Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Chapter: 

III. Privacy issues

Privacy regulator

The LPD created the office of a Federal Data Protection and Information Commissioner (the Commissioner, or FDPIC).1 The Commissioner maintains and publishes the Register for Data Files, supervises federal government and private bodies, provides advice, issues recommendations and reports, and conducts investigations. The Commissioner has assumed a new role as mediator relating to transparency and public information.2 The Commissioner also consults with the private sector. The office publishes a detailed annual report, as well as leaflets, summaries of press articles and critical statements, and advice to government agencies on issues of data protection.3 However, the Commissioner has only limited possibilities for interventions: he can only submit "suggestions" (Empfehlungen) or ask the Data Protection Commission to review a case. Decisions of this commission can then be submitted to the Federal Court (Bundesgericht). In the FDPIC’s 14th Annual Report (2006/2007), the Commissioner addresses issues that range "from military information systems, such as reconnaissance drones, to the planned introduction of the health insurance card, to video surveillance in stores, and to biometric access control in sports stadiums and leisure facilities."4

Annually, the FDPIC deals with 1,500 to 2,000 complaints, investigations and requests. Among these, there are questions of individuals, media inquiries, long-term supervision of operational proceedings in private enterprises, as much as, in the federal administration, and comments on legislation at the hearing stage. According to the FDPIC, between April 1, 2005 and March 31, 2006 it conducted 63 official investigations, 50 of which concerned access to homeland security files.5

In September 2005, the FDPIC hosted the 27th International Conference of Data Protection and Privacy Commissioners in Montreux. More than 350 participants from all over the world took part, and the Conference adopted two important resolutions: one on the use of biometric data in passports, ID cards and travel documents, and a second on the use of personal data for political communication.6

National ID

The identity card is machine-readable as is the new passport, which became effective on January 1, 2003. On September 15, 2004, the Swiss government decided that the next edition of Swiss passports should include a chip with biometric data. The decision is based on a feasibility study by the Federal Police "Fedpol," commissioned in September 2003. This should allow Swiss citizens to fulfill the requests introduced by the US government after September 11 2001, requiring that every visitor without a visa be able to present a passport with a biometric identity tag.7 In April 2005, the Swiss government declared that such a passport would be available only by September 2006 or later, due to the coordination of similar efforts of the European Union (EU).8 In September 2006 Switzerland issued its first biometric passports as part of a 5-year pilot project. However, during the pilot phase, facial images are the only biometric data stored on the passports.9 The FDPIC reviewed and commented on draft revisions to the identity documents law and decree and was very critical of the plan to store biometric data in a central database.

Banking records are protected by the Swiss Federal Banking Act of 1934. This act was passed to guarantee strong protections for the privacy and confidentiality of bank customers. However, Switzerland has come under increasing pressure from the European Union and the Organization for Economic Cooperation and Development (OECD) to weaken these laws and provide greater access to bank records for the purposes of tax collection. The adoption of the "Schengen agreement" would provide a solution to the conflicts (see below). In reality, banking data have been transmitted illegally to the US in at least one case described at the end of this chapter.

Cooperation with the European Union

Switzerland is not a member of the EU, but has some special agreements with the EU. Some of these bilateral agreements were signed in 2000 and 2001. In May 2004, the government decided to sign another set of agreements ("Bilaterale II").10 These contracts were approved by referenda, and Switzerland ratified the Schengen and Dublin Conventions on June 5, 2005.11 The Schengen agreement12 aims at creating a pan-European Security Zone, thus shifting the borders between European nations to the external borders of Europe. Inside Europe, people would be able travel without the traditional border police control, while travelers from and to Europe would face strengthened border controls. However, the national police forces will be allowed to execute "mobile controls" in the 30 km range along the borders, as well as in train stations, inside of trains and at airports. This means that all persons will de facto have to carry an ID document, which was not compulsory until now in Switzerland.13

Further, the Schengen Convention establishes a close cooperation among police forces, in order to combat international "criminal tourism" (Kriminaltourismus). The core subject of this agreement is the Schengen Information System (SIS), a pan-European database that records personal information on people who have been arrested, migrants, and missing objects14 (Fahndungsdatenbank) by the national police forces. In the summer of 2007, SIS consisted of 17 million entries. A second generation database, SIS II is currently being developed. The new system’s implementation has been delayed until 2008. The SIS database is not only a tool against crime, but also a tool for repression against immigration. SIS is operated by the EUROPOL, and by joining the Schengen agreement, Swiss police officers have full online access to the SIS database. The Swiss Department of Justice and Police (EJPD) calls the SIS "a revolutionary step for police work." Other parts of the Schengen Convention cover the cross-border observation by national police forces and the exchange of police officers. According to the agreement, Switzerland must contribute to the SIS database by 2008.

