The Federal Data Protection and Transparency Commissioner (FDPIC) has published his activity report covering the period from April 2021 to March 2022. In it he says he is concerned about the indifference towards the protection data and the low value given to the notion of privacy.
In the press release that accompanies the publication, the officer points to two recent developments that testify to this indifference. First, the series of failures in the processing of health data revealed by the press and by investigations by its own departments. He mentions in particular the security weaknesses of the German-speaking breast implant platform “Mammoregister” and those of the Mesvaccins.ch site, which he ordered to close in the spring of 2021.
The second reason for concern is the desire of European governments to have preventive access to individual communications. As a reminder, the EU intends to oblige providers of e-mail and instant messaging services to scan messages and report those containing child pornography. A controversial bill which would undermine encryption and which has aroused numerous criticisms, including recently from the Federal Council. In this regard, the proposal recalls that crime is inherent in society and affirms that “citizens who oppose the self-incriminating interests of the authorities by using, for any reason, encryption software, cannot be reproached by the rule of law for abusing their freedom”.
The employee, on the other hand, welcomes the digital systems put in place by the Confederation during the pandemic. “From a data protection perspective, digital Switzerland has achieved strong recognition thanks to the SwissCovid app and the Covid certificate, including in its light version. The decentralized and data-efficient design of these tools has made it possible to prevent citizens’ data from being transmitted to the federal administration, ”he explains at the start of his press release. A surprising observation, to say the least, when we know the errors of the Covid certificate in terms of the private sphere.
Mistakes on the Covid certificate
To see more clearly, we must delve into the report of the PFPDT. It says that the attendant was consulted for the Confederation’s draft Covid certificate and that he ensured that this pass complied with data protection. By requiring in particular that the certificate introduced in June 2021 can be used in paper form and above all that the app be accompanied by a light certificate. The Agent is pleased to have imposed this alternative that is more respectful of the private sphere, typically preventing establishments from knowing the conditions for obtaining the certificate (cure, test, vaccine) for their customers.
Except that in December 2021, the transition from the 3G rule to that of 2G caused this light certificate to jump. From now on, establishments should be able to distinguish people who have been cured or vaccinated from those who have only been tested. The Covid certificate application has thus been updated and the light certificate has disappeared. In his activity report, the agent simply that in the absence of a compatible solution, he therefore demanded “that the light certificate can again be fully used in the event of a return to the 3G rule”. A pragmatism that clashes with the intransigence of the same officer with regard to the removal of encryption from messaging apps on the grounds of the fight against crime.
More generally, one can wonder about the ability to challenge the FOPH’s choices and projects. In its report, the PFPDT thus indicates that it underlined that “restrictions of access on the basis of a certificate, and therefore the processing of health data linked to it, could be considered proportionate in terms of the protection of data, only if such measures were epidemiologically necessary and appropriate to combat the pandemic”. And to add: “It is up to the FOPH, as the competent office, to provide proof of this, which is why the FDPIC has always relied on its findings and assessments to issue its opinions”. In summary, an indiscretion in the private sphere caused by a project of the FOPH is proportionate if the project is proven necessary and appropriate by this same FOPH. We did better in refereeing…
#Federal #Commissioner #concerned #lack #regard #private #sphere #Covid #certificate