Federal Act
on Data Protection
(Data Protection Act, FADP)

This Act has the pur­pose of pro­tect­ing the per­son­al­ity and fun­da­ment­al rights of nat­ur­al per­sons whose per­son­al data is pro­cessed.

¹ This Act ap­plies to the pro­cessing of per­son­al data of nat­ur­al per­sons by:

a.

private per­sons;

b.

fed­er­al bod­ies.

² It does not ap­ply to:

a.

per­son­al data be­ing pro­cessed by a nat­ur­al per­son ex­clus­ively for per­son­al use;

b.

per­son­al data be­ing pro­cessed by the Fed­er­al As­sembly and par­lia­ment­ary com­mit­tees as part of their de­lib­er­a­tions;

c.

per­son­al data be­ing pro­cessed by in­sti­tu­tion­al be­ne­fi­ciar­ies un­der Art­icle 2 para­graph 1 of the Host State Act of 22 June 2007³ who en­joy im­munity from jur­is­dic­tion in Switzer­land.

³ The ap­plic­able pro­ced­ur­al law reg­u­lates the pro­cessing of per­son­al data and the data sub­ject's rights in court pro­ceed­ings and in pro­ceed­ings gov­erned by fed­er­al pro­ced­ur­al reg­u­la­tions. This Act ap­plies to first in­stance ad­min­is­trat­ive pro­ceed­ings.

⁴ The pub­lic re­gisters for private leg­al trans­ac­tions, and in par­tic­u­lar the ac­cess to these re­gisters and the data sub­ject's rights, shall be reg­u­lated by the spe­cif­ic pro­vi­sions of the ap­plic­able fed­er­al law. If the spe­cif­ic pro­vi­sions do not con­tain any rules, this Act ap­plies.

¹ This Act ap­plies to cir­cum­stances that have an ef­fect in Switzer­land, even if they were ini­ti­ated abroad.

² For rights un­der private law, the Fed­er­al Act of 18 Decem­ber 1987⁴ on Private In­ter­na­tion­al Law ap­plies. In ad­di­tion, the pro­vi­sions on the ter­rit­ori­al scope of ap­plic­a­tion of the Crim­in­al Code⁵ are re­served.

¹ The Fed­er­al Data Pro­tec­tion and In­form­a­tion Com­mis­sion­er (FD­PIC) su­per­vises the ap­plic­a­tion of the fed­er­al data pro­tec­tion reg­u­la­tions.

² The fol­low­ing are ex­emp­ted from su­per­vi­sion by the FD­PIC:

a.

the Fed­er­al As­sembly;

b.

the Fed­er­al Coun­cil;

c.

the fed­er­al courts;

d.

the Of­fice of the At­tor­ney Gen­er­al of Switzer­land in re­la­tion to pro­cessing per­son­al data as part of crim­in­al pro­ceed­ings;

e.

fed­er­al au­thor­it­ies in re­la­tion to pro­cessing per­son­al data in terms of a ju­di­cial activ­ity or pro­ceed­ings for in­ter­na­tion­al mu­tu­al as­sist­ance in crim­in­al mat­ters.

In this Act:

a.

per­son­al data means any in­form­a­tion re­lat­ing to an iden­ti­fied or iden­ti­fi­able nat­ur­al per­son;

b.

data sub­ject means a nat­ur­al per­son whose per­son­al data is pro­cessed;

c.

sens­it­ive per­son­al datameans:

1.

data re­lat­ing to re­li­gious, philo­soph­ic­al, polit­ic­al or trade uni­on-re­lated views or activ­it­ies,

2.

data re­lat­ing to health, the private sphere or af­fil­i­ation to a race or eth­ni­city,

3.

ge­net­ic data,

4.

bio­met­ric data that uniquely iden­ti­fies a nat­ur­al per­son,

5.

data re­lat­ing to ad­min­is­trat­ive and crim­in­al pro­ceed­ings or sanc­tions,

6.

data re­lat­ing to so­cial as­sist­ance meas­ures;

d.

pro­cessing means any hand­ling of per­son­al data, ir­re­spect­ive of the means and pro­ced­ures used, in par­tic­u­lar the col­lec­tion, stor­age, keep­ing, use, modi­fic­a­tion, dis­clos­ure, archiv­ing, de­le­tion or de­struc­tion of data;

e.

