[Extract] To reproduce study findings and facilitate new discoveries, many funding bodies, publishers, and professional communities are encouraging—and increasingly requiring—investigators to deposit their data, including individual-level health information, in research repositories. For example, in some cases the National Institutes of Health (NIH) and editors of some Springer Nature journals require investigators to deposit individual-level health data via a publicly accessible repository (1, 2). However, this requirement may conflict with the core privacy principles of European Union (EU) General Data Protection Regulation 2016/679 (GDPR), which focuses on the rights of individuals as well as researchers' obligations regarding transparency and accountability.
The GDPR establishes legally binding rules for processing personal data in the EU, as well as outside the EU in some cases. Researchers in the EU, and often their global collaborators, must comply with the regulation. Health and genetic data are considered special categories of personal data and are subject to relatively stringent rules for processing.