Inter­pel­la­ti­on Schwa­ab (15.3822): Quick­ly cure teething trou­bles of the new public trans­port sea­son ticket “Swiss Pass
Pen­ding, dis­cus­sion post­po­ned (18.12.2015)

See also “Swiss Pass”: FDPIC demands dele­ti­on of con­trol data

Sub­mit­ted text

I put the fol­lo­wing que­sti­ons to the Fede­ral Council:

1. is the Fede­ral Coun­cil awa­re that the data pro­tec­tion regu­la­ti­ons regar­ding the “Swiss Pass” vio­la­te modern con­cepts of data pro­tec­tion? For exam­p­le, against data pro­tec­tion by tech­no­lo­gy (“pri­va­cy by design”) or data pro­tec­tion by default (“pri­va­cy by default”), both prin­ci­ples that the Fede­ral Coun­cil sup­port­ed in its respon­ses to my Postu­la­tes 13.3806 and 13.3807.

2. is this type of pro­ce­s­sing of per­so­nal data and its dis­clo­sure to third par­ties legal?

3. will the Fede­ral Coun­cil inter­ve­ne with SBB and the other public trans­port com­pa­nies con­cer­ned (as well as their owners) to ensu­re that the “Swiss Pass” gua­ran­tees data pro­tec­tion through tech­no­lo­gy and data pro­tec­tion through default set­tings? If not, why not?

4. the­re is a risk that ticket checks on public trans­port will take signi­fi­cant­ly lon­ger, as each “Swiss Pass” has to be scan­ned indi­vi­du­al­ly and the­r­e­fo­re not only can fewer peo­p­le be checked, but life is also made unneces­s­a­ri­ly dif­fi­cult for staff and users? Is the Fede­ral Coun­cil awa­re of this risk? Will it inter­ve­ne to sim­pli­fy this process?

5 Sin­ce the checks take lon­ger, fewer peo­p­le can be checked. Does the Fede­ral Coun­cil think that this will encou­ra­ge fare evasion?

6. will the Fede­ral Coun­cil inter­ve­ne to ensu­re that the “Swiss Pass­port” is given a name in one (or more) of the natio­nal lan­guages? If not, why not?

Justi­fi­ca­ti­on

SBB and other public trans­port com­pa­nies have intro­du­ced the new sub­scrip­ti­on “Swiss Pass”. This new sub­scrip­ti­on not only has only an Eng­lish name, but also does not suf­fi­ci­ent­ly gua­ran­tee pri­va­cy pro­tec­tion. The per­so­nal data of sub­scrip­ti­on hol­ders can be used for mar­ke­ting pur­po­ses, for exam­p­le, unless they have express­ly objec­ted to this. In addi­ti­on, the data may be dis­c­lo­sed to third par­ties. Sub­scrip­ti­on hol­ders are not express­ly infor­med of this pos­si­bi­li­ty and must take the neces­sa­ry steps them­sel­ves to pre­vent the dis­se­mi­na­ti­on of their per­so­nal data. This prac­ti­ce vio­la­tes modern con­cepts of data pro­tec­tion. Sin­ce the “Swiss Pass” will replace a gre­at many sea­son tickets, it is extre­me­ly likely that the per­so­nal data of mil­li­ons of public trans­port users will be misu­s­ed. In addi­ti­on, ticket checks will take lon­ger becau­se of the new system, and life will be made unneces­s­a­ri­ly dif­fi­cult for staff and users.

State­ment of the Fede­ral Council

1 In the public trans­port indu­stry, a distinc­tion is made bet­ween cus­to­mer data and con­trol data. The intro­duc­tion of the “Swiss Pass” does not chan­ge the hand­ling of cus­to­mer data. Cus­to­mer data will con­ti­n­ue to be used for mar­ke­ting pur­po­ses. Accor­ding to SBB, this is done “with extre­me restraint”.

A con­cre­tizati­on of the prin­ci­ples of “Pri­va­cy by Default” (prin­ci­ple of data pro­tec­tion-fri­end­ly default set­tings) and “Pri­va­cy by Design” (prin­ci­ple of data pro­tec­tion by tech­no­lo­gy) is curr­ent­ly being dis­cus­sed both in Switz­er­land and at the Euro­pean level as part of the ongo­ing data pro­tec­tion reforms. In con­nec­tion with the “Swiss Pass­port”, the Fede­ral Coun­cil sees two points that need to be con­side­red with regard to the­se prin­ci­ples. With regard to cus­to­mer data, the con­flict with the “Pri­va­cy by Default” prin­ci­ple could be that the cus­to­mer must object if he does not want his data to be used for mar­ke­ting pur­po­ses. Anyo­ne who does not want this to hap­pen must com­mu­ni­ca­te this by e‑mail, tele­pho­ne or at the counter.

