The data protection and ethics self-assessment tool is currently still in the pilot phase. If you have any comments or suggestions for improvement, please contact the following e-mail address: firstname.lastname@example.org
What can you expect?
The Data Protection/Ethics Self-Assessment Tool is aimed at researchers who in any way involve persons or at least their data in their research (e.g. for surveys, experiments, observations, etc.) - regardless of whether the resulting data is anonymized or not.
Researchers should be able to use the tool to assess which questions their project raises in terms of data protection and ethics and inform them when they should submit their project to the appropriate body (UZH Data Protection Law Section, Faculty Ethics Committee, cantonal data protection commissioner or cantonal ethics committee). The information and recommendations collected by the tool are finally summarized for the researchers in the form of a PDF document.
Access to the tool
The tool is currently in the pilot phase.
It is only accessible within the network of the UZH (or via VPN).
Login page (AAI-Login)
Data Protection Section
One of the main objectives of the self-assessment tool is to find out whether personal data is being processed and, if so, whether it is particularly worthy of protection or is being used to create personality profiles. It also checks whether data is being processed by third parties. If the answer is yes, the data must be protected by a written contract.
Furthermore, it must be ascertained which law is applicable to the project. The cantonal IDG is always applicable when members of the UZH process data, whereas the European DSGVO is only applicable in special circumstances. Depending on the applicable law, different blocks of questions will be asked in the course of the tool.
The following question blocks aim to find out who has access to the data. Depending on the answer, it is recommended to use the corresponding templates provided by the Data Protection Law Department or to contact them. In addition, compliance with the legal transparency and validity regulations will be checked to ensure that consent has been validly obtained, that the principles of transparency and purpose limitation have been respected, and that processing is proportionate.
Finally, the necessary technical and organizational measures are pointed out. The data protection section ends with a risk assessment regarding data processing and a clarification as to whether a prior check with the cantonal supervisory authority is necessary.
The ethics part of the self-assessment tool largely corresponds to the evaluation questions of the faculty ethics committees established at the UZH to date. The evaluation processes are not affected by the tool: in the case of a positive "ethics finding", the researchers are referred to the corresponding commission.
At the beginning, a number of questions are asked to determine whether the research project falls within the scope of the Human Research Act and must therefore be submitted to the Cantonal Ethics Committee (CEC) for review.
This is followed by questions to determine whether the study should be submitted to a facultative ethics committee. In particular, these questions concern whether vulnerable persons are included in the research, whether certain risks exist for these persons and also for the researchers themselves, and whether there are inappropriate dependencies, incentives or conflicts of interest between the persons involved. These questions also come up when the study has to be submitted to the CEC; they help to prepare an appropriate submission.