Fitness watches, navigation apps and discount cards are well-known means of tracking and monitoring specific user data. The Swiss government now wants patient information to also be compiled electronically and centralised, but concerns remain about data protection issues.
From the middle of next year, the government would like the first Swiss patients to have the option of opening an e-patient dossier. Fans of such electronic records say patients in Switzerland would then no longer have to hand over their personal data every time they move between different hospitals and health centres. Their e-patient medical records would contain everything that doctors, nurses and healthcare staff need to know in order to make decisions about healthcare and treatments.
"But the challenge will be to build a system that is as secure as possible so that the patient can decide who can access his data, and so unauthorized persons cannot use it," Beat Rudin, the Data Protection Officer of canton Basel City, told swissinfo.ch. The canton currently runs a pilot project.
"Hackers are no longer just IT experts trying to break into computer systems - they are hacking for commercial reasons. In this respect, hackers are being given instructions to get hold of specific data,” he warned.
Over the past twenty years, transparency has become a buzzword as new technologies push citizens to hand over more and more personal data. But this development can raise unanticipated problems. Here is a brief overview.
Fitness watches, bracelets and mobile phone apps promise us better health. However, at the same time they are compiling data and sharing it with third parties - that is if you don’t do anything about it in your security settings. In an interesting development last year, Switzerland’s leading health insurance firm CSS announced a discount on annual private health schemes for those willing to hand over personal fitness data. Anyone using an electronic pedometer that sends data to the insurance company receives a discount of up to CHF150 ($150) a year on their premium - if they reach more than 10,000 steps a day.
"We often believe that things will get a little cheaper if we hand over data. The question of whether it really is cheaper if we complete 10,000 steps a day, or whether it becomes much more expensive if we don’t do them, needs to be looked into,” said Rudin, who is also president of Privatim, the Association of Swiss Data Protection Commissioners.
If you use a navigation device or app, you usually - depending on the settings - send information about your movements automatically to the manufacturer or to a third party. The same applies to mobile phones, cameras and video cameras with a GPS function. Hackers can use this information to recreate an individual’s precise movements.
"There is a danger that people can get hold of data that can be used against you. From your profile, they could find out where you normally go every Thursday evening. For example, perhaps no one might be at home,” said Rudin.
The so-called ‘internet of things’ - connected smart devices - also hoovers up huge amounts of personal data. According to a recent report on Swiss public television, SRF, only one in three car owners realize that new vehicles are connected to the internet and transfer driver data to manufacturers. Many drivers only notice the improved technological security measures to combat theft.
"The main question is: who does this data belong to? To my car, to me, or does it belong to the manufacturer? Can the manufacturer claim responsibility for extracting the data, or even hand it over to the police? I should be able to choose which data I make available. Today, data is often processed without my agreement,” said Rudin.
Facebook, Instagram and LinkedIn are like digital shop windows in which we present a detailed picture of ourselves - or not. Many people publish information like the date of their birthday, or details of their professional career. Social media companies are highly dependent on personality profiles in order to offer personalized advertising.
"The danger is that information that I supposedly disclose only to my friends is also visible to people who are anything but my friends. They could also use it against me. When I look at young people, they are often much more aware of what they are posting, the sort of information and why they are there. They are often much more cautious than the over-50s,” said Rudin.
Data protection law
Last December the cabinet launched a consultation process to revise the Swiss Data Protection Act, entitled ‘More transparency and greater control over your own data’.
The process ended at the beginning of April and the input is currently under evaluation. The cabinet will issue its recommendation, and the revised law is expected to enter into force by summer 2018.
One of the main points of the revision concerns reinforcing the ability of citizens to take decisions about their own data.
Translated from Germany by Simon Bradley, swissinfo.ch