If you receive an unexpected message from an old school friend in your 20s or 30s, there’s a good chance it will contain one of two things: 1.) a unique investment opportunity in his brand-new sports nutrition business, which is unfortunately just a pyramid scheme, or 2.) a request to participate in the online survey for his master’s thesis and master’s theses.
If it is the second alternative and you want to make yourself particularly popular with said friend, you should ask how the survey actually deals with data protection.
Special features in science & research? and master’s theses
The GDPR does not contain a specific legal basis that would apply to data processing in scientific theses.
Standards such as Art. 89 GDPR or the provisions in Section 27 of the Federal Data Protection Act (BDSG) based on the opening clause of Art. 9 (2) (j) GDPR may initially convey a different impression. However, brazil business fax list student theses do not fall under the term “science” underlying these regulations:
While it is argu that work that, in addition to obtaining scientific knowledge, also serves the training of the authors may fall within the scope of application ( BeckOK DatenschutzR/Schlösser-Rost/Koch, 39th Ed. 1.11.2021, BDSG § 27 para. 17 . Bachelor’s and Master’s theses, on the other hand, are likely to be assign to examination rather than research purposes due to their scope and complexity (see, for example, Kühling/Buchner/Buchner/Tinnefeld, 3rd Ed. 2020, GDPR Art. 89 para. 13a and Specht/Mantz, Handbuch Europäisches und deutsches Datenschutzrecht, § 23 Datenschutz in Forschung und Hochschullehre para. 77 – in both commentaries, the area of scientific teaching is exclud from the data protection definition of science and research).
In addition, some state data protection laws contain special provisions for scientific research, which, however, are often
responsibility
This difference can be significant for data protection law liability: While the author of a university thesis is normally the sole controller, joint controllership under Art. 26 GDPR may also be applicable in a company, the rise of social media depending on the structure. Students’ work results will often also be of interest to the company where they work and where their data is collect. and will therefore be shared. In this situation, it can therefore be assum that there are common purposes and means within the meaning of Art. 26 GDPR, and the two parties involved should enter into a corresponding agreement. If the academic thesis is written “for” the company, essentially serving its internal purposes, and if the author appears to other employees primarily as an employee of the company and not as a student, in some situations the company may even be solely responsible.
“It’s all anonymous” – really?
Ideally, the survey is design anonymously so that no data processing within the meaning of the GDPR takes place:
However, caution is advised here, because to ensure “true” anonymity . The sense of data protection law, email datait is not enough to simply not ask the respondents’ identities. The group must consist of more than seven participants and. If certain characteristics such as gender or age group are being ask. The group size must also be appropriate for that category .
In addition, the questions must be designed in a way that prevents answers from being personally identifiable. Free-text fields, in particular, pose a risk here, as respondents may enter their own or other people’s information that should not be collected at all.