This document discusses data protection exemptions and restrictions under Articles 13.1 and 13.2 of the GDPR. Article 13.1 allows member states to restrict certain data protection rights when necessary for national security, defense, public security, criminal investigations, economic interests, regulatory functions, or individual rights. Article 13.2 allows member states to restrict access rights for data processed solely for scientific research or statistics if there is no risk of breaching privacy and adequate legal safeguards are in place. The French Loi Informatique et Libertés law provides specific exemptions for these purposes. Some improvements suggested are to enumerate specific research purposes, define strict limits on research data use, and provide guidelines for "adequate safeguards" and