Ensuring Secure Data Protection

“In order for the fundamental right to informed self-determination to be resected in an information society as a citizens’ right to freedom, data protection aims to limit the processing of personal data through legal regulation and technical measures.”

- quote from website of State Commissioner for Data Protection of North Rhine-Westphalia

A first step of collecting data is to request information from a specific person. At this point it is still possible to connect the collected data to the surveyed person. The person’s data is then transferred to a collection system. In case the data has not yet been anonymised, this will be done in this step. This means that it will most likely not be possible to link the information back to the person. Subsequently, the data from the entire survey is combined into a comprehensive data set, called aggregated data. If this information is then grouped according to certain characteristics (for example age), it is spoken of as disaggregated data. In the context of aggregated and disaggregated data it is no longer possible to single out individuals, or to draw conclusions regarding their affiliation to a certain group.

The described process is subject to data protection regulations. When collecting individual data, subjects are entitled to refuse the disclosure of sensitive data without fearing sanctions. Should a person choose to disclose personal information, they may also choose how to categorize themselves. In addition, data protection includes the requirement that personal data must be stored anonymously. Only disaggregated data may be made accessible to the public.

The protection and confidentiality of personal information is one of the key principles in data collection. Nevertheless, critics of data collection fear that these principles are circumvented or ignored. Thus, data protection must be upheld at all costs, especially by government institutions.

© Büro zur Umsetzung von Gleichbehandlung e.V. 2018