dis­clos­uremeans trans­mit­ting per­son­al data or mak­ing such data ac­cess­ible;

f.

pro­fil­ing means any form of auto­mated pro­cessing of per­son­al data con­sist­ing of the use of per­son­al data to eval­u­ate cer­tain per­son­al as­pects re­lat­ing to a nat­ur­al per­son, in par­tic­u­lar to ana­lyse or pre­dict as­pects con­cern­ing that nat­ur­al per­son's per­form­ance at work, eco­nom­ic situ­ation, health, per­son­al pref­er­ences, in­terests, re­li­ab­il­ity, be­ha­viour, loc­a­tion or move­ments;

g.

high-risk pro­fil­ing means pro­fil­ing that poses a high risk to the data sub­ject's per­son­al­ity or fun­da­ment­al rights by match­ing data that al­low an as­sess­ment to be made of es­sen­tial as­pects of the per­son­al­ity of a nat­ur­al per­son;

h.

breach of data se­cur­ity means a breach of se­cur­ity that leads to the ac­ci­dent­al or un­law­ful loss, de­le­tion, de­struc­tion or modi­fic­a­tion or un­au­thor­ised dis­clos­ure or ac­cess to per­son­al data;

i.

fed­er­al body means an au­thor­ity or ser­vice of the Con­fed­er­a­tion or a per­son en­trus­ted to carry out pub­lic tasks on be­half of the Con­fed­er­a­tion;

j.

con­trol­lermeans a private per­son who or fed­er­al body which, alone or jointly with oth­ers, de­term­ines the pur­pose and the means of pro­cessing per­son­al data;

k.

pro­cessor means a private per­son or fed­er­al body that pro­cesses per­son­al data on be­half of the con­trol­ler.

¹ Per­son­al data must be pro­cessed law­fully.

² The pro­cessing must be car­ried out in good faith and be pro­por­tion­ate.

³ Per­son­al data may only be col­lec­ted for a spe­cif­ic pur­pose that the data sub­ject can re­cog­nise; per­son­al data may only be fur­ther pro­cessed in a man­ner that is com­pat­ible with this pur­pose.

⁴ They shall be des­troyed or an­onymised as soon as they are no longer re­quired for the pur­pose of pro­cessing.

⁵ Any per­son who pro­cesses per­son­al data must sat­is­fy them­selves that the data are ac­cur­ate. They must take all ap­pro­pri­ate meas­ures to cor­rect, de­lete or des­troy data that are in­cor­rect or in­com­plete in­so­far as the pur­pose for which they are col­lec­ted or pro­cessed is con­cerned. The ap­pro­pri­ate­ness of the meas­ures de­pends in par­tic­u­lar on the form and the ex­tent of the pro­cessing and on the risk that the pro­cessing poses to the data sub­ject's per­son­al­ity or fun­da­ment­al rights.

⁶ If the con­sent of the data sub­ject is re­quired, such con­sent is only val­id if giv­en vol­un­tar­ily for one or more spe­cif­ic in­stances of pro­cessing based on ap­pro­pri­ate in­form­a­tion.

⁷ The con­sent must be ex­pli­citly giv­en for:

a.

pro­cessing sens­it­ive per­son­al data;

b.

high-risk pro­fil­ing by a private per­son; or

c.

pro­fil­ing by a fed­er­al body.

¹ The con­trol­ler is ob­liged to ar­range the data pro­cessing in tech­nic­al and or­gan­isa­tion­al terms so that the data pro­tec­tion reg­u­la­tions, and in par­tic­u­lar the prin­ciples un­der Art­icle 6, are re­spec­ted. It shall take ac­count of this from the plan­ning stage.

² The tech­nic­al and or­gan­isa­tion­al meas­ures must in par­tic­u­lar be ap­pro­pri­ate with re­gard to the state of the art, the nature and the ex­tent of the data pro­cessing and the risk that the pro­cessing poses to the data sub­ject's per­son­al­ity or fun­da­ment­al rights.

³ The con­trol­ler is ob­liged to en­sure by means of suit­able de­fault set­tings that the pro­cessing of per­son­al data is lim­ited to the min­im­um re­quired for the pur­pose in­ten­ded, un­less the data sub­ject spe­cifies oth­er­wise.

