Researchers at European universities should stop sharing personal data with China in the wake of the European Union’s new laws on data protection, experts have warned.
Henk Kummeling, rector magnificus and professor of law, economics and governance at Utrecht University in the Netherlands, said that sharing research data with China could be problematic if the information “relates to a living, natural person who can be identified on the basis of this data”.
The EU General Data Protection Regulation, which was implemented in May and is applicable in research contexts, sets up a strict framework for the processing of personal data, including the transfer of such data to countries outside the EU.
It states that explicit consent must be acquired from the data subjects before sharing personal data, and also that transfer of data may take place if the transfer is “not repetitive” and “concerns only a limited number of data subjects”, alongside other conditions.
Professor Kummeling said that Dutch universities were already having “tremendous difficulties in implementing the GDPR in our own domestic situation, let alone…when it comes to all kinds of international cooperations”.
“There is a lot of work to be done there, and a lot of research institutions are not fully aware of what the implications will be of GDPR,” he said during a seminar on research cooperation between China and Europe, organised by Utrecht University and the Centre for Global Higher Education.
He added: “Transfers of personal data to China seem to be complicated…and given the current situation, it might be hard to ensure appropriate safeguards and to maintain the protection required by the EU.”
Stijn van Deursen, research assistant at Utrecht University, said that China had “no coherent framework regarding the protection of personal data”, which he admitted might “hamper research progress” between Europe and China.
“The rule of law seems to be less well established in China…and therefore many agreements concluded between universities and researchers may be affected by all kinds of governmental forces, which, of course, decreases the chances of setting up safeguards in order to ensure data protection,” he told the event, which took place at the University of Oxford.
When asked what the new laws will mean for existing Sino-European research cooperation, Mr van Deursen said: “In cases [where] the research does involve personal data, then it is very problematic to share with China. You should stop sharing data with China or with any other countries that do not live up to EU standards.”