Right to be forgotten and lifetime data retention

• First purpose: Simplification of administrative processes for the university administration; in this case, the university decides on the processing purpose. SWITCH, however, holds the role of order data processor for the university. As such, it is subject to the same data protection rules as the university is – usually cantonal rules.
• Second purpose: Use of the Swiss edu-ID for the private purposes of the identity holder; e.g., buying a product that is discounted for students. In this case, it is the user alone who decides who receives which information about him. Here, SWITCH, as the user’s contractual partner, is only obligated to him and subject to the Swiss Federal Data Protection Act.

As shown above, in terms of simplifying administrative processes, universities are subject to the cantonal rules for data processing. These rules may vary considerably. In order to meet the requirements of the various cantonal rules when designing the Swiss edu-ID, SWITCH has contacted various data protection authorities and requested their assessment. Meetings were held with the Federal Data Protection and Information Commissioner (FDPIC) and the cantonal authorities in Zurich, Fribourg and Lucerne. Their feedback is gradually being integrated into future work.

The following insights from the meetings have already been received:

• Retention of attributes by SWITCH: Once the user has left the university, the university has to retain his attributes if he wishes to continue using his Swiss edu-ID. The university normally requires a legal basis for doing this, but such legal basis does not exist at present. Accordingly, when the user leaves the university, his attributes should be transferred to SWITCH for purposes of continued use, because SWITCH is not subject to that requirement.
• Handling the lifetime retention of data: On the one hand, the Swiss edu-ID must be available on a lifetime basis or capable of being reactivated as needed, as the case may be. On the other hand, for purposes of personal privacy, the attributes of a Swiss edu-ID that is no longer in use should not be retained forever. In order to reconcile these two contradictory interests, the holder of an unused Swiss edu-ID must be asked at regular intervals – for instance, every five years – whether his data should continue to be retained or whether they should be deleted.

However, the following should remain unchanged as regards SWITCHaai: It is the user who decides, by way of a user consent, whether his attributes should be released to the service providers.

This article appeared in the SWITCH Journal October 2015.

Further articles on legal issues concerning the Swiss edu-ID:

• Who is liable for the Swiss edu-ID?

• Exercising Caution When Processing Personal Data