19th Report on Activities
Bern, 25.06.2012 - The Federal Data Protection and Information Commissioner (FDPIC), Hanspeter Thür, is publishing his 19th Report on Activities today. The year under review was characterised by a number of important court rulings, as well as intensive supervisory and advisory activities. The FDPIC also continued his awareness-raising work.
Once again in 2011, the Federal Administrative Court upheld the arguments of the FDPIC in a number of seminal rulings. With regard to the principle of transparency, the Court held, for example, that the declarations of interest by the members of the Federal Vaccination Commission had to made accessible to the public. However, public access does not have to be granted to the copy of an interview which still contains corrections, as it cannot be considered an official document. The Federal Administrative Court, in matters of data protection, further held that pension fund statements cannot be delivered openly in such a way as to be visible to the employer. This was in line with the position of the FDPIC. The FDPIC also followed up on the Federal Court ruling in the Logistep case of the previous year. As a result of this ruling, the legal situation regarding violations of copyright on the internet was left somewhat unclear. Based also on input from the FDPIC, the Federal Council has now stated its willingness to examine new solutions to the problem. Last to be mentioned is the recent decision of the Federal Supreme Court in the case of Google Street View – it supports the position of the FDPIC in essential respects and strengthens data protection on the Internet.
Data protection is relevant in many day-to-day situations, as shown over the past year by a broad range of issues which the FDPIC dealt with in the course of his advisory and awareness-raising activities. These included the use of personal data when making donations in someone’s memory, the exchange of data on fare dodgers using public transport, the processing of data relating to participants in recreational sports, and the publication by a football club of images of hooligans on the internet. The FDPIC also published a commentary on his website on user data in libraries, as well as information on the correct use of private video surveillance on public property. He collaborated with a working group from French-speaking Switzerland to devise a tool for companies and public authorities to increase public awareness of data protection and public access. This can be found under www.thinkdata.ch where there are also comments by the FDPIC on the forms and risks of cloud computing.
The FDPIC issued statements on various pieces of draft legislation, including the introduction of so-called State Trojans (government malware) used to monitor communications involving criminal suspects. In this case, he called for a clear legal basis, which is now to be examined as part of the forthcoming comprehensive revision of the Federal Law on Postal and Communications Monitoring (BüPF). Regarding new hospital funding and diagnosis-related groups (SwissDRG – the flat-rate payment system), the FDPIC is demanding a regulation which ensures that the insurer is not given more patient data than absolutely necessary. In the draft bill on electronic patient files, the FDPIC has introduced central data protection requirements relating, for example, to the use of the new social security (AHV) number as an identifier. Two issues, which he repeatedly insisted on during legislative discussions were finally adopted: on the one hand, the current comprehensive revision of the Insurance Contract Act now extends the principle of an independent medical officer to private insurance companies. On the subject of internal security, Parliament has decided to allow individuals to obtain direct information on data concerning them held on ISIS (information system for internal security), a move that will considerably strengthen their rights. As for the disclosure of data to foreign tax authorities, the FDPIC believes that both the Double Taxation Agreement and the Tax Administrative Act are in conformity with data protection requirements, but has many reservations on the US «Foreign Account Tax Compliance Act», better known by its acronym FATCA.
Within the framework of his supervisory and control duties, the FDPIC carried out a number of case investigations during the year under review. The video surveillance systems of certain public transport companies were shown not to be fully data protection compliant, as there were a few outstanding issues with regard to regulations, passwords and server security. Two comprehensive investigations were brought to a successful conclusion. In one case, a tennis club made changes to its biometric reservation system; in the second, a credit reference agency introduced improvements so as to offer stronger privacy protection and greater transparency. As part of the Schengen cooperation process, the FDPIC inspected the Swiss embassy in Moscow and made various recommendations regarding transparency and the training of embassy staff.
Other subjects covered in the 19th Report on Activities can be found in the attached summary.
The full report can be found (in German or French) on www.derbeauftragte.ch under Documentation.
Address for enquiries
-
Documents
Publisher
Federal Data Protection and Information Commissioner
https://www.edoeb.admin.ch/edoeb/en/home.html
