21st Report on Activities

Bern, 30.06.2014 - The Federal Data Protection and Information Commissioner (FDPIC) Hanspeter Thür is presenting his 21st Report on Activities today. 2013/2014 was a year that was marked both by Edward Snowden’s revelations and by the risks posed by the increasingly extensive collection and analysis by companies of user and customer data.

The disclosure of dragnet internet surveillance by the NSA and its partner organisations triggered massive indignation worldwide, and sparked renewed debate in Switzerland about the limits of government monitoring. The FDPIC has been quite critical about the draft Intelligence Agencies Act which would grant the intelligence agencies increased access to data. Under planned legislation, the agencies would be able to penetrate computer systems and networks in order to disrupt, prevent or slow down access to information. For the FDPIC, such wide-ranging authority is a cause for extreme concern.

Over the last few years, we have seen how technological change has posed a growing threat to individual privacy. During the year under review, the FDPIC has been scrutinising so-called personal tracking systems which are also used in the retail sector. These systems employ face recognition software to identify customers automatically and to analyse their behaviour. The results then serve to optimise the positioning of advertising space. The fact that these are operated without the knowledge or consent of the persons involved poses a problem from a data protection perspective.

With regard to the principle of freedom of information the number of requests for access to information (469 in total)  as well as the proportion of the requests being entirely or partially granted (68%) has basically remained stable over the last few years. This is a clear indication that the Freedom of Information Act has become a useful and effective instrument enabling private individuals and media professionals to gain access to information. The FDPIC rejects the arguments of the intelligence agencies and other government bodies that they should not be bound by the Act, since this would run counter to the original intention of the legislator, which is to make government activity more transparent.

As part of his supervisory and control activities, the FDPIC carried out a number of fact-finding missions. An inspection of the certified data collection points of two health insurers revealed that due to technical reasons, the implementation of the DRG automated invoice verification system (a black box system which prevents any human data access) was not proceeding as fast as originally expected. During an inspection of the federal whistleblowing reporting office, the FDPIC noted the existence of a data set which should have been notified. He asked the office to comply with its legal obligations. A trade union alerted us to the fact that the conversations of call centre employees at Swiss Post were being recorded. Upon closer examination, the FDPIC found that this was being done in conformity with data protection requirements. Further, within the context of the Schengen cooperation agreement, the FDPIC carried out an inspection at the Consulate General of Switzerland in Dubai in order to verify data processing procedures applied during the issuing of Schengen visas.

The FDPIC also submitted his observations on various planned legislative bills, including one on the revision of the Publication Act. His intervention sought to ensure measures to avoid any abuse in conjunction with government publications on the Internet. On the subject of finance, he expressed an opinion on the revision of the Tax Administrative Assistance Act and criticised the procedure whereby a person who wishes to appeal a decision is able to obtain ex post information. However, his request for the bill to be amended was not accepted by the Federal Council (government). On the other hand, his position was upheld on the matter of the electronic patient file as evidenced by the draft law that was presented during the year under review. The privacy of patient information has been improved in a number of ways; for example, social security numbers will now not be used to identify the patient in the eHealth system.

An overview of the issues covered in the 21st Report on Activities is provided in the Summary.

The full Report on Activities can be found at the following address www.edoeb.admin.ch under Dokumentation (in German).


Address for enquiries

-



Publisher

Federal Data Protection and Information Commissioner
https://www.edoeb.admin.ch/edoeb/en/home.html

https://www.admin.ch/content/gov/en/start/documentation/media-releases.msg-id-53586.html