¹ The con­trol­ler and the pro­cessor shall guar­an­tee a level of data se­cur­ity ap­pro­pri­ate to the risk by tak­ing suit­able tech­nic­al and or­gan­isa­tion­al meas­ures.

² The meas­ures must make it pos­sible to avoid breaches of data se­cur­ity.

³ The Fed­er­al Coun­cil shall is­sue pro­vi­sions on the min­im­um re­quire­ments for data se­cur­ity.

¹ The pro­cessing of per­son­al data may be as­signed by con­tract or by the le­gis­la­tion to a pro­cessor if:

a.

the data is pro­cessed only in the man­ner in which the con­trol­ler it­self is per­mit­ted to do it; and

b.

no stat­utory or con­trac­tu­al duty of con­fid­en­ti­al­ity pro­hib­its as­sign­ment.

² The con­trol­ler must sat­is­fy it­self in par­tic­u­lar that the pro­cessor is able to guar­an­tee data se­cur­ity.

³ The pro­cessor may only as­sign pro­cessing to a third party with pri­or ap­prov­al from the con­trol­ler.

⁴ It may claim the same grounds for jus­ti­fic­a­tion as the con­trol­ler.

¹ Private con­trol­lers may ap­point a data pro­tec­tion of­ficer.

² The data pro­tec­tion of­ficer is the con­tact point for the data sub­jects and for the au­thor­it­ies re­spons­ible for data pro­tec­tion in Switzer­land. He or she has the fol­low­ing tasks in par­tic­u­lar:

a.

train­ing and ad­vising the private con­trol­ler in mat­ters of data pro­tec­tion;

b.

provid­ing sup­port on ap­ply­ing the data pro­tec­tion reg­u­la­tions.

³ Private con­trol­lers may in­voke the ex­cep­tion in Art­icle 23 para­graph 4 if the fol­low­ing re­quire­ments are sat­is­fied:

a.

The data pro­tec­tion of­ficer ex­er­cises his or her func­tion to­wards the con­trol­ler in a pro­fes­sion­ally in­de­pend­ent man­ner and is not bound by any in­struc­tions.

b.

He or she does not carry out any activ­it­ies that are in­com­pat­ible with his or her tasks as a data pro­tec­tion of­ficer.

c.

He or she has the re­quired ex­pert­ise.

d.

The con­trol­ler pub­lishes the con­tact de­tails of the data pro­tec­tion of­ficer and no­ti­fies the FD­PIC there­of.

⁴ The Fed­er­al Coun­cil shall reg­u­late the ap­point­ment of data pro­tec­tion of­ficers by fed­er­al bod­ies.

¹ Pro­fes­sion­al, in­dustry and trade as­so­ci­ations that are au­thor­ised to safe­guard the eco­nom­ic in­terests of their mem­bers in their art­icles of as­so­ci­ation and fed­er­al bod­ies may sub­mit codes of con­duct to the FD­PIC.

² The FD­PIC shall state and pub­lish his or her opin­ions on the codes of con­duct.

¹ The con­trol­ler and the pro­cessor shall each main­tain a re­cord of their pro­cessing activ­it­ies.

² The con­trol­ler's re­cord shall as a min­im­um con­tain:

a.

the iden­tity of the con­trol­ler;

b.

the pur­pose of pro­cessing;

c.

a de­scrip­tion of the cat­egor­ies of data sub­jects and the cat­egor­ies of pro­cessed per­son­al data;

d.

the cat­egor­ies of re­cip­i­ents;

e.

if pos­sible, the re­ten­tion peri­od for the per­son­al data or the cri­ter­ia for de­term­in­ing this peri­od;

f.

if pos­sible, a gen­er­al de­scrip­tion of the meas­ures taken to guar­an­tee data se­cur­ity un­der Art­icle 8;

g.

if the data are dis­closed abroad, de­tails of the State con­cerned and the guar­an­tees un­der Art­icle 16 para­graph 2.

³ The pro­cessor's re­cord shall con­tain in­form­a­tion on iden­tity of the pro­cessor and of the con­trol­ler, the cat­egor­ies of pro­cessing car­ried out on be­half of the con­trol­ler, and the in­form­a­tion men­tioned in para­graph 2 let­ters f and g.

