Skip to main content

Technical data / Personal data

Technical or personal data ?

Personal data is subject to strict security and confidentiality regulations, unlike non-personal data, which can be shared more freely. The Swiss and European authorities even encourage such sharing among companies in the private sector, as it is a source of innovation and competitiveness.

 

To avoid any potential breaches of the law, it is therefore essential to ensure that no personal data is transmitted when non-personal data is shared.

Download our Information sheet on personal and non-personal data
Download our Information Sheet
Clarify in just a few clicks whether or not you can share your data with a third party.
Start the questionnaire

What’s the difference between personal and non-personal (technical) data ?

What is personal data ?

The law considers personal data to be any information relating to an identified or identifiable natural person. In some cantons, this definition extends to legal entities (companies, associations). Personal data establishes a direct link with the person (e.g. first name and last name) or enables the person to be identified indirectly in combination with other data (e.g. geolocation data, IP address). In the first case, the person is identified, and in the second, they are identifiable.

What is sensitive personal data ?

This category includes personal data that requires greater attention. This includes:

  • personal data relating to
    • religious, philosophical, political or trade union-related activities
    • health, the private sphere or affiliation to a race or ethnicity
    • administrative and criminal proceedings or sanctions
    • social assistance measures
  • genetic data
  • biometric data that uniquely identifies a natural person
What is non-personal or technical data ?

Non-personal data refers to all data that is not personal data and therefore does not allow – or no longer allows – a person to be identified. Identifiability may vary: the more data there is, the more likely it is that a person can be identified. Technical developments may also make identification easier. 

However, the use of non-personal data is not completely free of restrictions. In some cases, provisions relating to intellectual property or the protection of secrets make data sharing illegal.

Some examples of the two types of data (non-exhaustive list)

Personal data

  • Identification data (first name, last name, marital status)
  • Contact data (postal address, email address, telephone number)
  • Personal location data
  • Identification number (OASI number, credit card number, IBAN, number plate, reader number)
  • Extract from the criminal record
  • Medical files
  • Employer’s letter of reference
  • Addresses, cookies, digital footprint

Non-personal or technical data

  • Aggregated statistical data
  • Anonymous data
  • Non-personal data generated by machines (not relating to people)
  • Maps or plans (not containing personal data)
  • Satellite images (not containing personal data)
  • Meteorological data
  • Agricultural or industrial production data (not containing personal data)

Can personal data be transformed into non-personal data ?

Yes, this can be achieved by means of an anonymisation procedure that irreversibly breaks the link between the data and the person to whom it relates. Identification becomes impossible. There are several anonymisation techniques, such as aggregation, the addition of noise and substitution. 

 

In the case of pseudonymous data, one attribute is replaced by another in the record (e.g. ‘Mr Smith’ by ‘3178938’). Identification remains possible for people who hold the key or dictionary used for the operation. Pseudonymous data therefore remains personal data, but can be considered as non-personal data for people who do not have this key if identification is theoretically possible but requires disproportionate effort.

What if the data you want to share includes personal data ?

Sort the data

Personal data is rarely necessary and can be deleted so that only non-personal data is communicated. Ask yourself which of your data items make it possible to identify the person directly or indirectly. If you have the slightest doubt, don’t share it.

Anonymise the data

Use a reliable and appropriate technique such as aggregation to remove any link with the person or persons concerned. Another method is randomly replacing information, taking care to ensure that re-identification is not possible.

Have a good reason (a ground for justification) for sharing

Certain personal data may be communicated in the following cases:

  • The persons concerned have given their free and informed consent.
  • Communication is necessary for the conclusion or performance of an agreement (data concerning the contracting party).
  • The data is being processed for research, planning or statistical purposes not relating to people (the data must however be anonymised as soon as this is technically possible and will not appear in the communication of results).
  • The data relates to a public figure and their public activities.

We recommend that you consider using one or more of the above three options when collecting or creating data. You can thus ensure that the file to be shared will no longer contain any personal data or that such data will be anonymised during processing.