Against the common perception of data protection as a road-block, we demonstrate that the GDPR can work as a research enabler. This study demonstrates that European data protection law's regulatory pillars, the first related to the protection of the fundamental right to data protection and the second regarding the promotion of the free flow of personal data, result into an architecture of layered data protection regimes, which come to tighten or relax data subjects’ rights and data protection safeguards vis à vis processing activities differently grounded in public or merely economic interests. Each of the identified data protection regimes shape different “enabling regulatory spots” for the processing of sensitive personal data for research purposes.

与普遍认为数据保护是一个障碍相比，我们证明了GDPR可以作为研究的推动者。这项研究表明，欧洲数据保护法的监管支柱，第一条与保护数据保护的基本权利有关，第二条与促进个人数据的自由流动有关，形成了分层的数据保护制度的体系结构。针对基于公共利益或仅出于经济利益的不同处理活动，收紧或放松数据主体的权利和数据保护保障。每种确定的数据保护制度都会形成不同的“授权监管点”，以处理出于研究目的的敏感个人数据。