⁴ The fed­er­al bod­ies shall no­ti­fy the FD­PIC of their re­cords of pro­cessing activ­it­ies.

⁵ The Fed­er­al Coun­cil shall provide ex­cep­tions for leg­al en­tit­ies that have few­er than 250 em­ploy­ees and whose data pro­cessing poses a neg­li­gible risk of harm to the per­son­al­ity of the data sub­jects.

¹ The man­u­fac­tur­ers of data pro­cessing sys­tems or pro­grams and con­trol­lers and pro­cessors may have their sys­tems, products and ser­vices eval­u­ated by re­cog­nised in­de­pend­ent cer­ti­fic­a­tion bod­ies.

² The Fed­er­al Coun­cil shall is­sue reg­u­la­tions on the re­cog­ni­tion of cer­ti­fic­a­tion pro­ced­ures and the in­tro­duc­tion of a data pro­tec­tion qual­ity mark. In do­ing so, it shall take ac­count of in­ter­na­tion­al law and the in­ter­na­tion­ally re­cog­nised tech­nic­al stand­ards.

¹ Private con­trol­lers with re­gistered of­fice or dom­i­cile abroad shall ap­point a rep­res­ent­at­ive in Switzer­land if they pro­cess the per­son­al data of per­sons in Switzer­land and the data pro­cessing meets the fol­low­ing re­quire­ments:

a.

The pro­cessing is con­nec­ted with the of­fer of goods or ser­vices or the mon­it­or­ing of the be­ha­viour of per­sons in Switzer­land.

b.

The pro­cessing is on a large scale.

c.

The pro­cessing is car­ried out reg­u­larly.

d.

The pro­cessing poses a high risk to the per­son­al­ity of the data sub­jects.

² The rep­res­ent­at­ive shall serve as the con­tact point for the data sub­jects and the FD­PIC.

³ The con­trol­ler shall pub­lish the name and the ad­dress of the rep­res­ent­at­ive.

¹ The rep­res­ent­at­ive shall main­tain a re­cord of con­trol­ler's pro­cessing activ­it­ies that con­tains the in­form­a­tion set out in Art­icle 12 para­graph 2.

² On re­quest, he or she shall provide the FD­PIC with the in­form­a­tion con­tained in the re­cord.

³ On re­quest, the rep­res­ent­at­ive shall provide data sub­jects with in­form­a­tion on how they can ex­er­cise their rights.

¹ Per­son­al data may be dis­closed abroad if the Fed­er­al Coun­cil has de­cided that the le­gis­la­tion of the State con­cerned or the in­ter­na­tion­al body guar­an­tees an ad­equate level of pro­tec­tion.

² In the ab­sence of a de­cision by the Fed­er­al Coun­cil un­der para­graph 1, per­son­al data may be dis­closed abroad only if an ad­equate level of data pro­tec­tion is guar­an­teed by:

a.

a treaty un­der in­ter­na­tion­al law;

b.

data pro­tec­tion clauses in an agree­ment between the con­trol­ler or the pro­cessor and its con­trac­tu­al part­ner, no­tice of which has been giv­en to the FD­PIC be­fore­hand;

c.

spe­cif­ic guar­an­tees drawn up by the com­pet­ent fed­er­al body, no­tice of which has been giv­en to the FD­PIC be­fore­hand;

d.

stand­ard data pro­tec­tion clauses that the FD­PIC has ap­proved, is­sued or re­cog­nised be­fore­hand; or

e.

bind­ing cor­por­ate rules that have been ap­proved in ad­vance by the FD­PIC or by the au­thor­ity re­spons­ible for data pro­tec­tion in a State that guar­an­tees an ad­equate level of pro­tec­tion.

³ The Fed­er­al Coun­cil may provide for oth­er suit­able guar­an­tees in line with para­graph 2.

¹ In derog­a­tion from Art­icle 16 para­graphs 1 and 2, per­son­al data may be dis­closed abroad in the fol­low­ing cases:

a.

The data sub­ject has ex­pli­citly con­sen­ted to dis­clos­ure.

b.

