Below, you will find a selection of articles taken from the FDIPC's 14th annual report. If you are interested in the complete version of the reports, please refer to the corresponding pages in German or French.
All too often the Data Protection Commissioner finds himself in the role of Sisyphus, that tragic figure from Greek mythology condemned for all eternity to roll a huge rock up a mountain only to watch it roll back down to the bottom again. Every time it looks as if a data protection problem has been solved, it crops up again almost immediately in a somewhat different form. This is exemplified by the long tug-of-war between the Federal Data Protection and Information Commissioner (FDPIC) and the Federal Council (Swiss government) on the lack of a legal basis for the use of reconnaissance drones by the Swiss border police. In reaction to a number of motions from Swiss MPs, it now seems that the Federal Council, in spite of its earlier reticence, is prepared to address this shortcoming within the framework of its partial revision of military legislation. However that does not mean to say that the issue will go away: citizens are becoming increasingly concerned by the use of miniature remote-controlled or even GPS-programmed planes (helicopters, drones, etc.) that are equipped with high resolution cameras and can be used for all kinds of purposes, both “legal” and otherwise. The trend towards the miniaturisation of surveillance technology constitutes a major challenge for the protection of privacy. Together with all the other bodies concerned, we intend to put all the necessary effort into addressing the matter.
Biometric access control to sport and leisure centres
The verification of data protection practices by the KSS Sport and Leisure Centre Schaffhausen (hereinafter KSS) revealed that the use of biometric data for access control to the centre did not conform to data protection rules. Our main concern was to put an end to the centralisation of biometric data storage. Furthermore, customers who do not agree to being fingerprinted must be offered an alternative.
For some time Switzerland has been faced with acts of violence committed by so-called hooligans during sports events. In order to deal with this problem, the federal parliament began working on legislation in 2002. This culminated in the adoption of additional provisions to the Federal Act on Measures to Safeguard Internal Security (known by its German acronym BWIS) and the corresponding ordinance which came into effect on 1 January 2007.
Longer retention periods for telecommunication traffic data
In reaction to a parliamentary initiative, the Federal Council produced a report on ways to combat terrorism and organised crime more effectively. We were asked for an opinion on the proposal to extend the retention period of telecommunication traffic data from six to twelve months. In our view, the proposed measure is disproportionate.
Activities of the FDPIC in relation to EURO 2008
Within the context of preparations for the EURO 2008 Football Championship, we have received numerous requests for an opinion. Issues include: the Federal Council’s decision to ask the armed forces to provide civil support services; accreditation; and freeloader marketing.
Processing of medical data for third parties
Day-to-day activities in hospitals are becoming increasingly complex from an IT point of view and constantly raise new issues, particularly with regard to the imaging systems which require the storage of large amounts of data. In reply to a question from a private sector company, we examined the legal framework conditions that apply to the outsourcing of medical data to third parties by private hospitals for the purposes of data backup and remote maintenance.
Data protection in international payment transactions (SWIFT)
The great majority of international payment transactions are executed using the system run by the Belgium-based Society for Worldwide Interbank Financial Telecommunication (SWIFT). Unsurprisingly, the news reported in the media in June 2006 that the US administration, as part of its anti-terrorism strategy, had gained access to SWIFT data unleashed a political storm. As soon as we heard of this, we asked the major players in the Swiss banking sector to provide us with details, and took steps at different levels to find a solution to the SWIFT affair.
Federal law on the principle of freedom of information in government (Freedom of Information Act)
On the 1st July 2006, the principle of transparency in government was introduced. The intention was to provide citizens with a statutory and enforceable right of access to official documents. It also assigns new duties to the Federal Data Protection Commissioner: he is now an advisory and mediation body for all transparency-related issues, hence the change in name to Federal Data Protection and Information Commissioner (FDPIC).
The complete annual Report can be ordered in german and french from the BBL, Vertrieb Publikationen, 3003 Bern, Art. Nr. 410.014