Translated with DeepL
After exactly 30 years, the first Swiss Data Protection Act has become obsolete. It will be replaced by a complete revision from 1 September 2023, reflecting the dynamics of the digitalised world of recent decades. Global players, who now offer far more than just communication, use our data, which we voluntarily transmit to them with every purchase online or at the checkout, to manage their wide range of services. It is unacceptable that pure market power, legal freedoms and grey areas mean that only a few people benefit from our data. Society and the state in particular have a key interest in utilising such data in order to control and shape important areas such as health, transport, energy and education.
Private players can also organise their products and services more efficiently and therefore more sustainably if they can use existing data. And individuals should recognise that they benefit from the management of data that they themselves also produce. The benefits of the sharing economy are not limited to goods, but are likely to be even greater when it comes to data.
Shared data rooms instead of individual silos are the order of the day. It is therefore refreshing that this report has been compiled and supported by those responsible from science, business, administration and society. This is also the Swiss model, which is sustainable and inspires confidence. After all, this is the indispensable basis for sharing and utilising our data.
The SATW recommends that the federal government create a legal framework to address the overarching challenges of establishing trustworthy data spaces in Switzerland and thus promote better use of personal data. The digital self-determination rights of citizens should be taken into account in order to counteract reservations. The interests of the economy should be adequately taken into account and an inclusive approach should be pursued in order to find a common vision. It is also recommended that international interoperability be taken into account in order to ensure the exchange between different data spaces.
Data is increasingly being collected and recorded in all areas of life. This data has great economic and social value: more and more business models are based on its processing and research needs it to generate scientific findings. The digital economy has given rise to major international corporations that also have a major impact on everyday life in countries where they are not based. The resulting dependencies can hinder the free organisation of the digital transformation of individuals, politics and companies and call into question the ability of states to act.
Data could be used for any number of other purposes beyond its intended use. To this end, access to the data must be opened up through progressive approaches. For personal data in particular, terms of use must be defined in addition to the Data Protection Act. Data rooms are a technical solution for the secondary use of data. Aspects such as digital self-determination and the protection of citizens, research needs and economic interests must be taken into account and harmonised when designing the basic rules that apply.
Personal data should be better utilised in Switzerland so that:
... citizens are sensitised and motivated to make their mobility behaviour more sustainable and thus contribute to relieving the overall mobility system.
... mobility providers can optimise existing services, develop them more efficiently or even individualise them and develop new services.
... the federal government, cantons and other stakeholders can plan and organise transport infrastructure and the overall mobility system more efficiently.
... citizens can individually promote or maintain their health.
... research can use this data to gain new insights and develop new approaches for prevention, diagnostics and therapy.
... players in the healthcare system can ensure better quality of care and more efficient processes and develop high-quality digital healthcare applications.
... the Confederation, cantons and other stakeholders can monitor the incidence of disease in the population and the utilisation of the healthcare system better and more promptly.
... citizens have access to improved learning environments that enable learning to be made more flexible and individualised in terms of time, place, pace and content.
... teachers can promote students' personal talents through individualised teaching and personalised, collaborative learning.
... providers of educational services can provide improved, individualised access to knowledge resources.
... the federal government, cantons and other stakeholders can specifically promote the digital skills of all stakeholders and increase the maturity of Swiss citizens.
A data room enables the shared use of decentrally stored data by different stakeholders for any number of applications. The basis for this is mutual trust, which is ensured by a binding set of rules based on fundamental principles and shared values. A data space typically relates to an application area - e.g. mobility, health or education - within which standardised rules and guidelines can be defined.
Companies, research institutions, public administration and even private individuals interact in data spaces and can take on different roles:
Personal data is defined in the Data Protection Act as "information relating to an identified or identifiable person". Personal data relating to religious or political views, health, privacy or racial origin are particularly worthy of protection.
Personal data may be processed for research, planning and statistics. However, the persons concerned may no longer be identifiable in published results. Various measures can be taken to protect personal data:
Concepts that ensure that personal data is protected in the best possible way:
There is a similar need for action in the application areas of mobility, health and education.
Data literacy describes citizens' understanding of the importance of their data and the opportunities and risks associated with its use. However, there is hardly any public debate about the secondary use of personal data and digital self-determination, or the discussion is dominated by the risks. We therefore assume a low level of literacy.
Patients are generally willing to make their health data available for research purposes. A recent survey shows that 71 per cent of the (healthy) population would share their health data, but a majority would also like more transparency and information on this topic. Mechanisms therefore need to be discussed as to how personal data can be made available for secondary use in a transparent form, for example through opt-in or opt-out solutions.
It is still unclear how data rooms should be organised in Switzerland and who should drive their development. Many activities are underway, but an overarching harmonisation is lacking, as is an overarching framework with a common objective.
A digital education system cannot function without IT infrastructures. These must be integrated into organisational structures that take care of their operation and further development. These technical and organisational aspects are still too often overlooked or ignored today.
Ideas about the governance and financing of a health data infrastructure differ widely among stakeholders and a large proportion of data is still not recorded digitally or is collected inconsistently and with varying quality.
If Switzerland does not take the initiative in strategically important areas - such as mobility, health or education - sooner or later large foreign players will do so and create dependencies on their ecosystems. As a result, even more of the data of Swiss residents would be monetised abroad.
Initiatives by private players for data exchange between companies in the mobility sector - such as the openmobility cooperative - are dependent on data and access to public transport distribution systems, which is not available today. Government endeavours to disclose mobility data are therefore needed.
