Probe opened into alleged flaws in Swiss online organ donor register

Around 130,000 Swiss donors have their details entered in the national organ donation register. © Keystone / Gaetan Bally

The Swiss data protection officer has opened an investigation into the Swisstransplant foundation after allegations of major security flaws in its online donor register. The foundation claims it is “absolutely safe”.

This content was published on January 19, 2022 - 09:42

According to a news report by Swiss public television, SRF, on Monday based on private research, it is possible to register anyone in the National Organ Donation Register without their knowledge or consent.

The Federal Data Protection and Information Commissioner Adrian Lobsiger has reacted to the news and initiated an investigation on January 13, it said in a statementExternal link on Tuesday.

“From the Commissioner's point of view, it is obvious that the disclosure of the reported shortcomings is likely to undermine public confidence in the system governing organ donation in Switzerland,” it said.

The probe will examine breaches of Swiss data protection legislation and necessary security requirements. It will also examine questions about electronic identification procedures. The issue has been reported to the Federal Office of Public Health.

The online registerExternal link was launched three years agoExternal link as a practical alternative to the traditional donor card system. Around 130,000 Swiss donors have their details entered in the national organ donation register.

Temporarily offline

Swisstransplant said it takes the SRF claims “extremely seriously” and temporarily took the donor register offline. The register has been accessible again since Tuesday after the foundation and partners examined the allegations.

“No security gaps in the system could be identified,” said Swisstransplant on its websiteExternal link.

“At no time was it possible to view or edit personal data. Existing registry entries are absolutely safe,” it added.

A report by the private firm ZFT.COMPANY and research by SRF claimed it was possible to register anyone without their knowledge or consent. The IT expert at Swisstransplant also discovered that is was possible to read and download all files on the application server. According to Swisstransplant, this security gap has been closed.

In compliance with the JTI standards

In compliance with the JTI standards

More: SWI certified by the Journalism Trust Initiative

Contributions under this article have been turned off. You can find an overview of ongoing debates with our journalists here. Please join us!

If you want to start a conversation about a topic raised in this article or want to report factual errors, email us at

Share this story

Change your password

Do you really want to delete your profile?