These days, more and more business processes are moving into the digital world. However, increasing digitalisation also leaves us unable to trust in the authenticity and identity of individuals when conducting electronic transactions. After a long process, the Federal Act on Electronic Identification Services (eID Act) was adopted in September 2019. The Act aims to establish a verified, state-recognised electronic identity that allows users to conclusively identify themselves online. Yet it has become highly controversial – despite the clear need for increased digitalisation in the business sector and the federal administration.
How should the eID work?
According to the draft Act, private businesses (‘identity providers’) will issue electronic identities. This means that in future, banks, insurers and other organisations associated with the federal government could be identity providers. The idea is that an eID will be requested from an approved identity provider. The Federal Council intends for identity providers to be recognised and supervised by the Swiss eID Commission (EIDCOM). Approval will also be time-limited and must be renewed regularly.
Anyone who wants an eID will apply to an identity provider, which will forward the request to the Federal Office of Police (fedpol). fedpol will then send the data required to identify the person to the identity provider, provided that the legal requirements have been met and the applicant has consented to the transmission of this information. The identity provider would then able to issue the eID.
Criticism of the eID
The view of its opponents is clear: responsibility for this matter should never be shared between private business and the state. Verifying identities and issuing IDs should be and remain a matter for the government. Opponents of the scheme also do not believe that the protection of sensitive data and the storage and use of data can be guaranteed by private providers. Critics also warn that providers may create various personality profiles for users in order to analyse user behaviour.
Are there any benefits to sharing responsibility in this way?
Nevertheless, the potential benefits of sharing responsibility between private providers and the state must be considered. The Swiss Bankers Association puts forward the argument that private providers are close to the market and customers: private providers would offer the flexibility to make technological changes and thus ensure the dissemination of the eID. Users would also have a greater choice of providers. This raises the question of whether a collaboration between private providers and the state in fact offers added value.
Watch this space...
Swiss voters will decide on the eID Act, probably in autumn 2020. Signatures for the referendum were collected and submitted on 16 January 2020. A vote will be held not only on identity providers, but also on whether Switzerland should have an eID at all or whether it will have to wait for a few more years...