The federal government should create a legal framework that addresses the overarching challenges that arise when creating trustworthy data spaces in different areas of application, thereby promoting better use of personal data. A framework law for the secondary use of data could achieve this. The aforementioned code of conduct provides important aspects that should be incorporated into this. In addition, the two concepts of privacy by design and privacy by default should be taken into account when planning and designing data rooms.
In order to counteract reservations, great attention must be paid to the digital self-determination of citizens. To this end, it is important to invest in the data literacy of all stakeholders. The federal government and other stakeholders from science, business and civil society should pursue this together. Citizens need transparency about what data is collected about them and how it is used. This aspect should be enshrined in a framework law. In addition, they should be given the most effective possible access to and control over the data concerning them. Policymakers should examine whether further legislation is required or whether this can be realised in other ways.
In order to prevent it from becoming dependent on foreign companies in areas of national importance, Switzerland must create suitable framework conditions. To ensure that all stakeholders can actively participate in and benefit from data spaces, they must jointly define requirements for data spaces. In doing so, economic freedom should be taken into account. Compensation for expenses such as the collection of data or ensuring its quality must be taken into account. Irrespective of this, infrastructures are needed that are dependent on start-up funding from the public sector.
In order to formulate a broadly supported framework law, there needs to be suitable vessels that support a regular exchange of knowledge and an ongoing dialogue between the various stakeholders throughout the entire legislative process. A common vision can only be found and pursued if the process is realised inclusively and with the participation of all interest groups.
As part of the "Digital Switzerland Strategy", the federal government should initiate an ongoing discussion with the aim of establishing a data usage culture in Switzerland, as has already proven successful in Scandinavian countries. With an appropriate mandate, the Digital Self-Determination Network could achieve this in cooperation with sectoral stakeholders and other existing networks.
Interoperability between different data spaces at both Swiss and international level is key and must be ensured. In this respect, it is important to take inspiration from EU initiatives such as Gaia-X. To this end, dialogue with European and other foreign interest groups must be actively pursued. This applies not only to federal offices such as OFCOM and the DP, but also to sector-specific economic players.
The "Digital Switzerland Strategy" sets the guidelines for Switzerland's digital transformation.
The Digital Self -Determination Network promotes dialogue on trusted data spaces and digital self-determination in order to generate added value for all interest groups.
The Federal Office of Communications OFCOM and the Directorate of International Law DIL will draw up a code of conduct for the establishment of trusted data spaces in Switzerland by June 2023.
The National Data Management (NaDB) programme simplifies data management in the public sector through the multiple use of data (once-only principle).
Motion 22.3890 calls for a Swiss framework law that promotes the value-adding secondary use of data by creating trustworthy framework conditions.
The new data protection law comes into force on 1 September 2023 and adapts data protection to technological developments and strengthens self-determination over personal data.
Following the rejection of the bill for the Federal Act on Electronic Identification Services (BGEID) in March 2021, the dispatch on a law for a state E-ID based on a self-sovereign digital identity (SSI) is now expected in autumn 2023.
State mobility data infrastructure
The Federal Council wants to make information for mobility management and the networking of mobility services available in a harmonised manner with a state mobility data infrastructure(MODI). A corresponding draft law is currently undergoing consultation.
DAGSAM research project
The DAGSAM research project is developing a procedure for creating data governance models that make it possible to determine how data is protected in smart mobility applications. The data can still be used thanks to privacy-protecting technologies.
Electronic patient dossier
With the electronic patient record (EPR ), patients can collect their health information and share it with service providers. The secondary use of health data for research purposes is part of the revision of the law on the EPR (EPDG).
Swiss Personalised Health Network
The Swiss Personalised Health Network (SPHN) (funded via the federal government's ERI Dispatch 2017-2024) is building a scalable network that allows the secondary use of data from various data producers, primarily for research purposes.
Health ecosystems
The MIDATA cooperative implements a human-centred approach to the secondary use of health data. The owners of a health data account have full control over the secondary use of the data.
Two national digital health ecosystems(Compassana, Well) are currently being created that also want to collect data and use it in their business model. Another ecosystem(Movos) is being developed, which focuses on the sovereignty of the patient along their healthcare pathway.
Programme for data usage projects in the education sector
The specialist agency Educa has launched a programme for data usage projects to create a framework for the conscious use of data throughout Switzerland.
Appeal for a national data literacy campaign
The "Appeal for an urgent national data literacy campaign" addressed to politicians aims to initiate a sustainable cultural change for the sensible use of data.
This industrial policy framework promotes a decentralised data infrastructure in Europe. The key features of Gaia-X are data sovereignty, open technologies and interoperability. Gaia-X began implementing the first lighthouse projects in 2022.
Roger Abächerli, Andreas Bieniok, Serge Bignens, Nicolas Brandenberg, Oliver Buschor, Giulia Fitzpatrick, Giulia Fitzpatrick , Richard Lutz, Clemens Mader, Daniela Melone, Peggy Neubert, Tobias Röhl, Daniel Säuberli, David Schiller, Andreas Schlag, Marie-Jeanne Semnar, Stefan Spycher, Thomas Teichmüller, Christoph Wittmer
Jonas Bärtschi, Mathis Brauchbar, André Golliez, Esther Koller, Andreas Kronawitter, Sebastian Sigloch
Manuel Kugler
Beatrice Huber, Esther Lombardini, Claudia Lambrigger
