European Union: European Data Protection Board closes consultation on guidelines on processing of personal data for scientific research purposes

On 25 June 2026, the European Data Protection Board (EDPB) closes the consultation on the guidelines on processing of personal data for scientific research purposes. The guidelines apply to all controllers and processors engaged in scientific research within the European Economic Area, including commercial entities. The guidelines require controllers to demonstrate that their activities are genuinely scientific by satisfying six key-indicative factors, including methodical approach, ethical adherence, verifiability, and independence. Further processing for scientific research is presumed compatible with the original purpose, removing the need for a separate compatibility test, though a lawful basis must still be established. Broad or dynamic consent may be used where research purposes are not fully known at the time of collection, subject to additional safeguards such as independent oversight and ongoing transparency. Private entities may rely on public interest or legitimate interest as a legal basis, with significant weight to be given to genuine scientific research in the balancing test. Controllers are also required to anonymise or pseudonymise personal data wherever possible, adopt appropriate safeguards proportionate to the risks involved, maintain transparency throughout the processing period, and document the allocation of responsibility where multiple entities are involved.