Two weeks ago the SwissCovid app was officially launched. To this day it has already registered more than 1 million downloads. Now that the national borders are open again, we can move freely and travel is on the increase, the danger of unnoticed infection with the virus is also increasing.
With the SwissCovid app, those responsible are hoping for an additional effect, as a supplement to the investigations of the cantonal medical services. Anyone who installs the app on their smartphone and activates Bluetooth transmission technology would be informed with a message if they came close to an infected person for a long period of time and there was a risk of infection. It remains to be seen whether the FOPH will succeed in getting people to install the app despite the low number of cases.
Data protection is an important issue and one of the app's biggest problems. From the outset, it was important to the developers around the ETH Lausanne and Zurich that no personal data of the app users be collected. To achieve this, it took some negotiations with the American providers Google and Apple to ensure that data would be stored on the phone and not centrally.
However, data protection has been on everyone's lips again, and not just since the SwissCovid app. It is one of the defining issues of digitisation. With the constant increase in global networking, the virtual market is also growing and with it the value of consumer and user data. To ensure that the rights of all persons regarding their data are protected, data protection will become more and more important in the future.
At the latest since May 2018 and the introduction of the new EU data protection basic regulation, all companies that present themselves on the Internet are affected by this. With the entry into force of the EU Data Protection Regulation (EU-DSGVO) and the planned ePrivacy Regulation (probably 2020), the EU has unleashed a wave of measures designed to protect the personality and freedoms of data subjects. The implementation of the European Data Protection Ordinance and the draft revision of Switzerland's new data protection law pose major challenges for Swiss companies. Those responsible are therefore called upon to take action: They must take a holistic view of the new data protection guidelines in order to implement them cost-effectively and in line with market requirements.
To meet Swiss and international data protection requirements, a company must invest in data security. Measures and additional infrastructure to ensure data security, such as software, IT solutions and employee training, are indispensable today.
A good data security concept guarantees that data is transported and stored in such a way that it cannot be changed, stolen or copied. Employees and managers should be sensitized to the safe handling of data. They must also be familiar with tools for implementing data security. Another question is: "Where do we stand with information security and data protection? Technology and the state of knowledge are constantly evolving and therefore require regular checks to ensure that they are up to date.
To shed a little more light on this complicated subject, we asked a specialist. Maurizio Cencigh is Enterprise Security Architect and knows his way around.
Dear Mr. Cencigh first a question about GDPR (German: DSVGO). Could you briefly explain to our readers what this is all about?
GDPR (General Data Protection Regulation) is a data protection law of the EU which came into force on 25.5.2018.
Who benefits and whom does the GDPR protect?
The GDPR regulates the collection, storage, processing and disclosure of personal information/data for the protection of the data subject. It also regulates transparency and the obligation to provide information about the collected data.
What must companies do and is the GDPR also applicable in Switzerland?
Companies must implement the measures required and prescribed by the law. Basically, GDPR in Switzerland only applies to companies which have a registered office in an EU country and/or hold and/or process data of EU citizens.
In Switzerland, a new data protection law is currently under consultation which will replace and modernise the currently outdated data protection law in Switzerland.
About the SwissCovid app: Who has control over the collected data.
The Swiss government or Apple and Google, which provide your operating systems for this purpose?
Actually nobody has access to the data. The data is only kept in the app. After installing the app, each app generates a randomly generated ID and transmits it to smartphones located within 1.5 meters of each other (proximity tracing) and stores it for 14 days. There are only randomly generated IDs which are exchanged and do not allow any conclusion about the user.
Is data protection guaranteed with the app?
Yes, because of the randomly generated IDs it is not possible to trace who owns this ID. The highest Swiss data protection authority has given Covid App the green light. Data protection is guaranteed in that the installation of the app is voluntary and the user must agree to the guidelines. Therefore the general privacy policy is accepted. The collected data will be treated confidentially even after
deleted from the app for 14 days.
If someone gets infected with Covid-19, they get a code to enter. By asking the app for these codes, it is decided if an ID is applicable. If so, an alarm will be triggered which tells you that someone infected has been near me (less than 1,5 m).
Does the release of the source code provide more security and
Transparency?
Yes. By publishing the source code there is certainly more transparency. This means that everyone interested can view the source code and thus understand the functionality and the way the app works. What is not in the source code of the app are the operations that are not directly executed in the app. E.g. everyone who tested positive for Covid-19 gets a code which he can enter in the app. How this code is generated and how those who have been in contact (for at least 15 minutes) are notified is not clear to me.
Dear Mr. Cencigh, thank you very much for the interview.
.jpg?m=1677844650 "CHIP: Coopers Top-Employer for IT-Jobs in Switzerland 2023")
