CERN’s Legal Framework


How does CERN ensure data protection?

CERN has issued the Operational Circular no. 11 “The Processing of Personal Data at CERN” (OC 11) that constitutes its internal data protection framework, which

  • is built on principles established in CERN’s Member States and in the European Union
  • defines the data rights of individuals (data subjects)
  • defines obligations of CERN when processing personal data

OC 11 applies to:

  • all persons whose Personal Data is processed by CERN
  • all persons and entities processing Personal Data on CERN’s behalf

and is in force since 01.01.2019.

If you prefer an introduction to OC 11 without reading the legal text, have a look at our Essential guide to OC 11.

Does CERN apply GDPR?

No. CERN does not apply the General Data Protection Regulation 2016/679 (GDPR), nor the Swiss Data Protection Act (FADP), nor any other national data protection law. CERN as an Intergovernmental Organisation applies solely its own internal data protection framework, like detailed in the FAQ article mentioned below.