Exercising caution when processing personal data

These principles are as follows:

• Lawfulness: Are other legal rules in place that prohibit the specific data processing in question?
• Recognisability: Is the data processing recognisable to the affected person?
• Proportionality: Are only so many data processed as necessary to achieve the intended purpose?
• Purpose: Are data processed only for the reported or recognisable purposes?
• Data accuracy: Are the data accurate in terms of their content?
• Disclosure abroad: Are the applicable principles observed?
• Data security: Are data safeguarded via appropriate technical and organisational measures?

As indicated by some of the terms, it is necessary to evaluate on a case-by-case basis the manner in which the implementation of these principles is interpreted. This means that whether or not an instance of data processing is recognisable to the user will be evaluated differently depending on the specific service. For example, it is clear that my personal data are transmitted abroad when I send an e-mail to a person located in another country. However, if I open an account with a web shop, then, absent additional information, it is not clear to me that my data will be used for marketing purposes.

Besides complying with the aforementioned "hard" principles, good data protection is characterised by the fact that implementation offers the individual as much transparency as possible and the greatest possible degree of control over his own data. In terms of the Swiss edu-ID, SWITCH strives to implement data protection as follows:

• Recognisability: The user of the Swiss edu-ID has access to his account, which also lists the attributes used. The disclosure of attributes to a service provider is indicated to the user on a case-by-case basis, as is done in SWITCHaai with the "uApprove" module. The implementation of this module is recommended to all universities. If a university uses the Swiss edu-ID as part of its administration without this being recognisable to the user, it must inform him appropriately of this use.
• Proportionality: Attribute categories are restricted to practical attributes that are justified for purposes of the Swiss edu-ID. Attributes not justified in connection with the purposes of the Swiss edu-ID are precluded. Furthermore, the identity provider (which is planned to be SWITCH) has the option to control the attributes that are transmitted to the service providers. It will likewise be important for SWITCH to inspect critically the attributes requested by the service providers on a case-by-case basis and to reject them where necessary.
• Purpose: SWITCH will not use data for any purpose other than to operate the Swiss edu-ID.
• Accuracy of the data: Data quality is a core element of the Swiss edu-ID and vital to its success; it therefore must be regarded as a top priority. The following should thus also apply as a fundamental rule: The user himself is responsible for the data that he himself has entered.
• Data disclosure abroad: If personal data are transmitted to service providers located abroad, compliance with data-protection laws is ensured through a code of conduct for service providers. For the isolated service providers outside the EU/EEA, the user’s consent is obtained on a case-by-case basis before transmitting the data.
• Security: The security of data must be guaranteed where the attributes are stored – that is, primarily at the universities and at SWITCH as service operator. SWITCH is aware of the importance of secure data retention and strives to keep up-to-date with the state of the art in data retention and transmission and, in particular, to impose suitable restrictions on the internal allocation of access rights.

In order for data protection to be observed not only by SWITCH, but also by the service providers, the latter are entrusted with complying with the relevant data-protection principles by means of contractual provisions. This is already being done at SWITCHaai.

More articles on legal aspects relating to the Swiss edu-ID:

• Who is liable for the Swiss edu-ID?

• Right to be forgotten and lifetime data retention