LOGBOOK

HELP

Quiz Entry - updated: 2026.06.07

We've seen how powerful OSINT is. Under what conditions is it actually legal under Swiss data protection law?

OSINT is legal under the revDSG when there's a valid justification ground, processing principles are followed, and specially protected data receives extra care.

Valid justification grounds:

  • Consent from the data subject, freely given and informed.
  • Overriding private or public interest, such as due diligence or security investigations.
  • Explicit legal basis in law, such as regulatory obligations.

Processing principles that must always be met:

  • Lawful collection through legitimate means.
  • Good faith and transparency in how data is handled.
  • Proportional to the purpose, not collecting more than necessary.
  • Purpose-bound, used only for the stated goal, not repurposed later.

Specially protected data requires heightened standards: Health information, political opinions, religious beliefs, biometric data, and similar sensitive categories demand careful assessment, explicit consent where possible, and enhanced security measures for storage and processing.

Practical example: using LinkedIn to verify a candidate's professional background during a due diligence process is generally acceptable. It serves a legitimate purpose, the scope is proportionate, and the information reviewed is what the candidate themselves chose to publish. This kind of targeted, purpose-driven OSINT passes the legal test.

From Quiz: PRIVACY / TOM and OSINT | Updated: Jun 07, 2026