Dis­clos­ure is dir­ectly con­nec­ted with the con­clu­sion or per­form­ance of a con­tract:

1.

between the con­trol­ler and the data sub­ject; or

2.

between the con­trol­ler and its con­trac­tu­al part­ner in the in­terests the data sub­ject.

c.

Dis­clos­ure is ne­ces­sary in or­der to:

1.

safe­guard an over­rid­ing pub­lic in­terest; or

2.

es­tab­lish, ex­er­cise or en­force leg­al rights be­fore a court or an­oth­er com­pet­ent for­eign au­thor­ity.

d.

Dis­clos­ure is ne­ces­sary to pro­tect the life or the phys­ic­al in­teg­rity of the data sub­ject or a third party, and it is not pos­sible to ob­tain the con­sent of the data sub­ject with­in a reas­on­able time.

e.

The data sub­ject has made the data gen­er­ally ac­cess­ible and has not ex­pli­citly pro­hib­ited pro­cessing.

f.

The data ori­gin­ate from a stat­utory re­gister that is pub­lic or ac­cess­ible to per­sons with a le­git­im­ate in­terest, provided the stat­utory re­quire­ments for ac­cess are met in the case con­cerned.

² The con­trol­ler or the pro­cessor shall in­form the FD­PIC on re­quest about the dis­clos­ure of per­son­al data un­der para­graph 1 let­ters b num­ber 2, c and d.

If per­son­al data are made gen­er­ally ac­cess­ible by means of auto­mated in­form­a­tion and com­mu­nic­a­tions ser­vices in or­der to provide in­form­a­tion to the gen­er­al pub­lic, this is not deemed to be dis­clos­ure abroad, even if the data are ac­cess­ible from abroad.

¹ The con­trol­ler shall in­form the data sub­ject in an ap­pro­pri­ate man­ner when col­lect­ing per­son­al data; this duty to provide in­form­a­tion also ap­plies if the data is not col­lec­ted from the data sub­ject.

² It shall provide the data sub­ject on col­lect­ing the data with the in­form­a­tion re­quired for the data sub­ject to ex­er­cise their rights un­der this Act and to guar­an­tee trans­par­ent data pro­cessing; it shall provide the fol­low­ing in­form­a­tion as a min­im­um:

a.

the con­trol­ler's iden­tity and con­tact de­tails;

b.

the pur­pose of pro­cessing;

c.

if ap­plic­able, the re­cip­i­ents or the cat­egor­ies of re­cip­i­ents to which per­son­al data is dis­closed.

³ If the data is not col­lec­ted from the data sub­ject, the con­trol­ler shall also in­form the data sub­ject of the cat­egor­ies of pro­cessed per­son­al data.

⁴ If the per­son­al data are dis­closed abroad, the con­trol­ler shall also in­form the data sub­ject of the State or the in­ter­na­tion­al body to which such data are dis­closed and if ap­plic­able of the guar­an­tees un­der Art­icle 16 para­graph 2 or the ap­plic­a­tion of an ex­cep­tion un­der Art­icle 17.

⁵ If the data is not col­lec­ted from the data sub­ject, the con­trol­ler shall also in­form the data sub­ject of the in­form­a­tion spe­cified in para­graphs 2–4 at the latest one month after re­ceiv­ing the data. If the con­trol­ler dis­closes the per­son­al data be­fore the ex­piry of this dead­line, it shall in­form the data sub­ject at the time of dis­clos­ure at the latest.

¹ The duty to provide in­form­a­tion un­der Art­icle 19 ceases to ap­ply if one of the fol­low­ing re­quire­ments is sat­is­fied:

a.

The data sub­ject already has the in­form­a­tion con­cerned.

b.

The pro­cessing is re­quired by law.

c.

The con­trol­ler is a private per­son who is re­quired by law to pre­serve con­fid­en­ti­al­ity.

d.

The re­quire­ments of Art­icle 27 are sat­is­fied.

² If the per­son­al data is not col­lec­ted from the data sub­ject, the duty to provide in­form­a­tion also ceases to ap­ply if any one of the fol­low­ing re­quire­ments is sat­is­fied:

a.

It is not pos­sible to provide the in­form­a­tion.

b.

Provid­ing the in­form­a­tion re­quires dis­pro­por­tion­ate ef­fort.

³ The con­trol­ler may re­strict, delay or dis­pense with the pro­vi­sion of the in­form­a­tion in the fol­low­ing cases:

a.

