What factors have to be taken into account when processing personal data regarding the Swiss edu-ID?
Personal data are processed in different places in connection with the Swiss edu-ID. Caution must be exercised in this case because this activity is governed by data-protection principles.
These principles are as follows:
As indicated by some of the terms, it is necessary to evaluate on a case-by-case basis the manner in which the implementation of these principles is interpreted. This means that whether or not an instance of data processing is recognisable to the user will be evaluated differently depending on the specific service. For example, it is clear that my personal data are transmitted abroad when I send an e-mail to a person located in another country. However, if I open an account with a web shop, then, absent additional information, it is not clear to me that my data will be used for marketing purposes.
Besides complying with the aforementioned "hard" principles, good data protection is characterised by the fact that implementation offers the individual as much transparency as possible and the greatest possible degree of control over his own data. In terms of the Swiss edu-ID, SWITCH strives to implement data protection as follows:
In order for data protection to be observed not only by SWITCH, but also by the service providers, the latter are entrusted with complying with the relevant data-protection principles by means of contractual provisions. This is already being done at SWITCHaai.