23rd annual report 2015/2016

Below, you find a selection of articles taken from the FDIPC's 23rd annual report. If you are interested in the complete version of the reports, please refer to the corresponding pages in German or French.

Data protection issues relating to the collection of signatures

Anyone collecting signatures for a popular initiative or a referendum may only use the personal data obtained subject to certain requirements. For example, the data may only be used to send out newsletters or similar material if the person concerned has freely expressed their consent. Continue...

Investigation regarding Swiss Pass

At the end of 2015, we carried out an investigation into the ‘Swiss Pass' issued by the Swiss Federal Railways (SBB) and the Swiss Public Transport Union (SPTU). We concluded that the data processing that occurs when tickets are checked is neither proportionate nor founded on an adequate statutory basis. We have consequently issued a recommendation to the SPTU and the SBB regarding rectification of the established failings. Continue...

Private surveillance of football fans on public land

When football fans are secretly filmed on public property, this may constitute a breach of privacy rights under law. Such a measure could be legitimised if it were either part of police action or were carried out only in the event of an incident. Continue...

Investigation regarding Windows 10

Last year Microsoft launched the Windows 10 operating system. When this was introduced, our attention was drawn to the data processing involved and we subsequently looked into this more closely. We paid particularly close attention to the information provided by the system users and the consent they give. Continue...

Access to data on apps

When installing a smartphone app it is worth taking a few moments to check and see what rights are asked for. This usually involves allowing access to data. Continue...

Evaluation of the logfiles of the Swiss Border Guard

Under the terms of the Schengen Association Agreement we conducted an evaluation of the logfiles of the Swiss Border Guard (SBG), end-users of the Schengen Information System (SIS). The evaluation of the logfiles showed that this organisation's access to the SIS is compliant with data protection laws. Continue...

Implementing provisions on the Federal Act on the Electronic Patient Record

The Federal Act on the Electronic Patient Record (EPRA) was passed by Parliament on 19 June 2015. The deadline for requesting a referendum expired on 8 October 2015. With this, the sectoral identifier for the electronic patient record is now in place. A range of contentious issues still have to be addressed. Continue...

Inspection of health insurance company data collection points

As already mentioned in the 2014/2015 annual report, since 1 January 2014 all health insurance companies have been required to have a certified data collection point to receive diagnosis-related-group-type invoices. Our inspections of data collection points this year have revealed that the system has been well implemented. In some cases we identified weaknesses, of which the certification agencies concerned have been made aware. Continue...

Staff security checks (in the private sector)

In response to a number of enquiries, we looked at the requirements for staff security checks in the private sector and drew up some guidelines on the issue. Continue...

Internet file-sharing sites and copyright - revision of the Copyright Act

The revised Copyright Act will introduce the right to information in civil proceedings, the issuing of warnings, and the implementation of stay-down filters in specific cases, all of which are problematic from the point of view of data protection. Continue...

Postfinance: processing of client data

Integrating additional financial instruments into an existing e-banking platform may constitute a change in purpose of data processing, and so requires the consent of the client. Our investigation into the circumstances at Postfinance led to the company agreeing to make several improvements to give the client greater choice. Continue...

Passing on personal data to foreign tax authorities

Switzerland is implementing the new standards in the global fight against tax fraud and tax evasion. The legislative process is in full swing in order to have the required legalisation in place by 2017. The Confederation's aim is to safeguard its political and economic interests in view of the international challenges without neglecting the personal rights of the taxpayer. Continue...

Restricting administrative assistance in relation to stolen data

We are of the view that it is unlawful to process requests for administrative assistance that are based on stolen data. We thus responded critically to the proposal for a further amendment to the Federal Act on International Administrative Assistance on Tax Matters at the consultative committee stage. Continue...

Banks and right to information

We increasingly receive enquiries relating to the provision of information by banks. Certain banks demand a fee that clearly exceeds the amount of 300 francs permitted by data protection law. Continue...

Transparency Act

According to the figures we received, in 2015 a total of 597 requests for access were submitted to the federal authorities (if we include those to the Office of the Attorney General of Switzerland and Parliamentary Services, the figure was 600; on this subject see section 2.1.2 of the annual report). This is once again a record number since the Transparency Act entered into force in 2006. In 319 cases (54%) the authorities granted complete access, in 127 (21%) partial access. In 98 cases (16%) no access at all was allowed; 31 requests for access were withdrawn and 22 cases were registered by the authorities as still pending at year end. Continue...

Further information

Documents

Order

The complete annual report can be ordered in German and French from the BBL, Vertrieb Publikationen, 3003 Bern
Art. Nr. 410.023.d/f

https://www.edoeb.admin.ch/content/edoeb/en/home/documentation/annual-reports/23rd-annual-report-2015-2016.html