- FDPIC objects to access to basic insurance data by Helsana Zusatzversicherungen AG in breach of data protection law due to lack of legal basis.
- Processing of health insurance fund affiliation creates economic premium effect; violates KVG, therefore inadmissible.
- FDPIC sees lack of voluntariness of consent due to link to program access; legal distinction from prohibition of linking insufficiently explained.
The FDPIC has carried out the clarification of the facts in the case of Helsana+ in accordance with Art. 27 and 29 of the Swiss Code of Obligations. FDPA with a Recommendation (PDF) concluded because the parties did not agree on some points. The recommendation concerns the Helsana+” bonus programoffered by Helsana supplementary insurance. The bonus program
allows you to collect points for health-conscious behavior, social and societal commitment and solidarity with Helsana. The collected plus points can be redeemed for monetary values, benefits in kind, vouchers, etc. or in the form of bonus benefits (such as discounts) with Helsana partners.
[Terms of use and data protection for the Helsana+ App]
The Privacy Policy contains the following provision:
The User expressly agrees that Helsana may, within the scope of processing the Helsana+ App, access the information available at the insurance companies of the Helsana Group. Insured data of the user may.
This enables the provider of the program, Helsana Zusatzversicherungen AGThe user can be identified by comparing the data with the user’s insurance data. This involves accessing data from the basic insurance (the user’s insurance status).
The FDPIC examined the bonus program as part of its fact-finding process and objected to it on two points:
- It is against data protection when Helsana supplementary insurances AG as part of the registration process to data of the basic insurer access. The basic insurer is a federal body and can therefore only be legal basis take action. Such action was lacking for the disclosure of data to Helsana Zusatzversicherungen. AG.
- Bonus points can be converted into monetary benefits, whereby the amount of the benefits depends, among other things, on whether the user has basic and/or supplementary insurance with Helsana. Accordingly, the processing of the health insurance affiliation has the economic effect of a premium refund. This violates the KVGTherefore, the corresponding data processing is inadmissible.
In all other respects, the FDPIC the program as compliant with data protection regulations (cf. the Helsana media release).
In the run-up to the recommendation, Helsana decided without prejudice to dispense with the transfer of data from basic to supplementary insurance and instead to obtain proof of basic insurance from the users of the app, which avoids the problem of data disclosure by the basic insurer, but in the end amounts to the same thing.
The core of the present case concerns issues of consent (and insurance law, but that should not be of further interest here):
- Significance of consent in the case of federal bodiesAssuming that the Helsana Group’s basic insurers, when disclosing insurance data to Helsana Zusatzversicherungen AG act as a federal body within the framework of the bonus program, the principle of legality applies (Art. 17 para. 1 FDPA). Art. 19 para. 1 lit. b FDPA however, allows data disclosure with consent “in individual cases”. An individual case is likely to exist here because the consent concerns a clearly defined case, which already establishes an “individual case”; moreover, the consent even concerns only a single processing.
- Voluntariness of consent: The FDPIC Consent to the collection of data by Helsana Supplementary Insurances AG (The correct term would probably be: consent to the disclosure of data by the basic insurer; prima vista, the collection itself does not violate any processing principle and therefore does not require a justification reason) for voluntary, because consent is necessarily linked to access to the program.
The reproduction of the facts in the recommendation and the legal considerations of the FDPIC are too scarce for an in-depth analysis. However, the following points stand out:
- The FDPIC continues to assume a Tie-in out (as already before; in addition cf. here and here), which he also does not justify in more detail here. However, he is apparently of the opinion that the user cannot freely decide whether he wants to agree to the data disclosure in question because he cannot participate in the bonus program without this consent. In my opinion, this is wrong. First of all, no one is required to participate in a bonus program. To this end BGE 129 III 35 i.S. Post vs. VgT on the obligation to contract under private law:
“For the concretization of this principle, however, it should be noted in advance that the Freedom of contract – and thus also the freedom to conclude contracts – as an element of private autonomy. extraordinary high value in the private law system. Since restrictions on the freedom to conclude contracts already result in large numbers from explicit – mostly public law – legal provisions, contracting obligations outside of express statutory orders have a pronounced exceptional character and can only be accepted with great reluctance. Under certain conditions, however, a duty to contract can be derived from the principle of prohibition of immoral conduct.
- A prohibition of tying is not the same as a contracting requirement, but is related to it because it also restricts freedom of contract. Corresponding considerations are missing from the recommendation.
- Secondly, a Tie-in only apply if the consent relates to data processing that is compatible with the has nothing to do with the subject matter of the contract. If data processing is required for a contract, it is of course permitted; in this case, there is no linkage, but a modality of contract processing. As a rule, consent is not required in this case. If it is nevertheless required in exceptional cases, e.g. because a federal body discloses data to third parties, as in this case, this does not change the factual connection between the contract and the consent.
- In the present case, there seems to be such a factual connection because the bonus program is dependent on the insurance status, among other things. Whether this design of the bonus program is permissible is a different question, which cannot be solved by means of the prohibition of tying. Otherwise, the prohibition of tying – should such a prohibition be affirmed at all in Swiss law – would be misused as an instrument of content control.