What happens to my biometric e-ID data?
According to the Data Protection Act, biometric data – for example your facial image – is among the data that is particularly worthy of protection. In view of this, it is very important to understand how the e-ID Act regulates the handling of this data. It should be noted that the following information is based on the current draft of the law, which has not yet been enacted.
Biometric data is collected when you apply for an e-ID. In addition, biometric data may be collected when you show your e-ID to someone.
To apply online, you need your smartphone with the federal government's wallet app. With this federal wallet, you first photograph your valid identification document (passport, ID or residence permit) and then record a short video of your face. In the last step, you transmit this data to the Federal Office of Police (fedpol), which compares the data you have transmitted with that already available in the ID database. If the information matches, the e-ID is issued directly to your wallet. But what happens to the biometric data you have transmitted? fedpol stores this information to protect you from identity theft. fedpol may only use this data to investigate a possible case of someone posing as you. fedpol stores this data for a maximum of five years after the expiry date of your e-ID. After that, your data will be deleted.
For on-site applications, you can go to the relevant passport or migration office to have your face matched on the spot. This can be done by a person or by a machine at a registration station. The cantons themselves decide whether the identity check is carried out by a machine or a person. Reasons for using a machine to compare facial images may include the following: the person checking is certainly unsure (e.g. an identical twin) or a canton carries out a large number of identity checks when issuing e-IDs. If a canton carries out an automated identity check, it may not store the biometric data collected in the process or forward it to the Federal Office of Police. This means that if an automated identity check is carried out on the spot, your biometric data will be deleted immediately.
To apply on the spot, you can go to the relevant passport or migration office to have your face compared on the premises. This can be done by a person or by a machine at a registration station. The cantons themselves decide whether the identity check is carried out by a machine or a person. Reasons for using a machine to compare facial images may include the following: the person checking is certainly unsure (e.g. an identical twin) or a canton carries out a large number of identity checks when issuing e-IDs. If a canton carries out an automated identity check, it may not store the biometric data obtained or forward it to the Federal Office of Police. This means that when an automated identity check is carried out on the spot, your biometric data will be deleted immediately.
If the facial image is provided when the e-ID is presented, biometric data is involved. What rules apply here? First of all, it should be noted that your data is protected by data protection law. Your e-ID data must always be requested, processed and stored in good faith. The principles of proportionality, purpose and mutual agreement must also be observed. Depending on their severity, any violations will be investigated by the FDPIC ex officio or upon notification.
While the Data Protection Act requires a general purpose limitation, the e-ID Act further specifies that the presentation of the e-ID may be required if this is provided for in the legislation or if the reliability of the transaction depends on it, in particular to prevent misuse and identity theft. It can be concluded from this that the biometric data contained in the e-ID may only be queried if a law provides for this or if the reliability of the transaction requires it. Similarly, it can be concluded that a verifier may only store the biometric data if there is a legal basis for doing so or if there is an objective requirement.
If a verificator violates these principles, you can report it to the relevant authority. The authority can then enter the verificator in the trusted third-party register with a note to that effect or exclude them from the trusted third-party register. In addition, these measures can be used to issue a ‹visible› warning in your wallet to you as the holder of an e-ID if you are dealing with someone who is over-identifying.