The Dublin Convention, created in 1990, establishes a European cooperation agreement to process applications from asylum seekers. It will allow Switzerland to access "Eurodac," the pan-European database of fingerprints of asylum seekers and migrants.15 According to the Dublin Convention, asylum requests are checked only by one EU member state whose decision becomes binding for all other member states.

There are several bilateral agreements on police cooperation between Switzerland and many other nations in Europe, which expand the types of collaboration among law enforcement authorities. The Swiss Federal Police is, in this regard, exchanging information and data with other countries.16 Concrete collaboration has been tested in the case of international political and economic meetings, like the G8 meeting in Geneva in June 2003 and the World Economic Forum meeting in Davos in January 2004. In January 2005, the Swiss government published an agreement on the collaboration with Europol, signed in September 2004. The agreement allows both parties to establish "exchange officers."17

Police and intelligence agencies' activities

The Swiss police system is traditionally strongly organized by the 26 cantons. Every canton has its own police force. However, in the last few years there have been substantial efforts to build up a central "Federal Police" corps (Fedpol), based in Berne.18 Fedpol has mainly investigative duties. For this purpose, a Federal Criminal Police has been built up since 1994.19 Other duties include the "prevention" of crimes. Fedpol publishes an annual report on "national security."20 Most of the expansion of Fedpol has been done in order to "fight against organized crime and terrorism." In order to "fight cybercrime" a specific task force was established in 2003, the "Coordination Unit for Cybercrime Control" (CYCOS).21 In December 2004, the Swiss government opened the consultation process on a revision of the Penal Code (Strafgesetzbuch, StGB),22 which consists mainly of regulating the criminal liability of Internet providers, stating: content providers should be fully liable for documents which are prohibited by law; hosting providers should not be liable at all; while access providers should be liable only if they participate actively in offering such documents. A second consultation process has been opened on a bill aiming at centralizing the investigations of cybercrime cases at the Federal Police.23

Although the cooperation has been extended in various fields, there are still some tensions between Fedpol and cantonal police forces, and also inside governmental agencies. Therefore, the Controlling Commission of the Swiss Parliament (Geschäftsprüfungsdelegation, GPDel) is demanding a more efficient coordination of the different intelligence agencies of the Swiss Army and the Federal Police.24

Legally, the activities of the Fedpol are mainly based on the Bundesgesetz über Massnahmen zur Wahrung der inneren Sicherheit (BWIS).25 This law was enacted in July 1, 1998 following a scandal in the autumn of 1989, when members of a parliamentary investigative commission (the Parlamentarische Untersuchungskommission, or PUK) discovered huge databases of citizens in the premises of the Federal Police (the political police) and the Federal Prosecutor (Bundesanwaltschaft).26

The former Federal Police, now called the Service for Analysis and Prevention, is part of the Federal Office for Police Matters, which also includes the Federal Criminal Police. It hosts two databanks, including ISIS (the Information System for Internal Security), which replaced the old paper files of the federal police.27 In April 2004, ISIS contained files on 60,477 persons who are considered terrorists, violent extremists or possible spies.28 Files are opened on "preventive" grounds, which means that no criminal investigation is required. However, data resulting from criminal investigations, and thus also from telephone surveillance, can be maintained for preventive purposes, even if the person is acquitted before a court. The other databank is JANUS,29 which contained files of 62,500 persons in July 2001 and 83,700 in March 2004, most of them being registered for alleged drug trafficking, since registration of consumers is not allowed. Files in JANUS can be created on the grounds of simple suspicion. In July 2001, the records on the 62,500 suspected target persons (Stammpersonen) also contained 116,500 references to third persons who are not suspected.30

The database GEWA of the Fedpol section on money laundering (Meldestelle Geldwäscherei) contained 10,884 persons and 4,170 companies in February 2004.31 The database for "searched people and objects" (Fahndungsdatenbank) RIPOL contained 142,625 entries for persons in January 2004, most of them are searched for because of minor offenses.32 In February 2004, the main Fedpol register IPAS (Personen- und Aktennachweissystem) contained entries on 641,446 persons.33 IPAS is organized as an index to other databases, including the database of fingerprints AFIS and of genetic profiles EDNA (see below).34

Currently the Swiss government is preparing a bill that should include the legal basis for JANUS, IPAS and RIPOL in one single law on police databases.35 In the same context, the government plans a new information system called "Police Index," to facilitate the collaboration with the cantonal and with foreign police authorities.

