The term ‘research activity’ does not have a clear-cut definition in the legal framework. According to Recital 159 GDPR, “the processing of personal data for scientific research purposes should be interpreted in a broad manner including for example technological development and demonstration, fundamental research, applied research and privately funded research”.
The European Data Protection Supervisor (EDPS) identifies the main goal of research activities in “growing society’s collective knowledge and wellbeing, as opposed to serving primarily one or several private interests”. Hence, it seems that the mere research of new commercial technology might not amount to ‘research activity’ under the current legal framework (see subsection “Data protection and scientific research” in the Concepts section of the General part of these Guidelines).
1European Data Protection Supervisor, ‘A Preliminary Opinion on Data Protection and Scientific Research’ (European Data Protection Supervisor, 6 January 2020). ↑