18th annual report 2010/2011

Below, you find a selection of articles taken from the FDIPC's 18th annual report. If you are interested in the complete version of the reports, please refer to the corresponding pages in German or French.

Preface

The triumph of small-mindedness in the digital age?

"The fact that people wish to take advantage of the many attractive offerings companies distribute via the Internet should not come at the price of having to surrender all rights to privacy, like one hands over one's coat to the cloakroom assistant. If insisting on this basic liberal right causes us to be branded as narrow-minded and petty bourgeois, then so be it", wrote the Neue Z├╝rcher Zeitung in an article that appeared just before the hearing on Google Street View at the end of February 2011. We fully endorse this position.

Biometric recognition systems for the reservation of sports grounds

A tennis club introduced a new biometric reservation system. Every member is now required to confirm their reservation of a court by means of a fingerprint scanner; thus, they gain access to the court. A number of concerned club members turned to us, as a result of which we carried out an inspection of the system. It turned out that the system did not in fact meet data protection requirements and therefore needed to be modified. We issued a recommendation and are currently in discussions with the club to see how the changes could be implemented.

Nightclubs and youth clubs - black lists and biometrics

Nightclubs and youth clubs are studying ways of recognising individuals who have been banned before they actually gain access and refusing them entry. We have examined various projects which involve the use of biometric recognition systems for the identification of delinquents whose names are recorded on blacklists. A particular point of concern from a data protection perspective concerns the planned exchange of data between clubs.

Surfing the web anonymously

Is it possible to surf the web anonymously today? Take the case of cookies. They are becoming increasingly powerful, particularly when it comes to personalising browsers. However, even without this technology, the browser itself leaves traces that are capable of clearly identifying the user. This is an observation that we are able to confirm after examining and testing the Panopticlick algorithm.

Cookies - new trends

As part of our technology watch activities we investigated the latest developments with regard to the use of cookies. Cookies are a well-known mechanism used in web browsers that store the traces left by the user during surfing. In a way they are the browser's memory. At the beginning, cookies were just text files, but with technological development they have become more and more powerful and are now a real threat to our privacy.

Street Views on the Internet

Following Google's rejection of our recommendations and refusal to adapt Street View to data protection requirements, the FDPIC filed an action with the Federal Administrative Court. The Court accepted our demands on virtually all the important points. We also took a closer look at the methods used by other Internet companies that provide street views and discovered that there were notable differences between them and Google Street View.

The capture of WiFi networks

In early 2010 we learned that camera cars used by Google in Switzerland for Street View had also captured data regarding WiFi networks. Our investigations revealed that the collection of this data was not in conformity with our data protection laws.

Internet exchanges: decision by the Federal Supreme Court

The Federal Supreme Court ordered Logistep to halt all copyright-related data processing activities and banned it from forwarding any data already collected to copyright holders. In so doing, it has sent out a strong signal that it opposes all attempts by private individuals, and not just in the copyright sector, to take on certain tasks that must remain the prerogative of the State.

Online marketing - new EU ePrivacy Directive

At the end of 2009 the EU Parliament approved the revision of the ePrivacy Directive 2002/58/EC. The aim was to create more transparency and security for consumers. The process of transposing the new directive into national law in the member states is due to begin in 2011, and this will also have an impact on Switzerland.

Speech to the Council of Europe on the processing of patient data

The Council of Europe invited us to address a meeting of the Steering Committee on Bioethics and to talk about the processing of patient data. The main point at issue was to determine whether it was necessary to have a regulatory framework, and if so what kind. Our position is that handling health data without a valid set of rules is not in the interests of a national health system.

Misuse of customer data by health insurers for marketing purposes

Several health insurers wrote directly to patients who had been prescribed a particular medication in order to suggest they switch to an equivalent and cheaper drug. Although this may at first sight seem quite sensible in view of the enormous cost pressures in the health sector, it nevertheless constitutes an infringement of data protection provisions.

Centralization of human resources abroad

More and more international companies have centralized their human resources departments. As a result, Swiss subsidiaries are increasingly being required to transfer the personal data of their employees to the parent company abroad.

Data protection and the use of smart meters

The adoption of the new Federal Electricity Supply Act paved the way for the gradual liberalization of the electricity market as of 1 January 2008. The use of digital electricity meters makes it possible to store and transmit over the Internet very large quantities of data. Although this could provide electricity customers with potential savings, it also brings with it certain risks as far as privacy is concerned.

Data transfers abroad for outsourced data processing

In an era of globalization, transferring data abroad as part of the outsourcing of data processing activities is gaining in importance, particularly for multinational groups. Moreover, as a consequence of the division of tasks, data processing is regularly entrusted to a subcontractor. This raises important issues, such as the data protection requirements that must be fulfilled before data can be transferred to a contractor or subcontractor abroad.

Freedom of information principle

The number of applications for access to documents held by the federal administration in 2010 stood at about the same level as in the previous year. There are fewer and fewer cases where applications are rejected in toto, which shows that the trend continues. All in all, 32 cases for mediation were submitted to the Federal Data Protection and Information Commissioner. This compares to 41 in the previous year.

Further information

Documents

Order

The complete annual report can be ordered in German and French from the BBL, Vertrieb Publikationen, 3003 Bern
Art. Nr. 410.018

https://www.edoeb.admin.ch/content/edoeb/en/home/documentation/annual-reports/older-reports/18th-annual-report-2010-2011.html