The E-ID Act is intended to guarantee secure electronic business transactions by means of a state-certified digital identification card. We are already familiar with digital identification today, for example when we log on to platforms with our Apple ID or Google ID. However, these identification methods are not recognised by the state and are therefore only suitable for personal identification to a limited extent.
The issuing of these means of identification is to be carried out both by the private sector and with the involvement of the state. Private actors are entrusted with the operation of the E-ID system and the issuing of the E-ID, while the Confederation subjects the systems to a recognition procedure and monitors them on an ongoing basis. The identification data are transmitted by the Fedpol to the respective system providers. The legislator is of the opinion that due to the dynamics of technological change and the variety of technical solutions, the Confederation is not in a position to design suitable systems itself.
Data protection is also one of the central concerns of the E-ID Act (Art. 1 para. 2 of the draft). The Data Protection Act also requires application in matters concerning the E-ID. The use of an E-ID is voluntary, and the processing of personal data by private system providers must be carried out with the consent of the person concerned and within the framework of the law (Art. 6 para. 2 of the draft). In addition, consent can be revoked at any time (Art. 9 para. 1 of the draft). Furthermore, the draft stipulates that the personal identification data and the usage data of individual users must be separated both physically and organisationally, and that further technical and organisational measures must be taken to protect personal data (Art. 9 para. 3 of the draft). This is intended to minimise the risks of access by third parties.
Despite the data protection provisions provided for by law, opponents of the E-ID Act are of the opinion that personal data will be jeopardised by such a design of the E-ID. In particular, the central role of private actors is criticised. Private companies are difficult to control, and there are ample examples of data protection violations that have emanated from private companies in the past. The information exchange of sensitive data between f^edpol and system providers also poses great risks. Interfaces and storage processes that take place as part of this exchange jeopardise the security of personal data and can even become the target of cyber attacks.
For these reasons, the referendum supporters are of the opinion that the issuing of identity cards must remain an exclusively state task. Whether the sovereign, the people, will support the E-ID will be shown at the ballot box on 7 March 2021. macos/deepLFree.translatedWithDeepL.text