Privacy in Data Storing and Publication

Handling of Sensitive Data

The following (German) regulations and recommendations apply if you are handling sensitive data:

  • The right of informational self-determination defines that study participants can decide freely how researchers are allowed to use their personal data. Practically, informational self-determination is considered by obtaining the informed consent of participants when data are collected. However, the right of informational self-determination also implies that participants have the right to demand the deletion of their data, as long as the data can be related to them (i.e., this right does not hold for anonymized data).
  • The Federal Data Protection Act (BDSG, Bundesdatenschutzgesetz, Bundesministerium der Justiz und für Verbraucherschutz, 2015) sets the framework for processing person related research data. Within the BDSG, a definition of the term ‘personal data’ is provided. The BDSG rules, among others, that, in general, informed consent has to be obtained if personal data are collected and processed, and introduces exceptions to this rule, e.g. under which circumstances research interests  superimpose the right of informational self-determination.
    • German data protection demands specific protection for specific kinds of personal data (BDSG § 3 (9)). Researchers are not allowed to collect, process or publish this kind of data without explicit consent of participants, that refers to the specific kind of personal data. An extensive list with examples of special kinds of personal data (only german) was put together by Datenschutz-Wiki. Following this list, psychological data such as character traits or education do not fall under special kinds of personal data, while information about diseases/disorders, diagnoses and disease/disorder severity are specific kinds of personal data and, thus, involve higher requirements on data protection.
    • German data protection further demands that “details which help to assign data about personal or factual circumstances to a certain or ascertainable person have to be stored separately. They may only be merged with the data if that is required by the purpose of the research” (BDSG § 40 (2)). Thus, documents, which allow relating research data to a specific person (e.g. signed informed consent sheets), have to be stored separately from the research data.
    • Moreover, personal data have be deleted as soon as they are no longer needed to fulfill the research’s purpose (BDSG; Cooper, 2016)
  • The DGPs’ recommendations furthermore require:
    • Not fully anonymized data should be non-publicly archived for at least 10 years (DGPs, 2016).
    • The anonymization process has to be documented (DGPs, 2016).

Sharing Data

It is always advisable to anonymize data before sharing it because sharing data that involves data personal is much more complicated. The knowledge base’s information on obtaining informed consent and privacy and anoynmization issues (which offers a more comprehensive introduction on personal data and anonymization of data) should be considered.

  • Anonymized data do not fall under data protection and thus can be shared (even without consent). Having said that, it is often hard to determine whether data are anonymized or person related in individual cases because „anonymizing“ is only defined vaguely by BDSG as transformation of the data in a way that data can not, or only by inappropriate effort, be related to a person (BDSG § 3 (6)).
  • Non anonymized data may only be shared if the explicit consent was obtained or if the interest of the general public outweighs the person’s interest.
    • If obtaining retrospectively informed consent for sharing non-anonymized data should not be possible, you should discuss the individual case with an ethics committee.

The DGPs has developed a decision tree to help you with these issues:

(Schönbrodt, Gollwitzer & Abele-Brehm, 2016, p.6)
Figure taken from Schönbrodt, Gollwitzer & Abele-Brehm (2016, p.6).

Further Resources