The highpoint of 2005/2006 was undoubtedly the 27th International Conference of Data Protection and Privacy Commissioners which we organised in Montreux on 14 – 16 September. More than 350 participants from all over the world took part in a highly enriching debate which attracted much interest both in Switzerland and internationally. The subject of the conference was “The protection of personal data and privacy in a globalised world: A universal right respecting diversities”. The culmination of the meeting was the adoption of a declaration on the universality of data protection principles. We are convinced that the Montreux Declaration will give fresh impetus to the international dissemination and strengthening of personality rights. I would like to thank all those who helped make this such a successful event, and in particular the Federal Chancellor who made a substantial financial contribution from her budget, thereby ensuring that the 27th Conference could take place. The Conference also adopted two important resolutions. The first addressed the use of biometric data in passports, ID cards and travel documents. The second concerned the use of personal data for political communication (see the complete report under section 9.2.1).
Of all the major issues which concerned us last year, the most important were undoubtedly the widespread use of biometric data (in passports, for access control to sport facilities or for airport check-in, etc.), the use of drones (for border surveillance and other purposes), the change in the federal law instituting measures to preserve internal security, the new e-health card, and other health-related questions.
Looking back over the last year, it is clear that we have succeeded in boosting our surveillance activities, which was one of the primary aims of the reorganisation of our service. A number of completed projects bear witness to this, e.g. control of the use of biometrics for check-in and boarding purposes at Zurich airport, the Cumulus and Supercard programmes (customer loyalty cards issued by Migros and Coop respectively), supervision of medical research and biobanks, credit cards, etc. We noted with satisfaction that the those responsible for the activities which were the subject of our inspections always had a very positive attitude towards our work, saw this as an opportunity to improve the protection of personality rights, and agreed to implement our recommendations, no doubt because they were convinced that the best way to ensure customer loyalty is to put in place a credible data protection system. The rapid pace of technological development constantly creates new risks. As a result, we will need to step up our supervisory activity in the future in order to take timely action to counteract the negative effects on privacy protection. However, it is evident that any supervisory project worthy of the name, if it is to be credible, is extremely time-consuming and ties up considerable human resources. Even today, we simply do not have the wherewithal to fulfil all the supervisory duties that are expected of us. The problem is further compounded by the fact that the other part of our work, namely advising citizens and the authorities, is constantly growing. Currently, we are unable to process all the requests we receive. Not surprisingly, therefore, our supervisory activity remains very limited and we devote too little time to our advisory service. Technological developments, however, aren’t waiting for us to catch up, and our data protection duties are growing more complex by the day. For example, the public authorities are actively involved in promoting the e-health, e-government, and PIN (Project Idea Note) projects, adding to our already heavy workload. This explains why we are increasingly being forced to postpone or even shelve urgent advisory and supervisory/inspection projects. If we are expected to do a half-way decent job, we simply cannot afford to make any further cuts in the number of projects we complete annually.
Hence my concern that the very modest number of staff – by international standards – working at the data protection authority will continue to remain under pressure as a result of government spending cuts.
In spite of this situation, we are constantly expected to take on important new responsibilities. The federal law on the principle of transparency in the administration (Transparency Act) is soon to come into effect. All disputes between citizens and the public authorities can be referred to us for mediation. Furthermore, all individuals or companies will be able to come to us for expert advice on matters concerning the application of the law. The bilateral treaties between Switzerland and the EU, and in particular the approval of the Schengen/Dublin agreement, will certainly impose difficult and time-consuming supervisory activities on us. As both pose the risk of an infringement of people’s privacy rights and have therefore been the subject of heated public debate, we have said from the very outset that we would only be able to verify conformity with data protection requirements if we are given the necessary human resources to do the job properly. At this stage in our discussions the question remains moot: Our request for additional posts to allow us to deal with issues relating to the Transparency Act and the Schengen/Dublin agreement has not been authorised. On the contrary, we have been told that by the end of 2006 we must further reduce the number of staff positions from 19.6 to 19.
This year will be decisive for data protection in Switzerland and will determine whether Switzerland intends to pursue a credible privacy protection policy in the future. I will do everything in my power to achieve this, and if necessary I will inform the public directly about the impact of across-the-board spending cuts on data protection.
[July 2006]