The data privacy requirements of GDPR and the Swiss data protection act apply to the registration authority activities for which a trust service provider or certification service provider is responsible.
For this reason, as part of the registration process, the RA app must ensure data protection and privacy. The RA app does not store personal data permanently, nor is it possible to export any personal data. As soon as the registration with the RA app is completed, the ID data is signed by the RA agent and transferred as evidence to the RA service evidence data in a data center in Switzerland. There are strict security restrictions, e.g., 4-eye access, to access this ID evidence database. Only two people have access to this data and may only pass it on based on a court order or are allowed to check the quality of the identification. According to the law, Swisscom has unlimited liability for the proper execution of the signature and title.
Master RA agents have web access to the RA admin portal, where they can only view persons identified by RA agents of their RA agency. They can view the following ID data: surname, first name, expiry date of the ID document, and mobile phone number. The scanned ID documents and photos are inaccessible or exportable to Master RA agents.