Postu­la­te Flach (19.4567): Data pro­tec­tion in fede­ral and can­to­nal data­ba­ses – an over­all view is needed

Postu­la­te Flach (19.4567): Data pro­tec­tion in fede­ral and can­to­nal data­ba­ses – an over­all view is needed

Sub­mit­ted text

The Fede­ral Coun­cil will be invi­ted to draw up a report out­lining the chal­lenges posed by the incre­a­sing inter­con­nec­ted­ness and gro­wing per­for­mance of the Fede­ral and can­to­nal data­ba­ses with regard to the Data pro­tec­tion and whe­ther legis­la­ti­ve or other mea­su­res are appro­pria­te in this regard.

Justi­fi­ca­ti­on

The fede­ral govern­ment and the can­tons now main­tain an unma­na­geable num­ber of regi­sters, direc­to­ries, data­ba­ses and data coll­ec­tions that go far bey­ond the AHV num­bers or the civil sta­tus regi­ster. The­re are so far No over­view about the natu­re, scope and inter­con­nec­ted­ness of this data and which admi­ni­stra­ti­ve bodies have access to which data and how the Pri­va­cy is ensu­red in the net­work of all the­se appli­ca­ti­ons. The report is inten­ded to pro­vi­de an over­all view of the exi­sting data­ba­ses and to defi­ne the chal­lenges ari­sing with incre­a­sing digitization.

State­ment of the Fede­ral Coun­cil of 19.2.20

Due to the prin­ci­ple of lega­li­ty any data­ba­se requi­res a legal basis. This regu­la­tes, for exam­p­le, the cate­go­ries of data pro­ce­s­sed, the pur­po­ses of the data­ba­se and the right of access. This means that each data­ba­se has its own pur­po­se, taking the­se ele­ments into account. As far as the can­to­nal data­ba­ses are con­cer­ned, the Con­fe­de­ra­ti­on is in prin­ci­ple not respon­si­ble. By sur­vey­ing the data­ba­ses curr­ent­ly in exi­stence at the fede­ral or can­to­nal level, it would not be pos­si­ble to draw any con­clu­si­ons about the chal­lenges the­se data­ba­ses pose to data pro­tec­tion. Moreo­ver, some of the­se chal­lenges have alre­a­dy been docu­men­ted. For exam­p­le, in the report of the expert group “Future of Data Pro­ce­s­sing and Data Secu­ri­ty” (https://www.efd.admin.ch/efd/de/home/dokumentation/nsb-news_list.msg-id-72083.html) or in the recent­ly published report on the chal­lenges of arti­fi­ci­al intel­li­gence (https://www.admin.ch/gov/de/start/dokumentation/medienmitteilungen.msg-id-77514.html).

Gua­ran­teed at the fede­ral level Artic­le 11a of the Fede­ral Act on Data Pro­tec­tion (DSG, SR 235.1) pro­vi­des a cer­tain degree of trans­pa­ren­cy. This is becau­se all fede­ral bodies must regi­ster their data coll­ec­tions (which con­tain per­so­nal data, as defi­ned in Art. 3 let. g FADP) with the Fede­ral Data Pro­tec­tion and Infor­ma­ti­on Com­mis­sio­ner. The data coll­ec­tions are ente­red on the web­site www.datareg.admin.ch and can be queried the­re. In par­ti­cu­lar, the fol­lo­wing infor­ma­ti­on is listed the­re: Pur­po­se of the data coll­ec­tion, name of the owner of the data coll­ec­tion, cate­go­ries of per­so­nal data pro­ce­s­sed, cate­go­ries of par­ti­ci­pan­ts in the data coll­ec­tion, cate­go­ries of data recipients.

It is also envi­sa­ged that, when imple­men­ting the revi­si­on of the Data Pro­tec­tion Act, the pro­ce­du­re for dra­wing up the spe­cial legal bases requi­red for ope­ra­ting a system for pro­ce­s­sing per­so­nal data will be recon­side­red. The cor­re­spon­ding mea­su­res will impro­ve the stan­dar­dizati­on of prac­ti­ce within the Con­fe­de­ra­ti­on and thus also increa­se legal certainty.

Aut­ho­ri­ty

Area

Topics

Rela­ted articles