Introduction of biometric data in the new Swiss passport

As of September 2006, Switzerland will issue biometric passports as part of a five-year pilot project. We have been in contact with the responsible department of the Federal Office of Police during the planning stage in order to ensure compliance with data protection principles. Furthermore, we have submitted an opinion on the consultation procedure (carried out in the course of the preparation of legislation) on the federal law and the federal decree on identity documents. According to the draft revision, the biometric data of the passport-holder would be stored on a central database. This seems to us to be disproportionate.

In September 2004, the Federal Council decided to follow developments in the area of travel documents and instructed the Federal Office of Justice and Police to prepare a draft bill revising the federal law and decree on identity documents. At the request of the United States and upon the recommendation of the International Civil Aviation Organization (ICAO), the Swiss passport will be issued in future with a chip containing biometric data. The inclusion of biometric features (facial image, and at a later stage digital fingerprints) is intended to facilitate the positive identification of the passport-holder, and thereby render misuse of ID documents more difficult. Facial images (and fingerprints) will be held in biometric data compilation centres. The data will be stored both on the chip and on the ID document information system (ISA). The first biometric passports will be issued as of September 2006 within the framework of the 5-year pilot project. However, during the pilot phase, only the facial image will be stored. The pilot project is based on the revision of the decree on identity documents. The definitive introduction of biometric passports will require a revision of the law on identity documents.

Biometric data are highly sensitive personal data within the meaning of Article 3 c) paragraph 2 of the Data Protection Act since they can be used to infer the individual’s ethnic group or possible illnesses. The purpose limitation and proportionality of the inclusion of biometric data in Swiss passports in the present revision, in particular during the pilot project, must be subject to careful scrutiny to ensure that measures are both appropriate and necessary. In this context, it is important to remember that insofar as the implementation of biometric passports is concerned, Switzerland is bound by certain standards laid down by various international bodies (ICAO, EU).

We indicated during the consultation procedure that the pilot project was not supported by a sufficiently sound legal basis. Article 17 paragraph 2 of the Data Protection Act requires a formal legal basis for the processing of particularly sensitive personal data. The revised decree on identity cards does not fulfil this requirement. Furthermore, we believe that the central storage of biometric raw data in the ISA database is disproportionate. The purpose of the biometric passport is to authenticate the passport-holder. This can be done by comparing the stored reference data (digital facial image, fingerprint) with the person who presents the document for inspection. The fact that the law does not permit data held in the ISA system to be used for police manhunts does not invalidate the disproportional nature of central data storage. Furthermore, the reading of information contained on chips at international borders will be governed by international treaties. We have demanded a contractual assurance that the biometric data will not be used improperly. This is particularly important in the case of countries that have no data protection legislation equivalent to that of Switzerland. We also think it is premature to allow transport companies that are required to check the identity of their passengers to have access to biometric passport data. The possibilities that are available today to verify the identity of the ticket-holder seem to us to be more than adequate. Finally, with regard to the use of RFID chips, we have asked that sufficient measures be taken to protect the biometric data contained in the passport, and in particular to guarantee the transparency of data processing.

In addition to the comments we made during the consultation procedure, we also met those in charge of the project on two occasions and discussed the data protection aspects in relation to the introduction of biometric passports with them. We were invited in October 2005 to carry out an on-site inspection of the biometric data acquisition systems that had been short-listed and in the process to gain a better understanding of the data import procedure in the data compilation centres. We will continue to work closely and exchange information with the Federal Office of Police which is responsible for the project.