Submitted text
The Federal Council will be invited to draw up a report outlining the challenges posed by the increasing interconnectedness and growing performance of the Federal and cantonal databases with regard to the Data protection and whether legislative or other measures are appropriate in this regard.
Justification
The federal government and the cantons now maintain an unmanageable number of registers, directories, databases and data collections that go far beyond the AHV numbers or the civil status register. There are so far No overview about the nature, scope and interconnectedness of this data and which administrative bodies have access to which data and how the Privacy is ensured in the network of all these applications. The report is intended to provide an overall view of the existing databases and to define the challenges arising with increasing digitization.
Statement of the Federal Council of 19.2.20
Due to the principle of legality any database requires a legal basis. This regulates, for example, the categories of data processed, the purposes of the database and the right of access. This means that each database has its own purpose, taking these elements into account. As far as the cantonal databases are concerned, the Confederation is in principle not responsible. By surveying the databases currently in existence at the federal or cantonal level, it would not be possible to draw any conclusions about the challenges these databases pose to data protection. Moreover, some of these challenges have already been documented. For example, in the report of the expert group “Future of Data Processing and Data Security” (https://www.efd.admin.ch/efd/de/home/dokumentation/nsb-news_list.msg-id-72083.html) or in the recently published report on the challenges of artificial intelligence (https://www.admin.ch/gov/de/start/dokumentation/medienmitteilungen.msg-id-77514.html).
Guaranteed at the federal level Article 11a of the Federal Act on Data Protection (DSG, SR 235.1) provides a certain degree of transparency. This is because all federal bodies must register their data collections (which contain personal data, as defined in Art. 3 let. g FADP) with the Federal Data Protection and Information Commissioner. The data collections are entered on the website www.datareg.admin.ch and can be queried there. In particular, the following information is listed there: Purpose of the data collection, name of the owner of the data collection, categories of personal data processed, categories of participants in the data collection, categories of data recipients.
It is also envisaged that, when implementing the revision of the Data Protection Act, the procedure for drawing up the special legal bases required for operating a system for processing personal data will be reconsidered. The corresponding measures will improve the standardization of practice within the Confederation and thus also increase legal certainty.