Home Content Area
17th annual report 2009/2010
Below, you find a selection of articles taken from the FDIPC's 17th annual report. If you are interested in the complete version of the reports, please refer to the corresponding pages in German or French.
Gold digger fever in the internet - the end of privacy as we know it?
Hardly a week goes by without one of the internet giants, such as Google or Facebook, coming out with yet another impressive new service or tool. They all conform to the same model: the service comes free of charge, but the provider generates income from advertising. The more users take up the offer and the more their needs can be analyzed with pinpoint accuracy, the more advertising revenue is generated. In the search for the greatest number of users and the highest advertising potential, providers are prepared to go to extreme lengths. A few recent examples:
Naming and shaming speeding motorists?
Cross-border administrative assistance and Art. 6 FADP
Street views on the internet: Google Street View
After an extensive examination of Street View, we came to the conclusion that the service presented a number of considerable shortcomings from a data protection perspective. We also received many complaints from the individuals concerned. As a result, we issued a recommendation and filed a complaint with the Federal Administrative Court against Google.
Street views on the internet - «Touchtown»
Shipping blood samples abroad
If a company in Switzerland sends blood samples for analysis to a laboratory in South Africa, it must have a signed agreement with the lab in question that sufficient data protection safeguards will be put in place.
Fingerprint-based attendance systems
Spyware in the workplace
Obligation for foreign data owners to register
The obligation to register data collections with the FDPIC is a provision under public law to which the territoriality principle applies. This duty arises for private individuals who regularly process highly sensitive personal data or personality profiles or communicate them to third parties.
Comments on data transfers in the event of corporate mergers
Corporate mergers are commonplace in today's economic environment. It is not surprising therefore that mergers always involve the processing of personal data. During the reorganisation and consolidation process, personal data are transferred and subject to numerous forms of processing. As a result, there is a risk that unauthorized persons may gain access to this personal information, that too much data may be disclosed (they may be released too soon, or to the wrong person), or that the personal data may be used for a purpose other than the one for which they were originally intended. However, the Data Protection Act obviously applies in the event of a merger to all the different phases. We have outlined the risks and issued recommendations on how to avoid infringements of privacy. The explanations may be found in German, French or Italian here (switch to the respective language section).
Comments on company data protection officers
The revision of the Data Protection Act, which came into effect in 2008, opened up the possibility for self-regulation. If companies appoint a data protection officer and notify the FDPIC accordingly, they are released from the requirement of having to register their data collections with us. However, the position and the person who will act as data protection officer have to fulfil certain criteria. The main duty of such a person is to check all personal data that may be processed in the company, to ensure that corrections are made where necessary, and to keep a list of all data collections that are held by the company. In order for the person in question to be able to carry out his/her supervisory duties correctly, the data protection officer must be independent - in other words, he/she must not be involved in any other activities, and he/she must have the required professional skills for the job (knowledgeable about data protection issues and familiar with the company's activities). Furthermore, he/she must not be bound by any instructions from the management and be protected against any form of sanctions resulting from the performance of his/her duties. Naturally, the data protection officer must have access to all data collections, data processing and all other pertinent information. The comments may be found here in German, French or Italian (switch to the respective language section).
Freedom of information principle
The number of requests for access to information remained more or less at the same level as the previous year. Over the years, a clear trend has emerged and there are fewer and fewer cases where requests for access to information have been entirely rejected. Instead, the authorities have increasingly allowed partial access. We have also witnessed a distinct increase in the number of requests for mediation over the last year.
End Content Area