- to help humanities and social sciences researchers understand the legal mechanisms that impact their research and
- to provide them with the right habits and tools when they are led to process personal data.
‘‘Information technology should be at the service of every citizen. […] It shall not violate human identity, human rights, privacy, or individual or public liberties’’
In 1978, France passed its legislation on Information Technology, Data Files and Civil Liberties, aka Data Protection Act, whose wording, taken from its first article, reflects its humanist inspiration. Forty years later, it is the same spirit that drives the General Data Protection Regulation (GDPR) that came into force on 25 May 2018.
This text makes the European Union the area in the world where personal data are most strongly protected, at a time when some excesses of the digital revolution made it necessary to return to fundamental values centred on respect for the human person.
In connection with the many issues addressed by the GDPR, scientific research has a crucial status and the European legislature used a balanced approach in this respect. While the main principles of personal data protection apply to research activities, the text also recognises their legitimacy and seeks to produce a specific regime offering researchers a specific flexibility. The GDPR thus provides for the compatibility between the protection of fundamental rights and the conduct of research activities, without antagonising one against the other.
The purpose of this Guide is to provide the research communities in the Humanities and Social Sciences with resources to appropriate this new personal data protection legal background. Written with researchers for researchers, it outlines the rules to be used at each stage of the data life cycle and identifies good practices to be implemented based on practical examples.
The humanities and social sciences use materials (statistics, surveys, interviews, archives, etc.) that frequently contain personal data requiring special precautions more than any other scientific disciplines. This is why Ms Gaëlle Bujan, the CNRS Data Protection Officer wanted to work with the INSHS first and foremost to produce this guide. We would like to thank her and all those who participated in its development.
This document shows in particular that researchers are not alone in facing the imperative of data protection. Many infrastructures like Huma-Num, Progedo, CASD (Centre d’Accès Sécurisé aux Données) or CINES (Centre Informatique National de l’Enseignement Supérieur) already provide researchers with data management solutions. These are valuable resources in which the CNRS is involved, with the conviction that sharing is a priority.
The CNRS Institute for Humanities and Social Sciences is set to support research units in this transition period because data protection and privacy are a major issue for the 21st century. The GDPR relies on a principle of accountability of those involved, and it is above all our common responsibility to build the services of the CNRS Data Protection Officer,
through close collaboration between individual researchers, unit directors, research infrastructures, and all the professionals committed to this endeavour.
This guide demonstrates that acting in accordance with the GDPR is not only a matter of compliance with the legislation, although this dimension is essential. The good practices it implies in the collection, processing, storage and dissemination of data also have an epistemological dimension, their appropriation is possible in each discipline, and can contribute to the advancement of Science in itself.
Director of the InSHS of the CNRS
This guide was developed by: