Privacy Glossary

Administrative law measures such as disciplinary proceedings, withdrawal of a permit (e.g. withdrawal of a professional licence, withdrawal of a restaurant patent), administrative fines (e.g. fines for failure to remedy a defect in a motor vehicle in time), debt collection (e.g. collection of a tax claim), coercive measures (e.g. deportation of a rejected asylum seeker).

Personal data is anonymous if all information that would make a person identifiable again is irrevocably destroyed and the reference of the individual is thus irreversibly removed. This is the case when it is no longer possible for anyone to assign the data to a specific person or only with a disproportionate expenditure of time, cost and labour.

The deletion of direct identification features such as name and address is indispensable for anonymisation. However, it is often not sufficient to remove only the name and address of the respondent, if the combination of the other data collected about him/her makes it possible to draw conclusions about his/her person. Instead, the data must be replaced by more general data (feature aggregation).

Examples of feature aggregation:

• Do not use the exact date of birth for information on age. If possible, age categories should be formed (e.g. 15-20, 21-25, 26-30).
• Do not use the exact job title when indicating the profession. Wherever possible, occupational categories should be created (e.g. academics, craftsmen; technology, law, finance).
• In the case of health-related information, refrain from giving precise details. As far as possible, categories should be formed (e.g. weight categories).

A decision is considered automated when it is is taken without any human intervention, that is solely on the basis of automated processing and when it produces legal effects or material adverse affects on the data subject. This characterization assumes that there is no review of the content of the decision by a natural person.

Examples:

• automated rejection of a credit or insurance application
• the automatic decision on a salary increase based on performance data on employees

Data which are obtained by means of special technical procedures relating to the physical, physiological or behavioural characteristics of a natural person and which enable or confirm the unique identification of that natural person (Art. 4 No. 14 EU GDPR).

Examples:

• Facial image
• Fingerprint
• tooth imprint
• Iris of the eyes

A person is capable of judgement within the meaning of the law if he or she does not lack the capacity to act rationally by virtue of being under age or because of a mental disability, mental disorder, intoxication or similar circumstances (Art. 16 ZGB).

According to the law, a child is capable of decision if, on the one hand, it has the intellectual capacity to recognise the meaning, purpose and effects of a particular action. On the other hand, it must have the ability to act according to its free will in accordance with reasonable knowledge. It is therefore a matter of establishing a certain mental-psychological maturity.

Decision-making competence is relative, i.e. it is judged in connection with the individual abilities of the child and the concrete decision. The guideline values given by legal doctrine for the beginning of the ability to judge in relation to physical interventions vary between 10 and 14 years.

If data are to be further processed for a purpose other than that for which they were collected, there is a change of purpose. The data subject must be informed of the other purpose before his/her data are further processed (Section 9 IDG; Articles 13, 14 EU-GDPR).

Collection is the activity that makes the data known and available to others.

Examples:

• Interview of test persons
• Filling out questionnaires
• Answering questions using a survey tool
• Observation of test persons
• Filming of test persons

The UZH receives data and has access to this data.

Consent is any voluntary, informed and unequivocal expression of will in the specific case, in the form of a statement or any other unequivocal affirmative act by which the data subject indicates his or her consent to the processing of personal data relating to him or her.
(Art. 4 Nr. 11 EU-GDPR)

Consent must be given without compulsion and in advance. It requires no form. It is advisable, however, to document consent in as much evidence as possible.

Example of a declaration of consent (UZH internal use only): Declaration of consent for research projects.

The controller is the natural or legal person, authority, institution or other body which alone or jointly with others determines the purposes and means of the processing of personal data (Art. 4 No. 7 EU-DSGVO).

Especially:

• the opening, conducting and closing of criminal proceedings
• convictions by criminal justice authorities (fines, fines, imprisonment, security measures)

Data protection is the protection of privacy and personal rights, the protection against improper data processing or, in general, the right of a person to determine who may process which of the person's personal data, when, for what purpose, and to whom the data may be disclosed and where and for how long they are stored.

Data protection:

• Protection against improper data processing
• Protection of the right to informational self-determination
• Protection of personal rights in data processing
• Privacy protection

Disclosure is the transfer of data to a third party by passing on, granting access, publishing or permitting access.

It is the activity whereby information is made accessible to someone other than the UZH, which has previously processed the information (data). As a result, a third party obtains knowledge of the information or access to it, regardless of its nature, form or procedure. A third party (another) may be other public bodies, a natural or legal person. This does not include other UZH employees. The passing on of information within UZH is not in principle a disclosure. Such disclosure will be judged according to the principle of proportionality. (§ 3 paragraph 6 IDG)

To irretrievably delete data or render data unreadable.

Membership of a group of people who, by virtue of their culture, history, language, customs, traditions and practices, consider themselves to be connected with one another and thus experience themselves as a community that is different from the rest of the population and/or are perceived as such by the rest of the population.

Examples: Sintis, Romas, Tamils.

European Research Council is a European Union institution for the funding of basic research.

Personal data relating to the inherited or acquired genetic characteristics of a natural person which provide unique information concerning the physiology or health of that natural person and which have been obtained in particular from the analysis of a biological sample taken from the natural person concerned.

(Art. 4 Nr. 13 EU-GDPR)

Examples:

• DNA Analyses
• RNA Analyses.

Any information which, directly or indirectly, allows conclusions to be drawn about the physical or mental health of a person.

Examples:

• Medical diagnoses
• Medical findings
• Information on drug intake
• Information on therapies

EU Framework Programme for Research and Innovation

See also the federal government's overview page on Horizon 2020.

The review and assessment of risks and their possible consequences for the rights and freedoms of data subjects.

Risk = damage x probability of occurrence

Swiss Agency for Innovation Promotion.

See also innosuisse.ch

Data collected or used by sensor data from mobile devices on smartphones or fitness trackers.

Examples:

• Position, vital parameters, audio or video data
• Movement profile

Information (= data) without personal reference.

Examples for the UZH:

• Faculties
• Institutes
• (Administrative) departments
• Centres
• Clinics
• Chairs

Personal data is information that relates to an identified or identifiable person (§ 3 para. 3 IDG).

A person is identified if his identity is directly derived from the data itself (e.g. name, address).

A person is identifiable if his identity is derived from the context of the data in combination with other data, without disproportionate effort (e.g. IP address, account number, customer number, car registration number).

The effort is disproportionate if, based on general life experience, it is not to be expected that an interested party will accept it. The interest that the interested party has in identifying the person must also be taken into account.

Compilation of information enabling an assessment of essential aspects or partial aspects of the personality of natural persons.

Main person(s) responsible for a research project.

Privacy includes everything that a person would entrust to a chosen few.

Processing is any handling of information, regardless of the means and procedures used. This includes processing operations such as obtaining, storing, using, modifying, disclosing or destroying data.

(§ 3 paragraph 5 IDG)

Collection is the activity that makes the data known and available to others (e.g. respondents are interviewed, fill in a questionnaire, answer questions using a survey tool, are observed, are filmed).

• Storage is the storage of data, for example, by means of electronic and magnetic data carriers (USB stick, floppy disk, server, hard disk, etc.), written media, print media, image carriers, sound carriers.
• Use is the utilization of data regardless of the method used.
• Alteration is any reworking and redesign of the content of data
• Transfer of data means passing on, granting access or allowing access to a third party.
• Destruction is the deletion and obliteration of the stored data.

See processing by third parties

Processing on behalf of another party is when a public body (UZH) lets information, i.e. material, personal or special personal data, be processed by private or other public bodies. One also speaks of outsourcing, order processing or data processing by third parties.
(§ 6 IDG) (§ 6 IDG)

Examples (case-by-case assessment):

• Use of IT services such as use of a third-party network, maintenance of software or hardware, hosting of web offerings and services, clouds (e.g. conducting online surveys using external online platforms; use of online software from external service providers; use of a cloud from a provider to store research data).
• Use of services such as expert opinions, implementation of events and workshops by third parties, consulting, coaching.

Note: Whenever an Internet-based service is used, IP addresses (i.e. personal data) from users are collected. Please consult the terms and conditions/privacy policy of the service.

See the page Outsourcing for more information.

Processor (Switzerland: Auftragsbearbeiter).

The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
(Art. 4 Nr. 8 EU-GDPR)

See also processing on behalf.

