After nearly 20 years focused on creating a basis for the introduction of an infrastructure for secure online transactions, the time is now ripe for an officially recognised e-ID. It is important for the Swiss economy that its introduction in Switzerland is not unnecessarily delayed. Both chambers of the Swiss parliament, namely the National Council and the Council of States, have approved the Federal Act on Electronic Identity Services (e-ID Act) by a clear majority. The final vote is scheduled for this coming autumn. Yet there remain critical voices whose arguments can largely be attributed to misunderstandings.
Misconception No. 1: The e-ID is issued by private companies
The truth: The data and thus also the e-ID is issued by the state. Private companies merely provide the technological basis for the e-ID and ensure that the e-ID can also be used in a simple and secure manner in everyday life.
It is undisputed that an officially recognised e-ID is required to make use of secure online services. This is because the so-called social logins, such as Google ID, do not meet the standards for online transactions that require an officially recognised e-ID, e.g. for the conclusion of an insurance contract or the requesting of criminal records.
The current draft bill suggests a division of tasks between the state and the private sector. The underlying model stipulates that private companies should take on the task of providing the technical infrastructure and developing the ecosystem as well as reconciling the data; but always on behalf of identity owners. However, it is the federal government that recognises and supervises these private identity providers. And it will ultimately be the federal government that creates the actual personal e-ID, which is nothing more than a legally regulated data record. From this perspective, the federal government is and will remain the only issuer of the e-ID.
Misconception No. 2: Private companies collect, evaluate and monetise the data
The truth: Data protection is given the utmost priority also in the case of the e-ID. Absolute security can unfortunately never be guaranteed. However, suitable framework conditions have been formulated to minimise the risk of data abuse. Besides, the Swiss Federal Data Protection Officer has been involved in the legislative project from the outset. The requirements of the Data Protection Act are guaranteed in their most stringent form for the e-ID.
Not only do users always have full control of their own data and decide when and to whom they disclose their details to, but the regulations formulated in the e-ID Act also in some cases go beyond the provisions stipulated in the Data Protection Act. For example, under the e-ID Act it is not possible to collect data and create personal profiles: the data has to be erased after six months and transactions and personal data must be stored separately in order to prevent any inferences being made. It is also illegal to disclose data, let alone sell it.
Misconception No. 3: The e-ID is a digital passport
The truth: The e-ID does not permit its holders to travel or cross borders. Rather, the e-ID is a qualified login that can be used by people to identify themselves on the internet when making online transactions.
The e-ID can thus not be used as a means of proving one’s nationality when crossing an international border. And we will also therefore not see the abolition of passport offices as is occasionally claimed because the e-ID does not represent an electronic passport in the civic sense.
Misconception No. 4: With e-ID, it will no longer be possible to use the internet anonymously
The truth: e-ID data isn’t shared every time it is used on the internet. Rather, the principle of data minimisation is applied.
There is no question that the utmost care must be applied when handling identity data. The Federal Council and parliament have expertly put together a balanced act that assigns the state a key role as the issuer of the e-ID, fully considers issues relating to security and data protection and takes account of the desperate and urgent need of private individuals and companies for a secure means of identification online based on the rapid developments being observed in this area.
Switzerland must ensure it does not miss out on these developments. Let’s make the most of this opportunity: now!