Zurich’s top data protection officer has had a lot of dealings with law enforcement over the past year. She also raises critical questions about the pace of digitization and cloud adoption in public institutions.
The pursuit of a digitized administration has become a race, says de Data Protection Officer Dominika Blonski in its 2022 activity report published on Wednesday. However, the confidence of the population can only be won if the government complies with the legal rules.
Where is the problem with Microsoft 365 and Co.?
There are many questions about the possibilities and risks of outsourcing to the cloud. No other topic has preoccupied the data protection officer so much in 2022.
The data protection officer warns against cloud solutions. These offered almost unlimited possibilities for data exchange. Hospitals and religious communities are also increasingly using the cloud. According to Blonski, professional secrecy should not be forgotten.
The problem: US companies are subject to the “CLOUD Act” and should allow US authorities (and secret services) access to Swiss cloud data, even if it is not stored in the US. Personal data should therefore be treated with caution.
In many cases, the introduction of Microsoft 365 has to take into account special risks for the fundamental rights of the persons involved.
In these cases, the project must be submitted to the data protection officer for prior checking. For this purpose, the description of the project, the representation of the legal situation and an overview of the measures to prevent personal infringements should be submitted.
But according to the data protection officer:
Data breach at the police has consequences
Lots of data will at the new Police and Justice Center (PJZ) in Zurich collected. Even seemingly banal things like which person enters when and how long they stay inside would be saved – not deleted. There must be clear regulations, Blonski told the media.
At the PJZ, the Zurich data protection officer also had to intervene in advance. Biometric recognition was planned – with no legal basis.
The data leak at the cantonal Directorate of Justice and Home Affairs (DJI) – data carriers and other computer hardware were improperly disposed of – made the news in 2022. Special attention is now being paid to the outsourcing process to external service providers, Blonski answered a question from a journalist. The management is reviewing this, it is still too early for an inspection by the data protection officer.
The data protection officer took a negative view of the Prisons and Reintegration Bureau (Juwe)., which is also affiliated with DJI. When recording prohibited areas digitally, too much data would be stored, such as the location data of those affected outside the prohibited areas. Although she pointed this out in 2018, it has not been resolved.
Also use the jewel Google Maps. It cannot be ruled out that Google will receive the data of the persons checked. In general, one should ask whether “we should submit to the dictates of big companies”.
Sources
- datenschutz.ch: activity report
- datenschutz.ch: Cloud – risks and rules
(dsc/sda)
Source: Watson
I’m Ella Sammie, author specializing in the Technology sector. I have been writing for 24 Instatnt News since 2020, and am passionate about staying up to date with the latest developments in this ever-changing industry.
