Data Protection while Studying
The University of Basel places great value on the protection of personal data and compliance with the relevant statutory regulations.
Legal Grounds for Data Processing
The processing (i.e. collection, storage, disclosure, deletion, etc.) of personal data by the university as a public institution requires either a direct legal basis (e.g. Sec. 7 Student Regulations, Sec. 42 Staff Regulations) or the legal assignment of a task to the university which can only be performed by processing personal data (called an indirect legal basis, such as a research contract, Sec. 1 University Statutes).
Consent is not sufficient for the university to process personal data. However, consent is required when the legal basis permits processing in general, but not the processing of specific data referring to an individual person (see informed consent).
In addition, data may only be processed for a specific purpose, the processing must be proportionate (e.g. appropriate, necessary for the specific purpose, and reasonable for the data subject) and the principles of data minimization and transparency must be followed (for more information, see informed consent). Projects involving vulnerable persons (e.g. children) or in special settings (e.g. anonymous data collection) are subject to additional rules.
Data Protection Review
The purpose of a data protection review is to identify potential risks before the collection and processing of personal data (for example in the context of seminar papers, bachelor's and master's thesis) and to minimize them where possible.
In university life, data protection reviews particularly come into play before research projects (in some circumstances usually also from seminar papers, bachelor's and master's thesis) and before the introduction of new digital services for teaching, research, or administration. The primary goal of these reviews is to determine whether the nature of the data or the processing of the data entails a high risk to the rights and freedoms of the data subject.
If the risk remains high despite the implementation of protection measures, or the data is being processed using new technologies or a very large number of people are affected (> 10,000), the project must be submitted to the canton's data protection officer for a prior consultation.
You can learn more on the data protection reviews web page.
You can use the E-Learning-Tool to familiarize yourself with the legal grounds of data protection in a fun and engaging way and to test your knowledge.
The course is led by Professor Beat Rudin, Data Protection Officer of the Canton of Basel-Stadt and assistant lecturer at the University of Basel, and by Danielle Kaufmann, Data Protection Officer of the University of Basel.