No Images? Click here

Logo VISCHER
 
 

Revision of the Swiss Federal Act on Data Protection

Federal Council has started the consultation process

On December 21, 2016, the Federal Council published the preliminary draft for a complete revision of the Federal Act on Data Protection (FADP). Interested parties may submit a formal position until April 4, 2017. The key points of the revision are summarised below:

  • Broader information duties (active information)
  • Stronger right to information (more information)
  • Documentation duties
  • Control of data subject over their personal data (right to rectification and erasure)
  • Privacy by Design and Privacy by Default
  • Inspection and authorisation duties (e.g. data protection impact assessment when data processing entails a high risk, corporate data protection measures for the transfer of data to third countries)
  • Data Breach Notifications
  • Best Practice recommendations
  • Increased competences of the Federal Data Protection and Information Commissioner FDPIC (precautionary measures, administrative actions, administrative assistance)
  • Fines in the amount of up to CHF 500'000 for privacy violations

VISCHER will analyse the proposed revision and support companies and interested parties in the evaluation of the potential impact as well as the draft of statements during the consultation process. The preliminary draft foresees that many important details will only be decided in the respective ordinance.

The draft provides stricter rules compared to the current FADP, however, it is not as strict as the regulations in the EU. We are confident that Switzerland needs a pragmatic and stringent data protection act that accounts for economic interests as well as the interests of all parties concerned. To remain competitive, Switzerland must ensure that its data protection level is recognised as equivalent to the EU standards. However, it is not necessary to completely adopt the EU's General Data Protection Regulation. Swiss law should remain reasonable – especially with regard to companies that focus their operations on the Swiss market. The so-called risk-based approach would adequately address this. Instead of creating general and broad data protection and data security rules, regulators should focus on implementing specific rules in areas where considerable risks to privacy exist, e.g. when processing personal data of children and young adults or health data.

The members of our Competence Team in Data Law are at your disposal for any questions concerning the revision of the FADP as well as possible actions you may consider to take.

Rolf Auf der Maur
ram@vischer.com

Delia Fehr-Bosshard
dbosshard@vischer.com

Marc Ph. Prinz
mprinz@vischer.com

Thomas Steiner
tsteiner@vischer.com

Michael Waldner
mwaldner@vischer.com

Christian Wyss
cwyss@vischer.com

VISCHER AG
Schützengasse 1   8021 Zürich  Switzerland
Tel +41 58 211 34 00  Fax +41 58 211 34 10

Aeschenvorstadt 4  4010 Basel  Switzerland
Tel +41 58 211 33 00  Fax +41 58 211 33 10

www.vischer.com

 

The publisher cannot be held liable for the correctness, completeness and topicality of any contents or presentations in this News Alert. Copyright © 2016 VISCHER AG; Basel/Zürich. All rights reserved.

 

 

Forward

Preferences  |  Unsubscribe