In the course of 2001 the Schengen Convention assumed a greater political importance when Switzerland was given the authority to negotiate for accession, and we began to analyse the Convention from a data protection point of view. Our analysis revealed that Switzerland adequately fulfils the requirements with regard to the data protection provisions that are to be introduced. However, prior to accession to the Schengen Convention, specific difficulties must be examined and several amendments will have to be made to current legislation.
In our analysis we pointed out again that Swiss accession to the Schengen Convention would result in consequences affecting data protection. We stressed, for example, that the problems connected with our accession should not be seen as a weakening of data protection resulting from our participation in an international system of co-operation; on the contrary, our accession will in fact benefit data protection by imposing a clearly defined and delineated framework around the data processing operations required for the exchange of information with the contractual parties. This will ensure that standards are demanding and in conformity with the standard of European data protection legislation. Our accession - in particular on account of the strict limits imposed on the purposes and uses of the data - would create a better set of conditions for flows of information and would thus provide better guarantees for the persons affected.
In our analysis we drew attention to three consequences which would have to be considered from the viewpoint of data protection in the event of Switzerland's accession to the Schengen Convention:
First of all, we stressed that in general terms and at a national level Switzerland fulfils the requirements and legislative standards specified by the Schengen Convention. Switzerland has at its disposal an adequate set of legal norms in the area of data protection. It is worth mentioning, for instance, the fundamentally important Article 13 of the Federal Constitution, which guarantees the right of every individual to have his or her privacy respected, Agreement No. 108 of the Council of Europe on the protection of people in the event of automatic processing of data relating to persons, Recommendation No. (87) 15 concerning the police's use of data relating to persons, the Federal Act on Data Protection and the corresponding Ordinance, the specific formal legislation on police computer systems which could be affected by the Schengen Convention, and the data protection regulations connected with this.
Secondly, we drew up a list of the problems that must be dealt with before accession to the Schengen Convention. The delicate issue of the cantons - which will in any event be affected by our accession to the Schengen Convention - should be examined. Although at present most of the cantons have enacted cantonal data protection legislation, not all of them have introduced an independent control authority. In addition, the efficiency of the legislation varies enormously as a result of the structures and means respectively available. The degree of data protection differs at times both from canton to canton and from the cantonal to the national level. Furthermore, with regard to the Schengen Convention regulations on the processing of personal data, it will be necessary to scrutinise carefully the situation relating to the different Swiss police databases. An investigation must establish which information systems are affected (RIPOL, IPAS, AUPER, ZAR, ISIS, JANUS etc.). Additionally the information flows and the linkage between the existing systems and the national Schengen Information System (SIS) as well as the joint SIS will have to be precisely regulated as a technical support system. Finally it must be borne in mind that data processing carried out by virtue of the Schengen Convention must be subject to identical data protection regulations, regardless of whether the data originates from cantonal or national sources and of whether the processing is carried out by national or cantonal staff.
Thirdly, our analysis revealed that certain changes in legislation will have to be undertaken in order to regulate the following: the creation of a national Swiss SIS (the drawing up of a formal basis for legislation), the connections between the national Swiss SIS and the other sources of data (databases such as RIPOL, IPAS, AUPER, ZAR, ISIS, JANUS etc.), participation in one or more international databases, cross-border exchange of police data, mechanisms for checking the accuracy and quality of data, asserting the rights of affected persons, especially the right to information (differentiating between direct and indirect right to information) and information exchange in connection with the supplementary procedure SIRENE (Supplementary Information Request at the National Entry). These changes in legislation must also take into account the questions relating to cantonal police competencies (particularly co-operation between federal and cantonal police, access to SIS etc.), the powers of the data protection controlling authorities (the Federal Data Protection Commissioner and cantonal data protection authorities) and also the involvement of the Federal Data Protection Commissioner in the work of the joint controlling authority.
Thirdly, our analysis revealed that certain changes in legislation will have to be undertaken in order to regulate the following: the creation of a national Swiss SIS (the drawing up of a formal basis for legislation), the connections between the national Swiss SIS and the other sources of data (databases such as RIPOL, IPAS, AUPER, ZAR, ISIS, JANUS etc.), participation in one or more international databases, cross-border exchange of police data, mechanisms for checking the accuracy and quality of data, asserting the rights of affected persons, especially the right to information (differentiating between direct and indirect right to information) and information exchange in connection with the supplementary procedure SIRENE (Supplementary Information Request at the National Entry). These changes in legislation must also take into account the questions relating to cantonal police competencies (particularly co-operation between federal and cantonal police, access to SIS etc.), the powers of the data protection controlling authorities (the Federal Data Protection Commissioner and cantonal data protection authorities) and also the involvement of the Federal Data Protection Commissioner in the work of the joint controlling authority.
On the basis of our analysis we came to the conclusion that, in respect of the data protection standards to be introduced, Switzerland meets the requirements in an appropriate manner. In order to accede to the Schengen Convention on the other hand, the problems indicated above must be examined and the required changes in legislation must be organised.
The results and conclusions of our analysis were forwarded in particular to the co-ordinating group PESEUS (project group-FDJP-strategy-EU-Switzerland) of the Federal Department of Justice and Police . We also promulgated our viewpoint through the notification procedure in respect of parliamentary initiatives on the Schengen Convention as well as in our hearing before the foreign policy commission of the Council of States in August 2001.
[July 2002]