It is re­quired to do so be­cause of over­rid­ing third party in­terests.

b.

Provid­ing the in­form­a­tion de­feats the pur­pose of the pro­cessing.

c.

The con­trol­ler is a private per­son and the fol­low­ing re­quire­ments are sat­is­fied:

1.

The con­trol­ler is re­quired to do so be­cause of its own over­rid­ing in­terests.

2.

The con­trol­ler does not in­tend to dis­close the per­son­al data to third parties.

d.

The con­trol­ler is a fed­er­al body and any one of the fol­low­ing re­quire­ments is sat­is­fied:

1.

The meas­ure is re­quired to sat­is­fy over­rid­ing pub­lic in­terests, in par­tic­u­lar to pro­tect Switzer­land's in­tern­al or ex­tern­al se­cur­ity.

2.

The com­mu­nic­a­tion of the in­form­a­tion may com­prom­ise an en­quiry, an in­vest­ig­a­tion or ad­min­is­trat­ive or ju­di­cial pro­ceed­ings.

⁴ Leg­al en­tit­ies that be­long to the same group of com­pan­ies are not third parties with­in the mean­ing of para­graph 3 let­ter c num­ber 2.

¹ The con­trol­ler shall in­form the data sub­ject about any de­cision that is based ex­clus­ively on auto­mated pro­cessing and that has a leg­al con­sequence for or a con­sid­er­able ad­verse ef­fect on the data sub­ject (auto­mated in­di­vidu­al de­cision).

² It shall on re­quest al­low the data sub­ject to ex­press their point of view. The data sub­ject may re­quest that the auto­mated in­di­vidu­al de­cision be re­viewed by a nat­ur­al per­son.

³ Para­graphs 1 and 2 do not ap­ply if:

a.

the auto­mated in­di­vidu­al de­cision is dir­ectly con­nec­ted with the con­clu­sion or the pro­cessing of a con­tract between the con­trol­ler and the data sub­ject and the data sub­ject's re­quest is gran­ted; or

b.

the data sub­ject has ex­pli­citly con­sen­ted to the de­cision be­ing auto­mated.

⁴ If the auto­mated in­di­vidu­al de­cision is is­sued by a fed­er­al body, it must des­ig­nate the de­cision ac­cord­ingly. Para­graph 2 does not ap­ply if, in ac­cord­ance with Art­icle 30 para­graph 2 of the Ad­min­is­trat­ive Pro­ced­ure Act of 20 Decem­ber 1968⁶ (APA) or an­oth­er fed­er­al act, the data sub­ject is not en­titled to a hear­ing be­fore the de­cision is taken.

¹ If pro­cessing is likely to res­ult in a high risk to the data sub­ject's per­son­al­ity or fun­da­ment­al rights, the con­trol­ler shall carry out a data pro­tec­tion im­pact as­sess­ment be­fore­hand. If sev­er­al sim­il­ar pro­cessing pro­ced­ures are planned, a joint as­sess­ment may be car­ried out.

² The ex­ist­ence of a high risk, in par­tic­u­lar when us­ing new tech­no­lo­gies, de­pends on the nature, ex­tent, cir­cum­stances and pur­pose of the pro­cessing. A high risk arises in par­tic­u­lar:

a.

in the case of the large-scale pro­cessing of sens­it­ive per­son­al data;

b.

if pub­lic areas are sys­tem­at­ic­ally mon­itored on a large scale.

³ The data pro­tec­tion im­pact as­sess­ment shall in­clude a de­scrip­tion of the planned pro­cessing, an eval­u­ation of the risks to the data sub­ject's per­son­al­ity or fun­da­ment­al rights and a de­scrip­tion of the meas­ures to pro­tect per­son­al­ity and fun­da­ment­al rights.

⁴ Private con­trol­lers are ex­empt from hav­ing to carry out a data pro­tec­tion im­pact as­sess­ment if they are re­quired by law to pro­cess the data.

⁵ A private con­trol­ler may dis­pense with car­ry­ing out a data pro­tec­tion im­pact as­sess­ment if it uses a sys­tem, product or ser­vice that is cer­ti­fied un­der Art­icle 13 for the in­ten­ded use, or if it com­plies with a code of con­duct un­der Art­icle 11 that sat­is­fies the fol­low­ing re­quire­ments:

a.

