Christian Schwarzenegger, the University has established an office for Legal Services and Data Protection. What are the aims?
Christian Schwarzenegger: The University of Zurich wants to enable cutting-edge research at the highest level. At the same time, we also have an interest in making sure that what we do and how we behave adheres to existing laws and regulations. Data are becoming more and more important in research, and this presents additional challenges with regard to protecting data. The aim of data protection is to advise researchers, standardize and, if possible, simplify processes. Our Legal Services and Data Protection office is the only one of its kind at a Swiss university, and shows that we take the issue seriously.
Robert Weniger, what kind of feedback do you get for your work?
Robert Weniger: The feedback is good. Our services are quite popular. Besides our controlling function we also provide advisory services. We’re getting more and more requests for data protection checks from the field of research, in particular.
As a researcher, what is your view on data protection?
Milo Puhan: For us it’s essential that we’re engaged in a dialogue with the University's data protection delegate and get support should we need it. Since we’re no legal experts, we often can’t say whether a specific case is or isn’t lawful. The feedback we get when preparing a research project is very important.
What are the legal protective barriers?
Schwarzenegger: On the one hand, constitutional law protects the personality rights of people; the protection against data misuse is enshrined in the Swiss Federal Constitution. On the other hand, the constitution also guarantees academic freedom. Researchers thus have a right to be held back as little as possible in their work.
Weniger: This means that it’s necessary to find a balance between these interests. There is no question that personal data are often essential to carry out research projects. And in many cases, people will also benefit from scientific findings. But this doesn’t mean that academic learning can claim unrestricted access to personal data. Under Swiss law, there is no obligation to provide your own personal data to society (social responsibility).
Are there conflicts between the right to academic freedom and the right to data protection?
Weniger: There are indeed conflicts, and some of the discussions around them are very controversial and focused on general accusations. For example, some people say that data protection is hampering research or forcing researchers to go abroad. I think this kind of criticism is unreasonable.
Schwarzenegger: I would agree that there are conflicts. Research is increasingly based on data, and many disciplines need personal data, sometimes even personal data that are very much worth protecting.
Puhan: There’s no doubt there are conflicts, but personally I don’t think the situation is that problematic. The social context determines the discretion available to us in line with data protection guidelines. It’s not as black and white as it’s often made out to be. My involvement in numerous projects gives me great insight into these discussions. In most cases, problems can be solved by speaking with the data protection office or the Ethics Commission.
What are the challenges?
Schwarzenegger: The existing legal framework in terms of data protection is a bit convoluted, unfortunately. For universities and cantonal administrative bodies, data protection is governed on the level of cantons, which has led to uncontrolled growth of cantonal legal foundations. This presents enormous challenges when it comes to national projects across cantonal borders or to procurement agreements, because the provisions aren’t the same.
Do you agree with researchers who are critical about the cost and effort required to comply with data protection?
Schwarzenegger: As said before, we respect the existing legal situation. But the cost and effort can be fairly high, especially for international projects, where European and international regulatory frameworks are applicable in addition to the Swiss one. What we’d like to see for the future is an aligning and simplification of legal norms to drive research forward efficiently.
Data are the new main currency of research. Doesn't this mean that data-driven research will always be in conflict with data protection?
Puhan: I’d put the newness aspect into perspective. The same questions were already asked 20 or 30 years ago. Even back then researchers obtained biological samples from patients without knowing what they could be used for at a later stage. The challenge is not a fundamentally new one, but the technological possibilities are simply greater.
How can these challenges with big data be solved?
Schwarzenegger: The question is whether expanding current legislation governing the right to informational self-determination will be enough, or if it isn’t necessary instead to formulate new principles that allow for more discretion. Given the requirements arising from research with big data, I’m skeptical as to whether the current legal norms are sufficient. It will be increasingly possible to draw on existing sets of data and use them to find relationships using inductive reasoning.
Another important topic is the shift towards the private sector. I don’t believe that universities and public research facilities are where the dangers lie in terms of personality rights; on the contrary: More and more data are being moved into the private sector, both on a local as well as a global level. Increasingly, research is in the hands of Google, Facebook, and other social media. This is why we have to think about how we can get back the authority over data.
Puhan: That’s true, and there are cases in the US where Google and Microsoft are already cooperating with renowned clinics. But the advantage we have over these businesses is that people put more trust in academic research. This trust bonus is our greatest asset, and we mustn’t squander it.
Schwarzenegger: We have to act correctly in the academic context and keep researchers informed. We can take part in the legal policy debate, but it’s the government that has to be active at the national level – just think about the uncontrolled growth of cantonal provisions. Our aim has to be to strengthen Switzerland’s standing as a hub for research. It must set a standard that will not result in an excessively bureaucratic research landscape.
Taking part in the discussion:
Milo Puhan, professor of epidemiology and public health
Christian Schwarzenegger, Vice President for Law and Economics
Robert Weniger, Delegate for Data Protection of the Executive Board of UZH
Legal Services and Data Protection at UZH
Legal Services and Data Protection is headed up by General Counsel Isabella Balmer. She has the overall responsibility for the Legal Services office and the Data Protection office. The work of the Delegate for Data Protection aims to establish and maintain compliance with data protection regulations at UZH by providing advisory services and checks. The office is headed up by Robert Weniger, who oversees a staff of three.
The editorial team reserves the right to not publish comments. We will not publish anonymous, defamatory, racist, sexist, otherwise prejudiced, or irrelevant comments. UZH News will also not publish comments with advertising content.