19th annual report 2011/2012

Below, you find a selection of articles taken from the FDIPC's 19th annual report. If you are interested in the complete version of the reports, please refer to the corresponding pages in German or French.

Current situation and outlook

Last year notable improvements were made in the area of our national security. At every available opportunity we had argued that Switzerland's indirect right of access to information weakened the rights of its citizens, and that in all likelihood it would not stand up to the scrutiny of the European Court of Human Rights. As a result, when the review of the Federal Internal Security Act (BWIS) came before Parliament at its session in December 2011, the decision was taken to make the necessary changes. The principle has now been accepted that applicants are to be granted a direct access to information as of right, in accordance with Articles 8 and 9 of the Data Protection Act (FADP). However, that right may be suspended in cases where national security is at stake. In such circumstances, applicants may ask the FDPIC to investigate the matter; if a mistake has been committed, he may issue a recommendation.

User data collected by libraries are not as harmless as may appear at first sight. Once the data are put together, they actually produce an extremely detailed personality profile. We have therefore published an article which sets out to explain exactly how such data can be published in a way that satisfies data protection requirements.

What should we do when we see suspicious people hanging around our property or when our front garden is used for dumping waste? It might seem that the simplest solution is just to install a video camera which monitors the street in front of the garden. However, with a few notable exceptions, this is not allowed. We have published additional information on this subject in a factsheet entitled «video surveillance by private individuals».

During popular sports events, the personal data of participants undergo various forms of processing. We therefore decided to carry out an evaluation of the system used by a service provider from the industry. We focussed not only on the processing carried out by the service provider himself, but also on the user interface supplied to the organiser of the sports event.

A football club is not allowed to publish photographs of individuals setting off firecrackers on its website, nor may it appeal to those visiting the site to provide any related information on the persons shown in the photographs. Tracking down offenders is the exclusive task of the police, providing that all the necessary conditions have been fulfilled.

The integration of web content by third party suppliers is not a new phenomenon. At the outset, information was basically limited to stock exchange prices or weather reports; but now that we have moved into a highly interactive age, people have the possibility to post comments or to integrate articles or blogs. To simplify interactivity, social network operators offer website publishers so-called social plugins. And this is where the data protection issues arise.

The Logistep ruling by the Federal Supreme Court was another subject which occupied us during the year under review. In particular, we highlighted how, in our view, private individuals can continue to process personal data with a view to tracking down cases of copyright infringement in a manner that complies with data protection rules even after the Supreme Court ruling.

Our telephone helpdesk has received numerous phone calls on the subject of workplace surveillance. Proof, if any was needed, that neither employers nor employees really know what is actually permitted.

Companies, authorities and institutions that typically used to process their data internally are now increasingly sub-contracting that activity to outside companies and are relying on cloud computing. There is no doubt that there are many advantages to this. However, it would be wrong to forget the data protection and technical risks that are associated with this process. We have therefore published an explanatory note on cloud computing which highlights the risks and sets out the requirements.

The disclosure of data to foreign tax authorities is a subject that is at the top of the political agenda and it has sparked a controversial public debate. Looking at the issue from a data protection perspective, our focus has been directed primarily at the double taxation agreements, the new Tax Administrative Assistance Act, as well as the Foreign Account Tax Compliance Act (FATCA).

The number of requests for access in 2011 was almost twice as high as in the previous year. However, the percentage of requests granted or refused remained unchanged. We did note a significant increase in the fees charged by the authorities. Overall, 65 requests for mediation were received, a twofold increase over the previous year. Most of the requests for mediation were received from media professionals.