Research Ethics Glossary

Anonymisation involves techniques that can be used to convert personal data into anonymised data. Anonymisation is increasingly challenging because of the potential for re-identification.

Anonymisation of data is the process of irrevocably removing the reference to a person, meaning the removal of all information that makes a person identifiable. Accordingly, data is anonymous if it is no longer possible to assign the data to a specific person or only with
disproportionate effort.

Research that, on the basis of current knowledge, is likely to generate knowledge, information, products or technologies whose direct misuse poses a threat with far-reaching potential consequences for public health and safety, crops and other plants, animals, the environment, materials or national security.

Reglement betreffend besonders risikobehafteter Forschung» DE/EN  Art 3, Ziff. 2, e)

Gain-of-Function Research (GOF) is categorised as particularly risky when biological experiments are carried out with the intention of increasing the transmissibility and virulence of pathogens. In addition to biosafety risks (i.e. unintentional or accidental release of specific biological agents and toxins) GoF research also includes particular biosecurity risks (i.e. intentional or negligent release of biological materials or the acquisition of knowledge, tools, or techniques that could be used to cause harm).

Participant observation is a method in the social sciences with which researchers intend to gain a holistic overview of the studied context through engagement in, and observation of, the setting to describe its population, social environments, processes and relationships.

See also UEK Guideline to Participant Observation

• Personendaten sind Informationen, die sich auf eine bestimmte oder bestimmbare natürliche Person beziehen. (IDG, Art. 3, Ziff.3)
• Personendaten: alle Angaben, die sich auf eine bestimmte oder bestimmbare natürliche Person beziehen. (BDG, Art.2, a)
• ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. (GDPR, Art. 4, 1)

The legal terminology referring to "sensitive personal data" differs in the data protection regulations to one or several of which researchers at the University of Basel generally have to comply:

• Cantonal Data Protection Law of the Canton of Basel-Stadt (Informations- und Datenschutzgesetz, IDG, Art. 3, ziff.4) Besondere Personendaten
• Federal Data Protection Law of (Bundesgesetz über den Datenschutz, DSG, Art. 5, c) Besonders schützenswerte Personendaten
• European Data Protection Law (General Data Protection Regulation, GDPR, Art. 9) Special categories of personal data

But the definitions of "sensitive personal data" in these three legilsations are similar in scope

1. IDG Personendaten, bei deren Bearbeitung eine besondere Gefahr der Grundrechtsverletzung besteht (sensitive Personendaten), insbesondere:

1. Angaben über die religiösen, weltanschaulichen, politischen oder gewerkschaftlichen Ansichten oder Tätigkeiten;
2. Angaben über die Gesundheit, das Erbgut (genetische Daten), die persönliche Geheimsphäre, das Sexualleben, die sexuelle Orientierung oder die ethnische Herkunft;
3. Angaben über Massnahmen der sozialen Hilfe;
4. Angaben über administrative oder strafrechtliche Verfolgungen und Sanktionen und
5. mit speziellen technischen Verfahren gewonnene personenbezogene Daten zu den physischen, physiologischen oder verhaltenstypischen Merkmalen einer natürlichen Person, welche die eindeutige Identifizierung dieser Person ermöglichen oder bestätigen (biometrische Daten).

2. DSG besonders schützenswerte Personendaten sind:

1. Daten über religiöse, weltanschauliche, politische oder gewerkschaftliche Ansichten oder Tätigkeiten,
2. genetische Daten,
3. biometrische Daten, die eine natürliche Person eindeutig identifizieren,
4. Daten über verwaltungs- und strafrechtliche Verfolgungen oder Sanktionen,
5. Daten über Massnahmen der sozialen Hilfe;

3. GDPR personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation

IDG, Art. 3, b, 5  Bearbeiten ist jeder Umgang mit Informationen, unabhängig von den angewandten Mitteln und Verfahren, insbesondere das Beschaffen, Aufbewahren, Verwenden, Verändern, Bekanntgeben, Archivieren, Löschen oder Vernichten sowie das Durchführen logischer oder rechnerischer Operationen mit diesen Informationen.

DSG, Art. 5, d Bearbeiten: jeder Umgang mit Personendaten, unabhängig von den angewandten Mitteln und Verfahren, insbesondere das Beschaffen, Speichern, Aufbewahren, Verwenden, Verändern, Bekanntgeben, Archivieren, Löschen oder Vernichten von Daten;

GDPR, Art 4, 2 Processing of personal data means: any operation (or set of operations) performed on personal data, either manually or by automatic means. This includes: collection (digital audio recording, digital video caption, etc.), recording, organisation, structuring & storage (cloud, LAN or WAN servers), adaptation or alteration (merging sets, appification, etc.), retrieval & consultation, use, disclosure by transmission, dissemination or otherwise making available (share, exchange, transfer), alignment or combination, restriction, erasure or destruction.

