Below you will find a selection of the articles included in the FDIPC's 13th annual report. If you are interested in the complete versions of the reports, please refer to the corresponding pages in German or French.
The highpoint of 2005/2006 was undoubtedly the 27th International Conference of Data Protection and Privacy Commissioners which we organised in Montreux on 14 – 16 September. More than 350 participants from all over the world took part in a highly enriching debate which attracted much interest both in Switzerland and internationally. The subject of the conference was “The protection of personal data and privacy in a globalised world: A universal right respecting diversities”. The culmination of the meeting was the adoption of a declaration on the universality of data protection principles. We are convinced that the Montreux Declaration will give fresh impetus to the international dissemination and strengthening of personality rights. I would like to thank all those who helped make this such a successful event, and in particular the Federal Chancellor who made a substantial financial contribution from her budget, thereby ensuring that the 27th Conference could take place. The Conference also adopted two important resolutions. The first addressed the use of biometric data in passports, ID cards and travel documents. The second concerned the use of personal data for political communication (see the complete report under section 9.2.1).
Certification procedure within the context of the revision of the Federal Data Protection Act (DPA)
The revision of the DPA makes provision for a voluntary data protection certification procedure. As far as the certification of organisations is concerned, certification bodies will be presented with a two-part reference model for appraisal. The first part concerns the requirements to be met by a data protection management system, while the second focuses on a conformity inspection tool, that is to say on the data protection requirements that can be derived directly from the DPA.
Transfer of personal data by airline companies to the US and Canadian authorities
The transfer of personal passenger data to the US authorities by airline companies that are subject to Swiss data protection legislation is covered under an agreement between Switzerland and the US. The agreement was approved by the Federal Council on 4 March 2005. In it the US pledges to offer the same guarantees as it does to the EU. From a data protection perspective the agreement can be deemed acceptable. A similar agreement was concluded with Canada on 16 March 2006.
Verification of the use of biometrics during check-in and boarding at Zurich Kloten airport
The Secure Check pilot project was carried out at Zurich Kloten airport from December 2004 to mid-April 2005. The aim of the project was to improve the verification of passenger data as well as their travel documents upon departure by means of biometric data and to reduce waiting time at the security checkpoints. Our inspections of the biometric system used during check-in and boarding procedures allow us to issue a generally positive assessment. Nevertheless, the use of biometrics at Zurich Kloten airport does raise some fundamental issues.
Revision of the law instituting measures for the maintenance of internal security
Within the context of interdepartmental consultations we were invited to submit an opinion on two consecutive draft bills revising the federal law instituting measures for the maintenance of internal security. In our opinion on the first draft, we came to the conclusion that the measures envisaged did not respect fundamental rights and that they represented a disproportionate interference in the private sphere. With regard to the second draft bill, we maintain our earlier criticism, in spite of the changes that have been made, that the new draft is incompatible with data protection principles.
Data protection and the fight against hooliganism
Within the context of interdepartmental consultations we submitted an opinion on the draft bill revising the Federal law instituting measures for the maintenance of internal security (law on measures against propaganda inciting violence and against violence during sports events). One of the aims of this revision is to introduce a so-called “hooligan database”. Although some of our recommendations have been accepted in the draft bill, differences of opinion still remain and some questions remain unanswered. Furthermore, following our opinion and in response to a request, we still maintain that the use of a biometric system for facial recognition is not covered by the present draft bill.
Introduction of biometric data in the new Swiss passport
As of September 2006, Switzerland will issue biometric passports as part of a five-year pilot project. We have been in contact with the responsible department of the Federal Office of Police during the planning stage in order to ensure compliance with data protection principles. Furthermore, we have submitted an opinion on the consultation procedure (carried out in the course of the preparation of legislation) on the federal law and the federal decree on identity documents. According to the draft revision, the biometric data of the passport-holder would be stored on a central database. This seems to us to be disproportionate.
Transfer of payment data to the US authorities
The transfer of personal data by Postfinance to a banking institute in the territory of the United States must have a legal justification and the person concerned must be informed in an appropriate manner. Following our intervention, Postfinance changed its practice and proposed measures that take account of our comments.