When a tra­ve­ler with a “Swiss Pass” is checked, a con­trol data record is crea­ted in each case. The con­trol data is stored for 90 days. With regard to the con­trol data, this sto­rage is to be con­side­red in light of the prin­ci­ple of “Pri­va­cy by Design”: Accor­ding to SBB, this reten­ti­on peri­od is inten­ded to enable the pro­ce­s­sing of any cus­to­mer reac­tions after travel.

It is the respon­si­bi­li­ty of the Fede­ral Data Pro­tec­tion and Infor­ma­ti­on Com­mis­sio­ner (FDPIC) to check whe­ther the­re have been any vio­la­ti­ons of the appli­ca­ble data pro­tec­tion law and, if neces­sa­ry, to ensu­re com­pli­ance with the regu­la­ti­ons. As part of its super­vi­so­ry acti­vi­ties, the FDPIC car­ri­es out checks every year, inclu­ding on com­pli­ance with the data pro­tec­tion pro­vi­si­ons for the “Swiss Pass”. The Asso­cia­ti­on of Public Trans­port (VöV) as the publisher of the “Swiss Pass” and the SBB pre­sen­ted the data pro­tec­tion mea­su­res to the FDPIC in spring 2015. The for­mal exami­na­ti­on by the FDPIC in the form of the “Cla­ri­fi­ca­ti­on of the facts ‘Swiss Pass’ ” is curr­ent­ly still pen­ding. VöV and its affi­lia­ted com­pa­nies are coope­ra­ting uncon­di­tio­nal­ly with the FDPIC in this review.

2 SBB assu­res that cus­to­mer data is not traded at any time. Data may only be dis­c­lo­sed to third par­ties if spe­cia­li­zed part­ners per­form ser­vices on behalf of SBB. Data will only be dis­c­lo­sed to such spe­cia­li­zed part­ner com­pa­nies if no legal or con­trac­tu­al con­fi­den­tia­li­ty obli­ga­ti­on pro­hi­bits this. In addi­ti­on, the hand­ling of the trans­mit­ted cus­to­mer data by the part­ner com­pa­nies is con­trac­tual­ly regu­la­ted, wher­eby the pro­vi­si­ons in the Swiss Data Pro­tec­tion Act form a man­da­to­ry basis. The Fede­ral Coun­cil is the­r­e­fo­re unable to iden­ti­fy any unaut­ho­ri­zed data pro­ce­s­sing by third parties.

3 The Fede­ral Coun­cil is con­vin­ced that the FDPIC would take the neces­sa­ry mea­su­res if it were to iden­ti­fy vio­la­ti­ons of the DPA.

4. it is true that the con­trol pro­cess on the train is some­what pro­lon­ged. The actu­al check takes only a very short time, but cus­to­mers have to hand over their sea­son ticket to the con­trol staff. Howe­ver, the con­trol will be more pre­cise with the “Swiss Pass”, as the con­trol staff will imme­dia­te­ly reco­gnize inva­lid sea­son tickets. It is the respon­si­bi­li­ty of the public trans­port com­pa­nies to ensu­re that ticket checks are expe­di­ent and customer-friendly.

5 Even today, the level of con­trol in public trans­port is not 100 per­cent. Given today’s traf­fic and pas­sen­ger volu­mes, this is neither logi­sti­cal­ly fea­si­ble nor eco­no­mic­al­ly via­ble. Many years of expe­ri­ence show that a 100 per­cent level of con­trol is not neces­sa­ry to enforce the ticket obli­ga­ti­on. Rather, it is important that checks take place on a com­pre­hen­si­ve and regu­lar basis. The trans­port com­pa­nies con­stant­ly moni­tor the rate of pas­sen­gers wit­hout a valid ticket. Should this increa­se con­tra­ry to expec­ta­ti­ons, the trans­port com­pa­nies would be in a posi­ti­on to inten­si­fy controls.

6 Mar­ket pre­sence and pro­duct names are a mat­ter for the trans­port com­pa­nies that are mem­bers of VöV. The Fede­ral Coun­cil the­r­e­fo­re sees no rea­son to inter­ve­ne. The use of the angli­cism in naming has advan­ta­ges from the point of view of VöV: In mul­ti­l­in­gu­al Switz­er­land, it can in cer­tain cases sim­pli­fy com­mu­ni­ca­ti­on at the natio­nal level wit­hout dis­ad­van­ta­ging one lan­guage regi­on. In gene­ral, angli­cisms can increa­se the reco­gni­ti­on value of pro­ducts and offers more than a name in the respec­ti­ve natio­nal lan­guage. The name “Swiss Pass” was sel­ec­ted by a com­mit­tee with repre­sen­ta­ti­ves from all lan­guage and natio­nal regions.