Research with dangerous pathogens that are highly likely to trigger a pandemic if released

IDG Art.3, 7 Profiling ist jede automatisierte Auswertung von Informationen, um wesentliche persönliche Merkmale zu analysieren oder Entwicklungen, insbesondere bezüglich Arbeitsleistung, wirtschaftliche Lage, Gesundheit, persönliche Vorlieben, Interessen, Zuverlässigkeit, Verhalten, Aufenthaltsort oder Ortswechsel vorherzusagen.

DSG Art 5, f Profiling: jede Art der automatisierten Bearbeitung von Personendaten, die darin besteht, dass diese Daten verwendet werden, um bestimmte persönliche Aspekte, die sich auf eine natürliche Person beziehen, zu bewerten, insbesondere um Aspekte bezüglich Arbeitsleistung, wirtschaftlicher Lage, Gesundheit, persönlicher Vorlieben, Interessen, Zuverlässigkeit, Verhalten, Aufenthaltsort oder Ortswechsel dieser natürlichen Person zu analysieren oder vorherzusagen;

GDPR Recital 71 Profiling that consists of any form of automated processing of personal data evaluating the personal aspects relating to a natural person, in particular to analyse or predict aspects concerning the data subject’s performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements, where it produces legal effects concerning him or her or similarly significantly affects him or her.

Pseudonymisation  entails substituting personally identifiable information (such as an individual’s name) with a unique identifier that is not connected to their real-world identity, using techniques such as coding or hashing. However, if it is possible to re-identify the individual data subjects by reversing the pseudonymisation process, data protection obligations still apply. They cease to apply only when the data arefully and irreversibly anonymised.

Further reading: Ethics and data protection

Vulnerability is widely accepted as a relevant concept in human research ethics. However, concerns about vulnerability are implied rather than explicitly defined in research ethics guidelines.

Vulnerability is first explicitly identified as a characteristic of individuals and groups who thereby require special protections in the 1979 Belmont Report (the Report). The Report intended to provide a comprehensive framework for resolving ethical problems arising from human research. Its three principles – respect for persons, beneficence and justice – offer protection to all research participants without exception (universal protection) and special protection vulnerable participants.

The Report characterised the vulnerable as individuals and groups with potentially limited capacity to give consent and/or those liable to exploitation for various reasons. It required greater justifications for the inclusion of vulnerable participants, and identified exclusion altogether from research as one way of protecting the vulnerable.

Subsequent research ethics guidelines (e.g. Declaration on Bioethics and Human Rights,  Declaration of Helsinki), follow the Report in linking vulnerability to consent, exploitation and special protections.

Despite the agreement that vulnerable participants require something more than routine ethical consideration, there is little consensus as to what characteristics make some participants more vulnerable than others and whether ‘special consideration’ is the appropriate moral response to vulnerability.

Source: Rogers WA. Vulnerability. In: Laurie G, Dove E, Ganguli-Mitra A, et al., eds. The Cambridge Handbook of Health Research Regulation. Cambridge Law Handbooks. Cambridge University Press; 2021:17-26.

"Vulnerable participants" are considered vulnerable because of their circumstances may include: children, refugees, irregular migrants, sex workers, people with cognitive impairments, dissidents, traumatised people at risk of re-traumatisation (e.g. people from conflict areas, victims of crime and/or violence); and people independent relationships with the researcher or the research team (e.g. students doing course work with researchers).

Source: European Commission - Ethics in Social Science and Humanities PDF Document

Researchers will need to assess potential vulnerability within the context of the research, in terms of potential consequences from their participation (immediate and long-term) or lack of positive impact where this is immediately needed or expected.

Researchers should make the participants aware of the limits to confidentiality when eliciting consent, and decide whether verbal or written consent will be more appropriate and protective of the participants’ interests.

Researchers should consider the following:

• participants’ vulnerability
• potential negative consequences or lack of personal benefits from their involvement in research where these are expected
• providing appropriate information to elicit freely-given informed consent for participation as well as information regarding data deposit and data re-use (where deposit is possible)
• limits to confidentiality and occasions where this may occur
• legal requirements of working with the specific population (including Disclosure and Barring Service clearance)

 UK-Guidance, Research with potentially vulnerable people, 2025