25th Annual Report 2017/2018: Freedom before security

Bern, 25.06.2018 - Monitoring major digital projects has once again been the focus activity for the FDPIC. The E-ID Act as the basis for using a SwissID, the risk report on using the OASI number as a universal personal identifier or the conditions that must be met by e-ticketing or public transport apps underline this prioritisation. As a supervisory authority, the Commissioner had to intervene to prevent the processing of data on compulsory health insurance and had to deal with data leaks at several large companies. As the Freedom of Information Commissioner, the FDPIC succeeded in achieving a substantial increase in the efficiency of his arbitration procedures and welcomed the National Council’s unanimous commitment to guaranteeing transparency in connection with public procurement – thus ensuring that the principle of freedom of information does not become a farce.

The phenomena of digital reality, such as Big Data and algorithms, e-commerce, e-health, mobility and digital identification remain the focus of supervision. Against this background, the transitional period before the delayed total revision of the Data Protection Act (FADP) is completed poses a particular challenge. Whereas the data protection authorities in EU member states were given powers to issue orders and impose sanctions, not to mention considerable additional resources before the EU General Data Protection Regulation (GDPR) came into force, for the time being the FDPIC only has the power granted in the FADP of 1993 to issue recommendations and the same resources as in 2005, two years before the first smartphones came on the market. However, he will continue to do everything in his power to support Swiss companies in their application of the GDPR by providing advice and assistance. Switzerland’s residents and businesses deserve an up-to-date data protection system. The total revision of the FADP should therefore be dealt with as quickly as possible.

Data leaks and informal rights to decide for oneself in major digital projects
In the report year, the Commissioner was called on to deal with several cases of data leaks, such as those at Swisscom or at the international debt collection company EOS. He also had to intervene in connection with a bonus programme run by the Helsana health insurance company. The FDPIC took legal action against the latter, which had rejected his recommendations. People are being subjected to increasing surveillance in public spaces. The FDPIC is therefore monitoring numerous major digital projects, such as the creation of an electronic identity (E-ID) or e-ticketing applications for public transport, where anonymous and non-discriminatory travel must remain possible even when ticket machines have been phased out for good.

Freedom before security
In the light of the worldwide availability of inexpensive face recognition technologies, the Commissioner warns of developments that are evolving in authoritarian states into the blanket surveillance and identification of the population and thus the loss of any privacy and independence. In any democratic state governed by the rule of law, the constitutional right to freedom must always take precedence over maintaining security; the Commissioner is concerned by the growing trend towards expanding data processing by security services in Switzerland to cover largely unspecific groups of persons such as ‘potential attackers’. Given the flurry of special federal legislation that has been issued on policing matters, which is likely to be exacerbated by further laws, such as that on police counter-terrorism measures, the FDPIC is calling, not before time, for an easily understandable fed-eral act on policing to be introduced. Once the federal government has done this job, one the cantons finished long ago, citizens will also be able to gain an overview of the many police information systems operating at federal level.

Information service before the federal elections in 2019
The unauthorised use by the British company Cambridge Analytica of personal data belonging to unsuspecting Facebook users in the run-up to the US presidential elections in 2017 and the Brexit referendum sparked international outrage. Ahead of the federal elections in 2019, the FDPIC and the cantonal data protection commissioners (Privatim), supported by a contact group of experts, will keep the public up-to-date on digital personal data processing methods that might be used to shape political opinion at national and cantonal levels. The content of this information service provided by the data protection authorities to the public will be limited to data protection matters.

FoIA: Efficient arbitration procedures and transparency in public procurement projects
As part of a year-long trial, on 1 January 2017 the FDPIC introduced an accelerated summary procedure with oral arbitration hearings. As the trial proved successful and resulted in all pending cases being dealt with and more amicable solutions being reached, this new working method has become the permanent procedure.
In the final week of the summer session of 2018, the National Council in its debate on the total revision of the Federal Act on Public Procurement (PPA) expressed its unanimous support for the principle of freedom of information in public procurement matters, thus rejecting the Federal Council’s proposal not to apply the principle of freedom of information in such cases. The Freedom of Information Commissioner hopes that the Council of States will now follow this decision so that transparency remains guaranteed in public procurement.

The complete 25th Annual Report 2017/2018 is available in German and French at www.derbeauftragte.ch (under Documentation). The most important topics are covered in the summary.

Address for enquiries

Information service of the Federal Data Protection and Information Commissioner, tel. 058 464 94 10, info@edoeb.admin.ch


Federal Data Protection and Information Commissioner