A revision of the BWIS is currently planned. The directors of the Federal Police and the Intelligence forces are demanding an extension of their capabilities, e.g., to be allowed to spy inside private apartments or to tap telecommunications, even without the concrete suspicion of a crime. Further, the revision should include the possibility to operate secret "undercover agents" (verdeckte Ermittler), even for the means of "prevention," that is, in cases where no concrete crime is under investigation.36 Since January 1, 2005, the police are allowed to operate as undercover special agents.37 The majority of the Parliament accepted the governmental proposal, arguing that this would be "a necessary tool against organized crime," like terrorism and money laundering. Finally, the police forces are also demanding access to ONYX, the Swiss military satellite telecom interception system similar to ECHELON (see below).

On the legal basis of the BWIS, the government decreed a regulation which compels all institutions "executing an official duty" to report any suspicion of a "terrorist activity" to the federal police.38 These institutions include universities, hospitals, and train carriers. The regulation was first released in November 1, 2001, in the aftermath of the attacks of September 11, 2001, to sunset after one year. It was extended for another year, and in November 2003 was extended for two more years.39

In preparation for the next European Football Championship (TM), scheduled for 2008 in Switzerland and Austria, the new anti-hooliganism law came into force on January 1, 2007. Limited until the end of 2009, it introduces stadium bans, a national hooligan database, travel restrictions for known troublemakers and increased police powers.40 However, critics fear that the term "hooliganism" would not be restricted to football fans, since the law covers all kinds of "large public events," including political demonstrations. The National Swiss Security Strategy for EURO 2008 discusses a number of "risk situations" associated with the event, from terrorism to human trafficking and forced prostitution.41

Genetic identification

In July 2000, a regulation on the collection and storage of genetic profiles was introduced, allowing the Swiss administration – by way of a new Agency called AFIS Services – to establish and operate a centralized database with DNA profiles of persons and stains.42 The Federal Office has collected data for the police since August 1, 2000. All samples taken by the police are given a unique identifier, so that the name of the suspect is never disclosed to laboratory employees. The regulation states that police forces are allowed to collect DNA samples only in case the offense committed is listed in a catalogue.43 However, this catalogue not only includes crimes like murder, sexual offenses, life endangerment and rape, but also theft (Diebstahl). Further, there are reports (and lawsuits) of cases where the police have taken DNA samples of persons who did not commit any of these offenses.44 By the end of 2003, EDNA contained 45,313 DNA profiles. One year later, it had almost 60,000.45 On January 1, 2005, the EDNA regulation was replaced by a formal law,46 which does not have a catalogue of offenses at all.

In March 2004, the majority of the National Council decided to allow life insurance companies to review previous DNA analyses of persons in case they want to sign a contract with a life or a voluntary insurance company against invalidity. The bill was approved by the smaller chamber (Ständerat) in June 2004 and again in October 2004. The deadline for a referendum passed on January 27, 2005 without a request for a public ballot.47

Sports facilities in Switzerland have begun using biometric access control systems. The FDPIC has conducted inspections of the systems and asked that biometric data, in this case digital fingerprints, be stored on the individual membership cards and not on a central database. At the Commissioner’s request, the sports facility inspected agreed to provide customers that refuse the registration of their biometric data with alternative solutions at the same price.48

The Federal Office of Public Health plans to implement voluntary storage of medical information on new health insurance cards. However, the Commission has asked the Federal Office of Public Health to forego storing medical data on the health insurance card for the time being, because Public Health has not yet defined the purpose of this storage, nor shown the necessity of implementing such a scheme. Without a clearly set out purpose, it is impossible to determine whether the storage is appropriate and whether their storage respects the principle of proportionality.49

National registries

In May 2004, the National Council began to debate the revision of the Law on Foreigners.50 The larger chamber of the Federal Parliament decided to include biometric data in foreigners' identity documents. The law would also provide a definite legal basis for the Central Register of Foreigners, which now holds data on about 4.5 million persons. In order to avoid so-called "faked marriages" (Scheinehen), the law provides that marriage officers (Zivilstandsbeamte) would be allowed to investigate the "honesty" of bi-national marriages. In June 2004, the National Council passed the law, despite strong opposition in the parliamentary commission concerned. The second chamber (Ständerat) discussed the bill in March 2005 and introduced even more severe restrictions for foreigners.51 The bill now goes back to the National Council.

