"Swiss Pass": data deletion requested
As part of the "Swiss Pass", SBB must delete the control data already collected from passengers. This is demanded by the Federal Data Protection and Information Commissioner.
At the end of 2015, the Federal Data Protection Commissioner, or FDPIC for short, carried out a clarification of the Swiss Pass and the associated data processing at the SBB. In particular, the control database was examined. According to the FDPIC, the time, the train/course number and the Swiss Pass ID number are entered into this database for each check and stored there for 90 days.
Disproportionate
Based on his findings and clarifications, the Data Protection Officer concludes (see Final Report FDPIC inspection) that the data processing carried out during ticket checks was neither proportionate nor based on a sufficient legal basis. Consequently, a recommendation was issued to the Association of Public Transport (VöV) and the SBB demanding the immediate deletion of the control data and the discontinuation of the control database, according to the statement. The FDPIC also made a proposal regarding the wording of the General Terms and Conditions for Half-Fare and General Abonnements: the new passage should inform customers clearly and appropriately about the use of their data for marketing purposes and their right to object (opt-out).
According to the data protection commissioner, VöV and SBB have until the end of February to indicate whether they want to Recommendation and accept the suggestions for improvement.
