Navigating the Complexities of Personal Data Protection Online

27.01.2023

In this article we will be looking at the requirements and distinctions of personal data and how at SMG Swiss Marketplace Group we distinguish between two ways of collecting data.

Data protection is the act of protecting the personality and privacy of people by safeguarding important (personal) information.
Protecting personal user data is crucial in any business, particularly online business. This is because online, undoubtably substantial quantities of data can be collected and exchanged and, therefore, also misappropriated, intercepted and stolen. But what even is personal data?

What is Personal Data?

When we speak of personal data, we speak of data that fulfills all of the following three requirements:

Information
In this case, the broadest of the three requirements, since almost anything can be considered information.

Relation to a person
The information given must be related to a person. This requirement is consequently also open to broad interpretation since almost anything and any information can be related to a person.

Identified or Identifiable
Arguably by and large the most relevant aspect when we speak about personal data. I.e. the information related to a person needs to identify the person or make the person identifiable. To illustrate, the next paragraph will show a tangible example. 

Practical example: What Personal Data Means and the Importance of Data Protection

In this following example, we could be talking about a person dressed in turquoise. Although we have shared information related to a person, we certainly didn’t share any personal data, since multiple people are dressed the same.

An example for an identifier for personal data

However, if under those circumstances we say “the person wearing the crown”, we have singled out one person and made them identifiable. So in this case we have indeed divulged personal data, despite not knowing their name, age, email address, or any other personal information. 

At this point, we have looked at the three requirements for data to be considered personal. In the following paragraph we will look at the three categories of personal data, one of which is specifically used in Switzerland.

Data Protection 101

The sensitive personal data as well as personality profiles have an increased need for protection and higher security measures. However, there are different types of personal data. With this following slider, we present three types of personal data. 

Three Types of Personal Data

Regular Personal Data
This includes information such as name, address, email address, phone number, etc.
Sensitive Personal Data
This data is related to religion, ideological views, political views, medical records, criminal records or social security measures
Personality Profiles (CH only)
Nothing comparable in the EU. A collection of data that permits an assessment of essential characteristics of a person. E.g. the collection of different types of data that will allow you to identify a person’s personal interests.
Previous slide
Next slide

Two Types of Data Collection for Data Protection​

As a company that is responsible for many different employees and takes care of an extensive range of customers, the topic of internal compliance is paramount. This is why across all Business Units and departments, our teams work closely with the Legal Department to ensure that processes and guidelines are in place. To increase risk awareness among all employees, we provide frequent mandatory training and allocate points of contact within each department to ensure that questions can be asked and answered at all times. 

These processes are particularly important since, at SMG, we collect user data on our websites on two different levels. This subsequent overview will give a short explanation as to what these two levels mean. 

On our various brand websites, there are different ways we collect data. This is why we need to be aware of the distinction between “Provided Data” and “Collected Data”.

Provided Data

Provided data is personal data that a user proactively shares with us on our platforms. This could include:

– Opening an account
– Signing up for a newsletter
– Buying a product
– Placing or reviewing a listing
– Chatting over the platform
– Requesting an offer

Collected Data

This means the data is being collected in the background whilst a user is moving around on our platforms. This data can be used to create the aforementioned Personality Profiles that require increased protection measures.
This could include data collected by cookies such as:

– Personal preferences
– Product usage
– Browsing behaviour
– Personality profiles
– Prediction models

All in all we can conclude that not only are there different types of personal data that require different levels of protection, but there are also different types of data collection when it comes to gathering data from users on a website. 

With this article, we wanted to give you an insight into what personal data means, how we distinguish between different types of personal data, and how, at SMG, we divide the collected data into two categories.


Thanks go to Stephanie Engelhardt-Scherf for giving us more insight into this important  topic.

Latest Blog Posts

Fotos vom Management mit und ohne Hintergrundfarbe als ZIP-Datei

Logo zum Download in allen Versionen