bases can be used for processing the same personal data (either simultaneously, or sequentially)
Unlikely that non-Art. 40 CoC can address adequately.
CoC-Related Issues in the Critical Analysis
Six issues:
(4) differentiating between a research subject’s consent for participation in research from consent for processing and use of their personal data
Art. 29 Working Party opinion exists, so that can be incorporated into a non-Art. 40 CoC.
CoC-Related Issues in the Critical Analysis
Six issues:
(5) applicability of data protection laws to deceased persons
Unlikely that non-Art. 40 CoC can address adequately. (Harmonization required.)
CoC-Related Issues in the Critical Analysis
Six issues:
(6) lack of uniformity and clarity on national safeguards for research purposes under Article 89 of the GDPR.
Unlikely that non-Art. 40 CoC can address adequately. (Harmonization required.)
Summary: Findings
Trade-off between width of applicability and depth of guidance.
Summary: Findings
Most CoCs & guidelines on research don't deal with data protection in depth, with some exceptions like EDPS's "Preliminary Opinion" and EFAMRO & ESOMAR’s "Guidance Note for the Research Sector".
Summary: Findings
No extant CoCs under Art. 40
Summary: Findings
Most CoC-related issues raised by Critical Analysis can't be addressed by non-Art. 40 CoCs
Summary: Findings
>130 EU-funded RRI projects exist
(including at least 19 on RRI & ethics, and many guidelines, good practice documents, frameworks, etc.)
Summary: Findings
>84 documents on AI and Ethics
(including at least 19 from the EU region)
Scope
CCRRI is "specifically aimed to produce a set of basic ethical standards and guidelines for researchers working in the ICT field".
But the PANELFIT project aims to "facilitate the implementation of this new regulation" (GDPR).
So we take it that CCRRI should focus on data protection within RRI.
Scope
CCRRI can't be a CoC under Article 40 of the GDPR
CCRRI can't address most of the CoC-related issues in the Critical Analysis
Scope
There are few CoCs on data protection in research, but the PANELFIT Guidelines on Data Protection Ethical and Legal Issues in ICT Research and Innovation will already provide extensive guidance on this issue.
Any CCRRI will need to be distinguished both from existing EC-funded CoCs on RRI, as well as the PANELFIT Guidelines themselves.
Scope
There's a trade-off between being applicable to all forms of research and providing specific guidance.
Contact Details
pranesh@prakash.im soacha@icm.csic.es
@pranesh
@adrisoacha
Review of Code of Conduct forPANELFIT
By Pranesh Prakash
Review of Code of Conduct forPANELFIT
Internal presentation, made on 2020-09-14
- 988