- The Federal Supreme Court confirms: Data avoidance and data minimization apply despite strong encryption; unnecessary personal data must not be collected in the first place.
- Data security alone does not justify the transmission and storage of superfluous consumption data; “non-existent data cannot be misused.”
Even with encryption, which takes 640 trillion years to circumvent, the principles of data avoidance and data economy must be observed. Thus, the Federal Supreme Court ruled in the 1C_273/2020 (intended for official publication). In this decision, the court deals in detail with the admissibility of data processing by electronic water meters and coins the formula: “non-existent data cannot be misused”.
It is not often that the Federal Supreme Court speaks of trillions. In this ruling of January 5, 2021, it did so in connection with radio-based water meters. The bone of contention was the decision in Auenstein (AG) to convert from mechanical to electronic meters. The municipality hoped that this would increase efficiency in billing. On the other hand, the complainant feared that unauthorized third parties could penetrate the radio system and create a consumer profile. He also felt that the permanent transmission of data violated his personal rights and disregarded the principle of data avoidance. Accordingly, he demanded that the mode of operation of the new device be reset to that of a conventional meter, particularly as more data-saving variants are available.
The municipality, on the other hand, argued that there was no interest in the data and that its decryption, according to the information provided by the equipment manufacturer, would require “a period of 6.4E+20 or 640,000,000,000,000,000 years” (ruling WBE.2019.383 of the Aargau Administrative Court of April 8, 2020, E. 4.2).
In a first step, the Federal Supreme Court classified the data on water consumption as personal data and their recording and transmission as data processing (E. 5.3.2). It then affirmed an interference with informational self-determination (Art. 13 para. 2 BV) and assessed its permissibility against the standard of Art. 36 BV (E. 5.4). In principle, it affirmed both the legal basis as well as the public interest and the proportionality – however, this only for the Invoicing date (E. 5.6). It found it inadmissible that the water meter also stores the hourly values for eight months and transmits them by radio every 30 seconds. To this extent, the Federal Supreme Court denied proportionality, because there was no need for the Necessity missing
This is not affected by the fact that, according to the precise and convincing explanations provided by the lower court, this data is very well protected and misuse can be virtually ruled out or seems very unlikely. […]. Data security alone does not outweigh the fact that more personal data is being processed than necessary. Otherwise, the principle of necessity would no longer be relevant if the entity processing the data can prove that it has taken sufficient protective measures. However, the principle of necessity or data avoidance and data economy aims to ensure that data that is not necessary is not collected and processed in the first place. In this sense, their protection is also better ensured: non-existent data cannot be misused. (E. 5.5.3 a.E.)
Against this background, the assertion of the municipality that it did not want to use the surplus data (E. 5.4.1 a.E.) was also unhelpful. The Federal Supreme Court partially upheld the complaint and referred the matter back to the municipal council for a reassessment.