16th annual report 2008/2009

Below, you find a selection of articles taken from the FDIPC's 16th annual report. If you are interested in the complete version of the reports, please refer to the corresponding pages in German or French.

Preface

Endurance and Pragmatism - the two essential ingredients for successful data protection

Facebook and other social network sites on the Internet are becoming increasingly popular, with currently well over 100 million users worldwide. For the younger generation, in particular, this is an extremely "cool" way of making friends and exchanging ideas on shared interests, but in the process they disclose a great deal of personal information about themselves. However, it should be noted that this instrument is not just the preserve of the young: politicians have come to realise that these networks create a kind of snowball effect, allowing them to get their message across to voters at virtually no cost. US President Barack Obama owed his election in no small part to the use of social networks during his campaign. In Switzerland, too, more and more politicians are resorting to this new means of communication. The referendum against the introduction of biometric passports was the first ever to have been organised via the Internet. Today, there are many groups of people - from employers to the secret services - who have realised the potential of tapping into this mine of information for their own purposes.

Switzerland and the US Conclude a Safe Harbor Agreement

The United States of America do not have an adequate level of data protection, which means that special guarantees must be obtained before any personal data may be transferred to a company located in the USA. Together with the SECO, the State Secretariat for Economic Affairs, we have negotiated with the US a set of rules that ensures an adequate level of data protection for registered companies. Thus, the transfer of data from a Swiss company to a registered US company will be considerably easier in the future.

Encryption makes video surveillance data protection compliant

Video surveillance is becoming increasingly pervasive. Thanks to the existence of various image encryption methods and the allocation of encryption keys, it is possible to use technologies that are data protection compliant and thus to avoid possible abuses. Agreements between developers and manufacturers facilitate the distribution of these technologies.

Doctor evaluation sites on the Internet

Following numerous complaints received regarding a website for the evaluation of doctors (www.okdoc.ch), we decided to look into the matter and to verify that data protection requirements are being met within the context of the anonymous online grading of physicians.

Website evaluation tools

At the request of the federal administration, and in response to various enquiries from citizens, we have analysed different aspects of website evaluation tools from a data protection perspective. In our view, certain criteria must be respected when evaluation tools are used for the purpose of producing website access statistics. In particular, a data protection declaration should draw users' attention to the kind of data that are being collected and to whom the data will be transferred (including the country of destination). If the data are to be transferred to a country which does not offer the required level of data protection, the supplier of the evaluation tool must provide the necessary contractual guarantees that a sufficient level of protection will be respected.

Comments regarding social networks

Social Network Sites (SNS) are very much in vogue, and the number of users is increasing by the day. For some time, people have been exchanging all manner of personal data via these social networks, and more often than not they create a personality profile of themselves which they then make available to other users. In so doing, they often overlook the risks associated with such behaviour. This development induced us to take a closer look at the risks and to provide SNS users with a few tips to make their personal data more secure. Our comments on social network sites can be consulted (in German, French and Italian).

Private publication of company register data

The publication of company register data by private individuals on the Internet increases public awareness about the company register and has thus been found to be lawful by the Federal Administrative Court. We, on the other hand, are of the opinion that public awareness and maximum publicity are not the same thing. Consequently, we call on private suppliers of company register data to take measures that reduce the publicity effect.

Implementation of the Schengen agreement: data protection at the federal level

After participating in the EU's evaluation of data protection in Switzerland, we began to develop our supervisory and information activities within the Schengen framework. We set up a coordination group which is responsible for liaising with the cantonal data protection authorities. We also carried out an inspection of a Swiss diplomatic representation abroad and published information documents on our website.

Implementation of the Schengen agreement: the FDPIC's inspection of the Swiss representation in the Ukraine

In our capacity as the body which has the responsibility for supervising the federal bodies authorised to use the Schengen Information System (SIS), we carried out an inspection of the Swiss representation in Kiev (Ukraine). We wanted to find out how the personal data contained in visa applications and residence permits were processed for the purpose of allowing citizens of third countries to gain access to the Schengen area via Switzerland. Our recommendations were focussed primarily on the training of staff who use the SIS system, the protection and technical security of personal data processing, contracts with external service providers, and the enforcement of data subjects' rights. We are currently examining the implementation of the recommendations in cooperation with the Federal Department of Foreign Affairs (FDFA) and the Federal Office for Migration.

Further information

Documents

Order

The complete annual report can be ordered in German and French from the BBL, Vertrieb Publikationen, 3003 Bern
Art. Nr. 410.016

https://www.edoeb.admin.ch/content/edoeb/en/home/documentation/annual-reports/older-reports/16th-annual-report-2008-2009.html