Oracle: Tracking technologies encroach on internet users' privacy rights
Implications for Switzerland
Clarifications are now underway to determine the extent to which Swiss website operators and app providers are in violation of the data protection principles under the Swiss Data Protection Act by integrating the tracking technologies. The focus here is on the principles of transparency and proportionality, as well as the need to grant explicit consent to create personality profiles and process sensitive personal data.
Protective measures against unwanted tracking in the digital space
Website operators and app providers have a duty to check in advance which technologies they are using and whether these technologies may be tracking website visitors or mobile app users. If they are in fact tracking users, either the technology must be removed or the users must be provided with transparent and understandable information about how the data is processed, its purpose and their ability to object, as well as the possibility that their data will be transferred abroad. Furthermore, website operators and app providers must offer an easy way for users to deny consent to use their data (opt-outs or using default settings such as ‘Do not track’). Since tracking violates the personal privacy of data subjects, users must explicitly consent to tracking (opt in) when personality profiles are created or sensitive personal data is processed.
Internet users can protect themselves against unwanted tracking on the internet by deliberately selecting a private internet browser and adjusting their settings accordingly. They can also use ad blockers and add-ons or extensions to prevent the collection of their data.
In addition to complying with data protection principles, operators of databases containing personal data must always ensure the rights of data subjects. This means that any person can request information from the data controller (in this case the website or app operator) about what personal data is being processed about them, why it is being processed, and who can access it. Anyone who does not agree to the further processing of their data can request that it be deleted.
For the time being, the FDPIC has taken note of the serious allegations made in the lawsuit, is analysing them and their possible implications for Switzerland. He wrote to Oracle Software (Switzerland) GmbH on 2 September 2022 and reserves the right to take further steps if necessary.