Data protection principles
Data protection principles in Germany
1. freedom of research and informational self-determination
"In Germany, freedom of research is a constitutional right. According to Article 5, Paragraph 3, Sentence I of the Basic Law: "Art and science, research and teaching are free." They may therefore not be subject to any arbitrary restrictions. [...]. If the research involves the collection, processing or use of personal data, the rights of those affected (data subjects) and in particular their right to informational self-determination must also be taken into account in an appropriate manner" (RatSWD 2017, Handreichung Datenschutz, p. 6).
2. prohibition with reservation of permission
"In principle, the collection, processing and use of personal data is prohibited in Germany and only permitted under certain conditions" (RatSWD 2017, Handreichung Datenschutz, p. 6).
3 Principles for scientifically induced interference with the right to informational self-determination
"If personal data is collected, processed and/or used in research projects, the interests of the data subjects must be weighed against those of science" (RatSWD 2017, Handreichung Datenschutz, p. 6f.):
a) Community interest
b) Principle of suitability
c) Principle of necessity
d) Prohibition of excessiveness/proportionality
e) Choice of the mildest means
f) Data avoidance and data minimization
4. principle of consent
"The principle of consent stipulates that personal data may not be processed without the consent of the data subject, unless the processing takes place on the basis of and within the framework of a legal provision (KVI 2001, p. 19). In the absence of such a legal provision, the collection, processing and use of personal data may only take place with the prior consent of the data subject(s). [...]. A valid declaration of consent must be based on a free decision of the data subject's will" (RatSWD 2017, Handreichung Datenschutz, p. 7).
Content of this declaration of consent: for this purpose, they must be informed about the reason and implementation of the data collection, processing and use in a way that is understandable for the data subjects (keyword: simple language); clarification and meaning of their consent, information about the possibility of refusal or revocation for the future (RatSWD 2017, Handreichung Datenschutz, p. 7.).
5 Principle of purpose limitation
"Personal data may only be processed and used for the purpose for which it was collected (identity of purpose). This excludes the collection and storage of data for a specific purpose. Data processing for a purpose other than the one originally defined is only permitted as a change of purpose or a breach of purpose on a legal basis or with the consent of the data subject (BfDI 2005)" (RatSWD 2017, Handreichung Datenschutz, p. 7.).
Basic concepts of data protection for research
- Personal data
Personal data are "individual details about personal or factual circumstances of an identified or identifiable natural person (data subject)" (Section 3 (1) BDSG). → all information that says something about a person (RatSWD 2017, Handreichung Datenschutz, p. 13.)
- Sensitive personal data
"In addition to the basic protection of personal data, data protection laws provide special protection for sensitive data (i.e. data that harbors specific risks for data subjects). This data is referred to as special types of personal data (Section 3 (9) BDSG). This group of data includes
- ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- Information on health
- Information on sexual life" (RatSWD (2017): Data protection handout, p. 13f.)
- Anonymization
"Anonymization refers to the modification of personal data in such a way that the individual details about personal or factual circumstances can no longer be attributed to a specific or identifiable natural person, or only with a disproportionate amount of time, cost and effort (see Section 3 (6) BDSG).
Data protection law thus essentially distinguishes between two variants of anonymization:
(a) data can no longer be assigned to a natural person and
(b) Data can only be assigned to a natural person with disproportionate effort. Both variants are considered effectively anonymized, meaning that such data is no longer personal and no longer falls within the scope of the BDSG or the LDSG" (RatSWD 2017, Handreichung Datenschutz, p. 14).
Different methods of anonymization can be considered: modification and reduction of the information content of the data itself → deletion of the identification features, aggregation of characteristics or masking.
- Pseudonymization
"Pseudonymization is the replacement of the name and other identifying features with an identifier for the purpose of excluding or significantly complicating the identification of the data subject" (Section 3 (6a) BDSG). As it is still possible in principle to combine persons and data, pseudonymized data is still personal data.
In the case of pseudonymization, the direct identifiers are not permanently removed. Instead, they are replaced by a (new) combination of numbers or letters, which is usually assigned using a specific key. Subsequently, the persons can be de-anonymized via the corresponding key bridge. A distinction is made between 'speaking' and 'non-speaking' pseudonyms; the former retain a comparable meaning (e.g. replacing a female first name with another) and therefore have more potential for analysis" (RatSWD 2017, Handreichung Datenschutz, p. 15).