‘The eID law is a role model for regulation’
Initially against it, now in favour: André Golliaz explains why he supports the proposed new law on digital identity (eID), and how his advice was instrumental in setting up a lobby group.
The Federal Council (government) and parliament have drafted a national law on digital identity to regulate the identification of people on the internet. The vote booklet advises that the law would provide a sound basis for simple, safe and government-approved digital identities.
On March 7, the Swiss people will decide whether or not this law will come into force in a nationwide vote that was initiated by a cross-party committee. Opponents argue that leaving it up to private companies to issue eIDs would take away the
From sceptic to supporter: IT consultant and president of the think tank Swiss Data AllianceExternal link, André Golliez, has dealt with the question of electronic identification for years. In this interview, he explains how he has moved from being against the law to supporting it after amendments were made during the consultation process.
swissinfo.ch: Do you think Migros (Switzerland’s largest) supermarket should be allowed to issue eID?
André Golliez: No, simply because Migros is not part of the project. Let’s be more precise, it’s not a question of private versus state as it is often portrayed – it’s a combination. The basis of any identity is the registration data, which is undoubtedly with the federal government and will remain under its sovereign control.
So, how does it technically work when you register online with a service provider? The registration is usually handled by an identity service provider which can be private or public, such as municipalities, cities or cantons. Under the new law, the federal government can offer this service as well but only if the other solutions are not available. Personally, I would have liked to have seen this handled by the federal government, but parliament did not want this and came up with another solution, which is a mix of public and private providers. This, however, raises the question of how they will actually work together.
When the consultation process started four years ago, the Swiss Data Alliance was very critical of the new law. We took a similar stance to the referendum committee and wanted the state to remain the gatekeeper of personal data. Private individuals, politicians and scientists from both opposing and supporting sides have also joined the dialogue. We now advocate for a constructive data policy and view this latest draft as a good compromise.
swissinfo.ch: Critics say the government is not in a position to manage big IT projects. Is this criticism justified?
A.G.: There have indeed been some examples in the past. But I don’t think this is a reason for not having a state solution. If we really wanted one, we would be able to come up with something. However, we must bear in mind that it would take another three to four years.
swissinfo.ch: Do you think the private sector can do more than the state when it comes to security and data protection?
A.G.: That’s not the point. Other countries such as Finland, Sweden and Denmark have had positive experiences with mixed solutions, less so with state solutions – with the exception of Estonia which is a special case regarding digitisation. The draft law was inspired by these countries, as was the launch of SuisseID [a previous project] which never gained ground in Switzerland. It’s necessary to look at previous developments to understand why we are where we are now.
More
‘Looking after citizens’ ID data is a sovereign task’
swissinfo.ch: Don’t you think it’s dangerous when profit-oriented companies get their hands on sensitive data?
A.G.: The regulations are very restrictive and go far beyond data protection. The specifications are very strict and make it difficult for service providers to apply. Anyone who fails to do their job properly, loses recognition and their investment. I don’t think there will be many service providers as most would probably think twice before applying to take on this task.
At first, some service providers thought it would be a lucrative business, but the truth is that eID is not a business. This is why a [service provider] consortium was established. Of course, it would be naive to think that these companies are not profit-oriented, but I don’t think we have to dramatise the issue.
swissinfo.ch: Has Covid-19 accelerated the development of eID?
A.G.: Yes and no. The pandemic has been brutal and exposed the shortcomings of our digital sector, especially at the federal level. Those who are calling for a state solution have not realised that this is exactly why a mixed solution is the best way to make progress.
Cooperation between the government and the private sector has worked very well in other areas, and the eID law is a role model for regulation. That’s why I have changed my mind.
swissinfo.ch: Is eID a digital passport or not?
A.G.: It’s both. It is a passport that serves for identification, but by the same token it’s not a real identification document and has no rights attached to it. It is just an identification mechanism based on the federal government’s identification data. The opponent’s mantra “We want the state to issue our digital passport” does not make sense in this context.
In compliance with the JTI standards
More: SWI swissinfo.ch certified by the Journalism Trust Initiative
You can find an overview of ongoing debates with our journalists here. Please join us!
If you want to start a conversation about a topic raised in this article or want to report factual errors, email us at english@swissinfo.ch.