Navigation auf


University Library Zurich

Data Protection

If you own the copyright to your data, you can provide it with a Creative Commons license and publish it. However, if you collect data from individuals, you must additionally observe the legal regulations of data protection to protect the data.

What Data Do I Need to Protect?

All data of persons that can be used to identify them must be protected. This includes not only name, email address or similar, but also pictures, videos, even dance movements can identify people. In addition, sensitive data of people must also be protected. Which data is classified as sensitive is conclusively defined in the Data Protection Act.

Data from identifiable persons              Sensitive data
  • name, address, phone number
  • e-mail, username
  • ID card data
  • biometric data
  • health data
  • location data
  • etc.
  • political opinions
  • religious beliefs
  • data on sexuality
  • health data

How to Handle Personal Data?

Just like any other data, personal and sensitive data can be stored, (collaboratively) edited and shared. In contrast to non-personal data, additional security measures need to be taken:

  1. During data management planning: you organize secure data storage and prepare the consent forms accordingly so that you are allowed to share the data at the end of the project.
  2. During data collection: you obtain consent from participants to publish the data at the end (in anonymized form). If you use survey tools to collect data, these also have to adhere to legal requirements of data protection. UZH offers the survey tools Limesurvey and Unipark. Personal data must also be stored on a server that ensures only authorized access . The UZH central IT department provides UZH-internal servers for this purpose. Please contact your institute's IT department for help.
  3. During data processing: Data can only be shared with others for collaborative processing via secure connections, e.g. via SWITCHfilesender.
  4. When publishing data: In order to publish the data, participants must have given their consent, the data must be sufficiently anonymized, or access to the data has to be restricted. Additionally, you can also regulate with a license how the data can be reused.

The Data Protection Law Team of the University of Zurich offers a first overview of important topics concerning the handling of sensitive data (see especially their glossary).

Data protection in research projects

The DMLawTool provides help on all legal aspects of research data management. With the help of a decision tree, you receive information on data protection as well as copyright and licenses specifically geared to your own research project.

With the Self-Assessment Tool of the team Data Protection at the UZH, you can quickly gain an overview of whether you work with personal data at all in your project, where you need to take a closer look, and whether you need to submit an application to an ethics committee.

To the Self-Assessment Tool Data Protection

Anonymize and Pseudonymize Data

In order to share personal or sensitive data publicly, you must anonymize or pseudonymize it. Anonymized data can be shared openly and – unlike pseudonymized data – is no longer subject to data protection.


Personal or sensitive information is aggregated, regrouped, or deleted in such a way that no one can re-identify individuals in the data without a great deal of additional effort.


The data is encrypted in such a way that the persons behind the data can no longer be identified. However, with the help of the key, the original data can be restored.

Tools for automatic anonymization

Share Metadata Instead of Data

If you can't share your data for ethical, legal, or technical reasons, you still have the option to share the associated metadata. This way, the dataset itself is not public, but the information that it exists is. 

Ethically on the Safe Side? Check Your Project.

Are you unsure whether your study is ethically sound? You can find procedures for the ethical evaluation of research projects with the relevant UZH faculty below.

Faculty of Arts and Social Sciences

As a researcher in the humanities or social sciences, you can use the Ethics Committee checklist to determine whether your study requires an ethics application:

Download: Ethics Checklist of the Faculty of Art and Social Sciences
For further guidance, please refer to the Faculty Ethics Committee 

Faculty of Business, Economics and Informatics

At the Faculty of Business, Economics and Informatics, there is an ethical clearance process for economic science projects. For more information, contact the head of the ethics committee, Prof. Michel Maréchal

Faculty of Medicine

The Ethics Committee of the Faculty of Medicine examines those research projects that do not fall under the Human Research Act from an ethical point of view. The "Data Protection and Ethics Self-Assessment Tool" (DESAT) of the University of Zurich should be consulted prior to submission.

Ethics Committee of the Faculty of Medicine

Faculty of Science

Researchers of the Faculty of Science are invited to consult Stephan Neuhauss:

Faculty of Theology

At the Faculty of Theology there is an ethical clearance process for projects from Theology and the Study of Religions. Checklist and applications form for the Ethics-Committee Faculty of Theology are provided here.

Cantonal Ethics Committee / Kantonale Ethikkommission

Research projects from all areas of human research are assessed by the Kantonale Ethikkommission (KEK). It verifies compliance with the guidelines of the Human Research Act.

Weiterführende Informationen

Questions about Data Protection?

Team Data Protection at UZH:




We offer a course on "Publishing personal and sensitive data" in January on a yearly basis. Contact us at for more details.