Below you will find a selection of the articles included in the FDIPC's 12th annual report. If you are interested in the complete versions of the reports, please refer to the corresponding pages in German or French.
Opportunity makes the thief, or so the saying goes. Apply this analogy to data protection, and one could say: every new database whets the appetite for new uses. Why does this pose a problem?
Revision of the Federal Data Protection Act
Subsequent to two parliamentary motions, the Swiss government submitted a position paper (this procedure is known in Switzerland as a "message") to the two chambers of Parliament. In it, the Swiss government sets out its intention to revise the Data Protection Act (FADP) and to accede to the additional protocol on the convention for the protection of individuals with regard to automatic processing of personal data. The two draft bills are currently the subject of parliamentary debate.
Proposal for a certification procedure within the framework of the current partial revision of the Data Protection Act
The new FADP introduces a certification procedure for organisations and products, the purpose of which is to promote self-regulation and to give greater responsibility to the owners of data collections and stimulate competition. The revised implementing regulations for the FADP issued by the Federal Office of Justice are intended to set out the essential conditions applicable to the certification bodies which fall under the responsibility of the Swiss Accreditation Service. At the same time, we are working to develop a standard framework for the evaluation of the required data protection level in order to specify the minimum requirements applicable to data protection management systems.
Some data protection considerations with regard to the use of biometric data in the private sector
Biometrics has developed very rapidly and is increasingly used for automated authentication and identification procedures in a manner that affects the whole of civil society. Applications include access to school canteens, the payment of tickets for public transport, attendance and working time control systems, and access to facilities or IT systems. The use of biometrics poses risks for basic rights and freedoms and has become one of the major challenges for all those involved in data protection. The SDPC has recommended a number of principles which should be respected in the area of data protection.
Data protection issues relating to the use of RFID technology
The number of applications in which chips are used is growing by the day. RFID (radio frequency identification) uses radio waves to read and store data without the need for any contact or line of sight. Although there are certain areas where the use of RFID chips does not raise any data protection concerns, there are others which pose considerable risks for the private sphere of the population at large. It is therefore important that whenever this technology is used, measures are taken to prevent the unlawful processing of personal data.
Registration of prepaid SIM cards for mobile telephones
In August 2004, Switzerland adopted a provision requiring mobile telephone operators to register the purchasers of pre-paid SIM cards. However, the effectiveness of this measure, which involved a lot of time and energy, is questionable.
General conditions applicable to the processing of engine and operating data in motor vehicles
Modern vehicles are increasingly being fitted with new technologies (GPS, chips) which can store information about routes taken and driving behaviour. This possibility raises a number of data protection concerns. First of all, it is important to determine whether personal data are being collected. If this is the case, we need to know the amount and type of data being stored, as well as the purpose of their processing. Last but not least, it is important to know how the stored data are protected against access by third parties.
The complete annual Report can be ordered in german and french from the BBL, Vertrieb Publikationen, 3003 Bern, Art. Nr. 410.012