13th annual report
Berne, 03.07.2006 - The use of the new social security number (AVS) within the context of the planned harmonization of personal registers, biometric data in the new Swiss passport, work on new legislation in the area of internal security, and the use of reconnaissance drones to facilitate the job of border guards – these are just some of the issues which the Swiss Federal Data Protection Commissioner (SDPC) addresses in his latest annual report covering the period from 1 April 2005 to 31 March 2006. Further topics covered in last year’s report by the SDPC ranged from the transmission of personal data to the US authorities in conjunction with air travel and financial transactions, the publication of Company Register data on the internet, consent clauses in the credit card sector, health insurance cards, as well as biobanks.
In his report, the SDPC addresses the issue of the planned harmonization of personal registers and the use of the new social security number as a personal identifier. He faulted the intention of transforming what was originally intended as a statistical instrument into a tool for use by the administration, and recommended that alternative solutions be found.
With regard to the introduction of biometric data in the new Swiss passport, the SDPC criticized the fact that biometric data are to be centralized and held on the ID Information System (ISA).
As for the revision of the Law on Measures for Maintaining Internal Security, the SDPC emphatically rejected the drafts that have been presented to date, claiming that they are not compatible with data protection principles. The report also says that planned legislation to combat hooliganism leaves many questions unanswered.
The SDPC has also called for a strong legal basis to be established before reconnaissance drones are authorized for use by border guards.
The agreements that regulate the transmission of personal data by airline companies to the US and Canadian authorities, as well as the transmission of payment data by Postfinance to the US authorities, are important issues for the SDPC. Following his recommendations, Postfinance has agreed to adapt its practice in order to provide the persons concerned with better information and to protect their privacy.
The report also explains the conditions under which private individuals can use and process data taken from the Company Register. As far as the credit card sector is concerned, the SDPC has, within the context of his supervisory activities, examined the consent clauses and has made recommendations with a view to increasing transparency.
The Federal Office of Public Health’s plans to introduce a health insurance card were the subject of careful scrutiny by the SDPC last year. He has reiterated his position according to which, if use of the card is to be made compulsory, it should only contain data and only be used for cases expressly covered by the Federal Health Insurance Act.
Within the context of the 5th Revision of the Invalidity Insurance system, the Federal Council has produced a position paper on planned future legislation which the SDPC considered unsatisfactory. He criticized in particular that in order to determine benefit entitlements, individuals would be asked to sign a consent form which would be valid for all social insurance schemes. Providing a blanket authorization of this kind is incompatible with data protection laws.
Finally, the report addresses the issue of biobanks. The SDPC stresses the data protection regulations for the handling of biological material, and he welcomes the efforts of the Swiss Academy of Medical Sciences to strengthen data and personal protection in the area of biobanks.
Further subjects covered in the 13th Annual Report are summarized in the appended document (see on the right side).
Federal Data Protection and Information Commissioner