ISIKUANDMEID SISALDAVATE KEELEANDMETE JAGAMISEGA SEONDUV ÕIGUSLIK RAAMISTIK: TEADLASE JA TEADUSASUTUSE KOHUSTUSED NING VASTUTUS

The study focuses on the sharing of linguistic data containing personal data, which is the processing of personal data. Therefore, the requirements of the General Data Protection Regulation (GDPR) must be complied with. Compliance with these requirements is the responsibility of the controller, who may use the assistance of processors to process the data. In international practice, it is not clear how the responsibility for the processing of personal data is divided between a specific researcher and a research institution. For example, the French and German models differ from the Estonian, Lithuanian and Finnish models. The Greek model offers a unique approach. In general, the employer (organization or legal entity) is responsible for the processing of personal data. At the same time, research has its own specificity, which is characterized by academic freedom and as well as mobility of researchers. The situation is further complicated by the sharing of language data through research networks such as CLARIN. In the present study, the authors analyze the division of duties and responsibilities between the researcher and the research institution (including research networks). The authors also analyze how data sharing should take place from a personal data protection perspective. It is important to clarify whether the data provider and the data recipient are both controllers, joint controllers or the recipient is the processor and how the responsibility for data sharing is shared. The authors of the analysis have an interdisciplinary and international background, covering different areas of law (data protection, labor law, contract law) and jurisdictions (Estonia, Italy, Greece, Lithuania, France, Germany, Finland) and language technology.