Switzerland: FDPIC issues evaluation on Swisscom compliance with data protection law
The Federal Data Protection and Information Commissioner ('FDPIC') issued, on 3 April 2020, an evaluation ('the Evaluation') of the use of data collected by Swisscom AG by the Federal Office of Public Health ('FOPH') in the context of the COVID-19 ('Coronavirus') epidemic deciding that the same complies with data protection law. In particular, the FDPIC emphasised that Swisscom uses its platform to process anonymised statistics though using mobility data, and subsequently Swisscom shares its assessments with the FOPH, while also highlighting that this procedure complies with data protection law as long as the data shared with the FOPH has been anonymised. In addition, the FDPIC noted that Swisscom pseudonymises location data before aggregating it, and that the results displaying the aggregated location data contain anonymised data, while also stating in its Frequently Asked Questions on Swisscom's platform ('the FAQs') that custumer's consent the legal basis for processing. Moreover, the FDPIC requested that Swisscom publishes more detailed information on their data processing operations.