Visual surveillance

More and more public transport companies are introducing CCTV in their vehicles. After a pilot test in 2002 and 2003, the Swiss Federal Railway company SBB (now a private company, but still owned by the state) announced a large project to install surveillance cameras in trains.52 Until 2003, such surveillance was not allowed by law, neither was the operation of CCTV systems in train stations. In December 2003, a regulation was subsequently introduced, allowing the SBB to operate CCTV systems in train stations and inside trains.53

The city police of Zurich bought a new mobile camera system with capabilities for automatic car plate recognition (AFNES) to be operated in Zurich. It will be able to identify car plates and compare the results with the national database RIPOL. With closer connections to EU justice and police agencies, Switzerland will likely also gain direct access to European car plate databases. According to some sources, the use of an automatic plate recognition system is planned on at least one Swiss highway tunnel in order to control speed limits.54

The growth of video surveillance in Switzerland is helped by the cameras getting smaller, cheaper and more sophisticated. This is especially true for the systems operated by private entities, such as shopkeepers or house owners. Also, more sport stadiums are installing CCTV cameras. However, opposition against camera surveillance is growing as well. The committee of the Swiss "Big Brother Awards" has been organizing several "excursions" on the subject of surveillance cameras in Zurich and released a map with camera locations in a city district of Zurich, as well as in the Zurich Main Train Station.55 The Federal Data Protection Commissioner published a leaflet explaining the legal conditions for private individuals to operate video surveillance cameras.56

Unmanned aerial vehicles

The Swiss Air Force started operating Unmanned Aerial Vehicles (Drohnen) of the type "ADS 95 Ranger." They are produced in Switzerland by the company RUAG in Emmen LU, in collaboration with Israeli companies. On January 6, 2004, on a test flight, a military UAV observed a civil car driving into a forest near Lucerne. The operators informed the local police patrol, who amended the car passengers for smoking marijuana.57 According to a media report, the Swiss Air Force is operating one to four UAV test flights every day. The images of the cameras are registered and stored for up to six months.

In honor of this privacy invasion, the Air Force received one of four Swiss "Big Brother Awards 2004."58 On Easter Holiday 2005, the Army offered their UAVs to cantonal police forces in order to observe north-south traffic on the Gotthard route. For the celebration of the International Worker's Day on May 1, 2004, the Zurich police asked the Air Force about using UAVs to observe the rally in Zurich from the air. These examples show a strengthened collaboration between military and police forces.

There is still no formal legal basis governing the use of army reconnaissance drones by the border police. At the request of the Commissioner, the Federal Council finally agreed to remedy this legal shortcoming and to also regulate the use of surveillance equipment for civilian purposes. The Commissioner has pointed out that the legal rules covering military information instruments need to be highly specific, and should cover not just the actual surveillance devices, but also the type and purpose of the surveillance.59

Facial recognition

At the Zurich "Unique" airport, the cantonal Police of Zurich tested a pilot system for automatic face recognition between February and June 2003. Officially, the Farec (Face Recognition system, mainly aims at recognizing people trying to immigrate without identity documents. This is the first test worldwide of face recognition in the context of boarder controls. During the test phase, 1,003 passengers of 277 flights were registered by Farec. In 81 cases, a search in the database followed, with 10 hits and 17 fails. In December 2004, the Zurich Cantonal Government (Regierungsrat) provided a legal regulation (decree, Verordnung), extending the test phase until the end of 2006.60 Although quite skeptical about the usefulness of the system, the data protection officer of the canton Zurich accepted the decree.61 There are reports that Switzerland will employ face recognition surveillance technology at the EURO 2008 sporting event; however, the official National Strategy makes no mention of face surveillance.

Footnotes