Regulating Data Access for Criminological Research Purposes

Abstract

Today, we are witnessing the development of a data -based economy that perceives (personal) data as an extremely important asset, if not a new currency. The importance of large databases of (personal) data has been recognised not only by the private sector, which develops its products and services based on data and increases its productivity, but also by organisations operating in the public interest. In the field of scientific research, newly available datasets have revolutionised the scientific method, and universities and research organisations are not only using data collected directly for research purposes, but also data originally created for other-than-research ends. However, in the latter category of "secondary use," researchers are facing immense challenges. Despite the European Union having recognised the importance of personal data for scientific research purposes in its legislation, and its Member States have followed such guidance by adapting their domestic legislation accordingly, in practice, many requests for access to data for scientific purposes are still met with doubt or refused without justification whatsoever. This article aims to shed some light on the issue of access to (mostly personal) data for scientific research purposes. It first describes the importance of (personal) data for criminological research. It follows with the outline of the European legislative framework, focusing on the General Data Protection Regulation (GDPR) and the exemption for scientific research purposes as enshrined in its Article 89(1), and then continues with the analysis of legal solutions in the selected EU countries, including the Slovenian. It concludes with a discussion on the effectiveness of the European legislative frameworks, highlighting solutions de lege ferenda.