Big Tech Platforms in Health Research: Re-purposing Big Data Governance in Light of the GDPR’s Research Exemption

The emergence of a global industry of digital health platforms operated by Big Tech corporations, and its growing entanglements with academic and pharmaceutical research networks, have raised increasingly pressing questions on the capacity of current data governance models, regulatory and legal frameworks to safeguard the sustainability of the health research ecosystem. In this article, we direct our attention towards the challenges faced by the General Data Protection Regulation (GDPR) in Europe to regulate the potentially disruptive engagement of Big Tech platforms in health research. The GDPR ushers in a rather flexible regime for scientific research through a number of exemptions to otherwise stricter data protection requirements, while providing a very broad interpretation of the notion of ‘scientific research’. In fact, we contend, the breadth of these exemptions combined with the ample scope of this notion can open up a ‘regulatory backdoor’ that could provide unintended leeway to a number of privacy-infringing and socially disruptive practices carried out by Big Tech platforms in the health domain. Accordingly, we propose further finer-grained distinctions to be traced within this broadly construed framing of scientific research, geared to the implementation of use-based data governance frameworks that demarcate health research activities to be carried out within a facilitated data protection regime from those to subject to more stringent requirements. On the basis of our analysis, it is our contention that a ‘re-purposing’ of big data governance approaches in health research is needed if European nations are to promote research activities within a framework of high safeguards for both individual citizens and society.