Federal commissioner concerned about lack of respect for privacy (but a little less about Covid certificate)

The Federal Data Protection and Transparency Commissioner (FDPIC) has published its activity report for the period from April 2021 to March 2022. In it he expresses concern about the indifference to data protection and the low priority given to data protection.

In the press release accompanying the publication, the official points to two recent developments that demonstrate this indifference. First, the series of errors in the processing of health data that have been uncovered by the press and investigations by its own services. In particular, he mentions the security gaps in the German-language breast implant platform “Mammoregister” and those on the Mesvaccins.ch website, which he ordered to be closed in spring 2021.

The second concern is the desire of European governments to have pre-emptive access to individual communications. As a reminder, the EU intends to oblige email and instant messaging service providers to scan and report messages that contain child pornography. A controversial proposal that would undermine encryption and has caused a lot of criticism, most recently from the Federal Council. In this context, the proposal recalls that criminality is inherent in society and affirms that “citizens who defy the self-incriminating interests of the authorities by using encryption software for any reason cannot, under the rule of law, be accused of abuse of their liberty”. .

The employee, on the other hand, welcomes the digital systems set up by the federal government during the pandemic. «From a data protection point of view, thanks to the SwissCovid app and the Covid certificate, digital Switzerland has achieved a high level of esteem, also in the light version. The decentralized and data-efficient design of these tools prevented citizen data from being transmitted to the federal administration,” he explains at the beginning of his press release. A surprising finding at the very least, knowing the privacy-related flaws of the Covid certificate.

Error on the Covid certificate

To see more clearly, we need to look at the PFPDT’s report. It states that the companion was consulted on the draft of the federal Covid certificate and that he ensured that this ID card was data protection compliant. By requiring in particular that the certificate introduced in June 2021 can be used in paper form and, above all, that the app is accompanied by a light certificate. The agent is pleased to have introduced this alternative, which respects privacy and usually prevents establishments from knowing the conditions for obtaining the certificate (cure, test, vaccine) for their customers.

Only that in December 2021 the transition from the 3G rule to that of 2G caused this light certificate to skyrocket. From now on, institutions should be able to distinguish cured or vaccinated people from those who have only been tested. The Covid certificate application has thus been updated and the light certificate has disappeared. In his activity report, the authorized representative only states that, in the absence of a compatible solution, he is therefore demanding “that the light certificate can be fully used again when the 3G regulation is returned”. A pragmatism that clashes with the same official’s intransigence on removing encryption from messaging apps for crime-fighting reasons.

More generally, one may wonder about the possibility of contesting the BAG’s decisions and projects. The PFPDT therefore points out in its report that it underlined that “restrictions on access based on a certificate and the associated processing of health data could only be considered proportionate in terms of data protection if such measures to Fighting the pandemic were epidemiologically necessary and appropriate”. And additionally: “The proof of this is the responsibility of the BASP as the responsible body, which is why the FDPIC has always based its statements on its findings and assessments.” In summary, a privacy leak caused by a BAG project is proportionate if the project is shown to be necessary and appropriate by the same BAG As arbitrators, we were better…

#Federal #commissioner #concerned #lack #respect #privacy #Covid #certificate

Leave a Comment

Your email address will not be published.