Quiz Entry - updated: 2026.07.05
What legal obligations apply to OSINT under Swiss (revDSG) and EU (GDPR) data protection law, and how can individuals protect themselves?
Both revDSG and GDPR require purpose limitation and proportionality — just because data is public doesn't mean it can be freely collected and processed for any purpose. Individuals can protect themselves through conscious sharing, metadata reduction, and identity compartmentalization.
Legal framework:
- Purpose limitation — Data collected via OSINT must be used only for the stated purpose
- Proportionality — The scope of data collection must be proportional to the legitimate objective
- Even public data is protected — Under GDPR, publicly available personal data is still personal data with full legal protection
Protection measures for individuals:
- Conscious information sharing — Think before posting; consider what could be inferred
- Metadata reduction — Strip EXIF data from photos before sharing using tools like ExifTool or MAT2
- Identity compartmentalization — Use different usernames, emails, and personas for different contexts
- Self-OSINT audits — Regularly search for yourself online to understand your digital footprint
Tip: Run a "self-OSINT audit" — Google your name, search your common usernames on Sherlock, and check what metadata your photos contain. You can't protect what you don't know is exposed.
Go deeper:
General Data Protection Regulation (Wikipedia) — purpose limitation and proportionality, which apply even to public data.