Any automated processing of personal data intended to evaluate certain personal aspects relating to a natural person. In particular, profiling is intended to analyse or predict aspects such as the performance of work, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movements of natural persons.
(Article 4 No. 4 EU-GDPR)

It is characteristic that the collection, linking and analysis of individual characteristics generates new information and further knowledge about the personality of the person concerned.

Examples:

• Evaluation of communication and usage behaviour on the Internet (websites visited, online purchases made, activities in social networks)
• Evaluation of purchasing behaviour for targeted advertising

The principle of proportionality applied means that the UZH may only process personal data that is suitable and necessary for the fulfilment of its legal duties (§ 8 IDG).

The purpose and mandate of the UZH result from section 2 UniG.

In the context of a research project, the researcher must ask himself or herself whether the respective data processing (collection, analysis) is suitable and necessary for the purpose and objective of the research project.

Pseudonymisation of personal data occurs when the personal data can no longer be assigned to a specific data subject without additional information.

This means that all data that allow conclusions to be drawn about the data subject are replaced by neutral information (pseudonym). The assignment rule (concordance/assignment table) between the pseudonym and the data record constitutes the additional information. This must be kept separately. Technical and organisational measures must ensure that the personal data cannot be assigned to an identified or identifiable natural person.
(Art. 4 No. 5 EU-GDPR)

Example:
The researcher gives an ID to each subject and their data set in a table. In another table, the researcher stores the direct identifiers of the respondent, such as name, address and the corresponding ID.

Data which enable the assessment of a person in terms of personality, knowledge, skills or experience.

Such data may be collected in the context of psychometric tests through a series of questions, tasks or practical work. However, a psychometric evaluation can also be based on behaviour on social media platforms, for example.

Examples:

• ability or aptitude tests
• personality tests

Public bodies are

• the cantonal council, the municipal parliaments, the municipal assemblies;
• the cantonal and communal authorities and administrations;
• the organisations and persons under public and private law, insofar as they are entrusted with the fulfilment of public duties.

(§ 3 para. 1 IDG)

As a public-law institution of the Canton of Zurich (§ 1 para. 1 UniG), UZH is a public body pursuant to § 3 para. 1 lit. c IDG.

The purpose limitation principle requires that the processing of personal data must always be carried out in relation to a specific purpose.

Personal data may only be processed for the purpose indicated at the time of collection, for the purpose that is evident from the circumstances or for the purpose provided for by law. This purpose must be defined in advance. Data subjects must be informed in advance of what the data are to be used for.
(Section 9 (1) IDG; Articles 5, 13, 14 EU-GDPR)

See Data Controller.

Swiss National Science Foundation (Schweizerischer Nationalfonds zur Förderung der wissenschaftlichen Forschung).

See also snf.ch

Information which, due to its significance, the way it is processed or the possibility of linking it to other information, is particularly at risk of violating privacy (Section 3 (4) IDG).

This includes information on

• religious, philosophical, political or trade union views or activities (esp. membership of a denomination, free church, political party, workers' organisation)
• health, privacy, racial or ethnic origin, such as information on diseases, medical findings, medication; personal data that is only entrusted to a few; membership of a cultural community (e.g. Tamils, Kurds, Sintis)
• Social assistance measures (e.g. unemployment insurance benefits, social security, other counselling services)
• administrative or criminal prosecutions or sanctions (e.g. conduct and conclusion of criminal proceedings, convictions, disciplinary proceedings, withdrawal of driving licence, extract from criminal record)
• Compilation of information that allows an assessment of essential aspects of the personality of natural persons (see personality profiles).

Information on individual social assistance such as the use of care and counselling services.

Examples:

• Unemployment insurance benefits
• Benefits of the social service
• Services of counselling centres
• Measures of care and guardianship (child and adult protection law).

Data storage preserves the availability of the data, for example, by means of electronic and magnetic data carriers (USB stick, floppy disk, server, hard disk, etc.), written media, print media, image carriers, sound carriers.

The principle of transparency means that the collection of personal data and the purpose of their processing must be visible to the data subject.
(§ 12 IDG)

Use is any employment of data regardless of the method. This also includes the employment of the information content of data.

Persons whose employment relationship at UZH was established by a public law decree or a private law employment contract.

All employment relationships at the UZH, with the exception of external teachers, are established by a decree. The teaching activities of external teaching staff are carried out within the framework of employment under private law (§ 17 Paragraph 1 PVO-UZH).