„German law supports the research interest by recognizing the fundamental freedom of science: ‚Art and science, research and teaching shall be free‘ (Article 5, Paragraph 3, Sentence 1, GG). Researchers are – within certain limitations – generally free to determine their research subject and the methods they use. […] However, the freedom of research may be restricted if it conflicts with other fundamental rights, such as the right to informational self-determination, which is regulated in data protection law.“

(RatSWD, 2017, p. 14)

The right to informational self-determination ensures that every person fundamentally has control over the disclosure and use of their personal data (BVerfG, 1983), creating a tension between this right and the freedom of research. It is enshrined as a fundamental right in the European General Data Protection Regulation (EU-GDPR).

Accordingly, all personal data are considered particularly worthy of protection. These include: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (EU-GDPR Article 4 No. 1, 2016). Additionally, special categories of personal data (also referred to as sensitive dataWithin the category of personal data, there is a subset known as special categories of personal data. Their definition originates from Article 9(1) of the EU GDPR (2016), which states that these include information about the data subject’s: Read More) receive heightened protection. These include data revealing ethnic, social, or national origin, political, ideological, and religious beliefs, or sexual orientation, as well as health data, genetic, and biometric data that can uniquely identify a person. The processing of such data is generally prohibited (EU-GDPR Article 9, Paragraph 1, 2016).

Data protection regulations, particularly those concerning the processing of personal data for research purposes, are specified in federal and state data protection laws. While the Federal Data Protection Act (BDSG) applies to federal public bodies and non-public entities (§ 1 (1) BDSG), state data protection laws govern public institutions at the state level. Consequently, the Berlin Data Protection Act (BlnDSG) applies to research projects conducted at Freie Universität Berlin.

Metschke and Wellbrock (2002) expand the concept of personal data (direct identification) by introducing another category: personally relatable data (indirect identification):

„Considering this definition, the scope of informational self-determination protection includes not only data concerning a specific (individualized) person but also individual data points that may not explicitly or immediately identify a person but enable their identification when combined with other information. These are referred to as individualizable or personally relatable data.“

(Metschke & Wellbrock, 2002, p. 19).¹Translated by Saskia Köbschall.

Thus, personally relatable characteristics are indirectly identifying attributes – features that (often) only allow for identification when combined. To ensure adequate data protection, it is essential to consider the possibility of identifying individuals using contextual information. Since this type of information is not always immediately apparent, further investigation may be necessary to determine whether datasets require anonymization.