This story is from the category Services and the dossier Identity Management

Exercising caution when processing personal data

What factors have to be taken into account when processing personal data regarding the Swiss edu-ID?

Text: Esther Zysset, published on 26.11.2015

Personal data are processed in different places in connection with the Swiss edu-ID. Caution must be exercised in this case because this activity is governed by data-protection principles.

These principles are as follows:

  • Lawfulness: Are other legal rules in place that prohibit the specific data processing in question?
  • Recognisability: Is the data processing recognisable to the affected person?
  • Proportionality: Are only so many data processed as necessary to achieve the intended purpose?
  • Purpose: Are data processed only for the reported or recognisable purposes?
  • Data accuracy: Are the data accurate in terms of their content?
  • Disclosure abroad: Are the applicable principles observed?
  • Data security: Are data safeguarded via appropriate technical and organisational measures?

As indicated by some of the terms, it is necessary to evaluate on a case-by-case basis the manner in which the implementation of these principles is interpreted. This means that whether or not an instance of data processing is recognisable to the user will be evaluated differently depending on the specific service. For example, it is clear that my personal data are transmitted abroad when I send an e-mail to a person located in another country. However, if I open an account with a web shop, then, absent additional information, it is not clear to me that my data will be used for marketing purposes.

Besides complying with the aforementioned "hard" principles, good data protection is characterised by the fact that implementation offers the individual as much transparency as possible and the greatest possible degree of control over his own data. In terms of the Swiss edu-ID, SWITCH strives to implement data protection as follows:

  • Recognisability: The user of the Swiss edu-ID has access to his account, which also lists the attributes used. The disclosure of attributes to a service provider is indicated to the user on a case-by-case basis, as is done in SWITCHaai with the "uApprove" module. The implementation of this module is recommended to all universities. If a university uses the Swiss edu-ID as part of its administration without this being recognisable to the user, it must inform him appropriately of this use.
  • Proportionality: Attribute categories are restricted to practical attributes that are justified for purposes of the Swiss edu-ID. Attributes not justified in connection with the purposes of the Swiss edu-ID are precluded. Furthermore, the identity provider (which is planned to be SWITCH) has the option to control the attributes that are transmitted to the service providers. It will likewise be important for SWITCH to inspect critically the attributes requested by the service providers on a case-by-case basis and to reject them where necessary.
  • Purpose: SWITCH will not use data for any purpose other than to operate the Swiss edu-ID.
  • Accuracy of the data: Data quality is a core element of the Swiss edu-ID and vital to its success; it therefore must be regarded as a top priority. The following should thus also apply as a fundamental rule: The user himself is responsible for the data that he himself has entered.
  • Data disclosure abroad: If personal data are transmitted to service providers located abroad, compliance with data-protection laws is ensured through a code of conduct for service providers. For the isolated service providers outside the EU/EEA, the user’s consent is obtained on a case-by-case basis before transmitting the data.
  • Security: The security of data must be guaranteed where the attributes are stored – that is, primarily at the universities and at SWITCH as service operator. SWITCH is aware of the importance of secure data retention and strives to keep up-to-date with the state of the art in data retention and transmission and, in particular, to impose suitable restrictions on the internal allocation of access rights.

In order for data protection to be observed not only by SWITCH, but also by the service providers, the latter are entrusted with complying with the relevant data-protection principles by means of contractual provisions. This is already being done at SWITCHaai.

More articles on legal aspects relating to the Swiss edu-ID:

 

 

About the author
Esther   Zysset

Esther Zysset

Esther Zysset has been General Counsel at SWITCH since 2012. Prior to that, she was a lawyer at a firm specialising in corporate law.

E-mail

Swiss edu-ID

SWITCH is currently working with Swiss universities to create a lifelong digital identity that will allow the holder to access all university services with one login instead of needing different logins for different services. The Swiss edu-ID is an evolution of SWITCHaai, which has been in operation for ten years and is used by over 400,000 people. The Swiss edu-ID goes a step further in a number of key areas. SWITCHaai was designed for using web-based resources and presupposes membership of an institution. The Swiss edu-ID, on the other hand, is geared towards lifelong use of a wide range of applications.

http://projects.switch.ch/eduid/
Other articles