LOGBOOK

HELP

Quiz Entry - updated: 2026.05.25

What did the Swiss Federal Court's water-meter ruling establish for IoT data collection?

Even with encryption, data collection must be proportionate: there was no legal basis for transmitting readings by radio every 30 seconds and storing 252 days of hourly values — data security alone cannot justify processing more personal data than necessary.

A Swiss Federal Court (Bundesgericht) ruling addressed electronic water meters that transmit data by radio, finding serious data-protection violations.

Core holdings:

  • No legal basis: the court found no legal basis for sending data by radio every 30 seconds and storing hourly values on the device for 252 days.
  • Proportionality violation: "Data security alone cannot outweigh the fact that more personal data is being processed than necessary."

Significance for IoT devices:

  • Even when data is transmitted encrypted, data collection must be proportionate.
  • A clear legal basis must exist for collecting and storing data.
  • Data minimisation is a central principle — only necessary data may be collected.
  • Long retention periods must be justified and proportionate.
  • Technical protection (encryption) does not replace legal requirements.

Tip: The headline principle — "encryption doesn't excuse over-collection" — applies to every always-on IoT device: securing data you shouldn't have collected in the first place doesn't make collecting it lawful.

From Quiz: PRIVACY / Device Tracking: Biometrics, RFID/NFC & E-Passports | Updated: May 25, 2026