Eesti Rakenduslingvistika Ühingu Aastaraamat (Apr 2021)

Isikuandmeid sisaldavate keeleandmete jagamisega seonduv õiguslik raamistik: teadlase ja teadusasutuse kohustused ning vastutus

  • Aleksei Kelli,
  • Kadri Vider,
  • Arvi Tavast,
  • Krister Lindén,
  • Paweł Kamocki,
  • Ramūnas Birštonas,
  • Penny Labropoulou,
  • Silvia Calamai,
  • Gaabriel Tavits,
  • Mari Keskküla,
  • Irene Kull,
  • Merle Erikson,
  • Carri Ginter,
  • Age Värv,
  • Andres Vutt

DOI
https://doi.org/10.5128/ERYa17.06
Journal volume & issue
Vol. 17
pp. 99 – 121

Abstract

Read online

Uuring keskendub isikuandmeid sisaldavate keeleandmete jagamisele, mis kujutab endast isikuandmete töötlemist. Rahvusvahelises praktikas ei ole üheselt selge, kuidas jaguneb vastutus isikuandmete töötlemise eest konkreetse teadlase ja teadusasutuse vahel. Näiteks erineb Prantsusmaa ja Saksamaa mudel Eesti, Leedu ja Soome mudelist. Omalaadset lähenemist pakub Kreeka mudel. Üldiselt vastutab isikuandmete töötlemise eest tööandja (organisatsioon ehk juriidiline isik). Samas on teadustööl oma spetsiifika, mida iseloomustab akadeemiline vabadus ja ka teadlaste mobiilsus. Olukorra muudab keerukamaks keeleandmete jagamine läbi teadusvõrgustike nagu CLARIN. Käesolevas uuringus analüüsivad autorid kohustuste ja vastutuse jaotust teadlase ja teadusasutuse (sh teadusvõrgustike) vahel. Autorid analüüsivad samuti, kuidas peaks isikuandmete kaitse perspektiivist toimuma andmete jagamine. Oluline on selgitada, kas andmete andja ja saaja on mõlemad vastutavad töötlejad (kaasvastutavad töötlejad) ning kuidas jaguneb vastutus andmete jagamisel. Analüüsi autorid on interdistsiplinaarse ja rahvusvahelise taustaga, kattes erinevaid õigusvaldkondi (andmekaitse, tööõigus, lepinguõigus) ja jurisdiktsioone (Eesti, Itaalia, Kreeka, Leedu, Prantsusmaa, Saksamaa, Soome) ning keeletehnoloogiat. *** Legal framework for the sharing of linguistic data containing personal data: Obligations and responsibilities of the researcher and the research organization The study focuses on the sharing of linguistic data containing personal data, which is the processing of personal data. Therefore, the requirements of the General Data Protection Regulation (GDPR) must be complied with. Compliance with these requirements is the responsibility of the controller, who may use the assistance of processors to process the data. In international practice, it is not clear how the responsibility for the processing of personal data is divided between a specific researcher and a research institution. For example, the French and German models differ from the Estonian, Lithuanian and Finnish models. The Greek model offers a unique approach. In general, the employer (organization or legal entity) is responsible for the processing of personal data. At the same time, research has its own specificity, which is characterized by academic freedom and as well as mobility of researchers. The situation is further complicated by the sharing of language data through research networks such as CLARIN. In the present study, the authors analyze the division of duties and responsibilities between the researcher and the research institution (including research networks). The authors also analyze how data sharing should take place from a personal data protection perspective. It is important to clarify whether the data provider and the data recipient are both controllers, joint controllers or the recipient is the processor and how the responsibility for data sharing is shared. The authors of the analysis have an interdisciplinary and international background, covering different areas of law (data protection, labor law, contract law) and jurisdictions (Estonia, Italy, Greece, Lithuania, France, Germany, Finland) and language technology.

Keywords