The code of con­duct is based on a data pro­tec­tion im­pact as­sess­ment.

b.

It provides for meas­ures to pro­tect the per­son­al­ity and the data sub­ject's fun­da­ment­al rights.

c.

It has been sub­mit­ted to the FD­PIC.

¹ If the data pro­tec­tion im­pact as­sess­ment in­dic­ates that the planned pro­cessing des­pite the meas­ures planned by the con­trol­ler will still pose a high risk to the per­son­al­ity or the data sub­ject's fun­da­ment­al rights, the con­trol­ler shall seek the FD­PIC's opin­ion be­fore­hand.

² The FD­PIC shall in­form the con­trol­ler with­in two months of any ob­jec­tions to the planned pro­cessing. This dead­line may be ex­ten­ded by one month if the data pro­cessing is com­plex.

³ If the FD­PIC ob­jects to the planned pro­cessing, he or she shall pro­pose suit­able meas­ures to the con­trol­ler.

⁴ A private con­trol­ler may dis­pense with con­sult­ing the FD­PIC if it has con­sul­ted the data pro­tec­tion of­ficer un­der Art­icle 10.

¹ The con­trol­ler shall no­ti­fy the FD­PIC of any breach of data se­cur­ity that is likely to lead to a high risk to the data sub­ject's per­son­al­ity or fun­da­ment­al rights as quickly as pos­sible.

² In the no­ti­fic­a­tion, it shall as a min­im­um spe­cify the nature of the breach of data se­cur­ity, its con­sequences and the meas­ures taken or planned.

³ The pro­cessor shall no­ti­fy the con­trol­ler of any breach of data se­cur­ity as quickly as pos­sible.

⁴ The con­trol­ler shall in­form the data sub­ject if this is re­quired for their pro­tec­tion or if the FD­PIC so re­quests.

⁵ It may lim­it, delay or dis­pense with the pro­vi­sion of in­form­a­tion to the data sub­ject if:

a.

there is a reas­on for do­ing so pur­su­ant to Art­icle 26 para­graph 1 let­ter b or para­graph 2 let­ter b or the pro­vi­sion of in­form­a­tion is pro­hib­ited by a stat­utory duty of con­fid­en­ti­al­ity;

b.

the pro­vi­sion of in­form­a­tion is im­possible or re­quires dis­pro­por­tion­ate ef­fort; or

c.

the pro­vi­sion of in­form­a­tion to the data sub­ject is equally guar­an­teed by mak­ing a pub­lic an­nounce­ment.

⁶ A no­ti­fic­a­tion made pur­su­ant to this Art­icle may only be used against the per­son re­quired to no­ti­fy in crim­in­al pro­ceed­ings with that per­son's con­sent.

¹ Any per­son may re­quest in­form­a­tion from the con­trol­ler on wheth­er per­son­al data re­lat­ing to them is be­ing pro­cessed.

² The data sub­ject shall re­ceive the in­form­a­tion re­quired to be able to ex­er­cise their rights un­der this Act and to guar­an­tee trans­par­ent data pro­cessing. In every case, they are en­titled to the fol­low­ing in­form­a­tion:

a.

the iden­tity and the con­tact de­tails of the con­trol­ler;

b.

the pro­cessed per­son­al data as such;

c.

the pur­pose of pro­cessing;

d.

the re­ten­tion peri­od for the per­son­al data or, if this is not pos­sible, the cri­ter­ia for de­term­in­ing this peri­od;

e.

the avail­able in­form­a­tion about the source of the per­son­al data, if it has not been col­lec­ted from the data sub­ject;

f.

if ap­plic­able, wheth­er an auto­mated in­di­vidu­al de­cision has been taken and the lo­gic be­hind the de­cision;

g.

if ap­plic­able, the re­cip­i­ents or the cat­egor­ies of re­cip­i­ents to which per­son­al data is dis­closed, as well as the in­form­a­tion spe­cified in Art­icle 19 para­graph 4.

³ The data sub­ject may con­sent to hav­ing per­son­al data re­lat­ing to their health com­mu­nic­ated by a health pro­fes­sion of their choice.

⁴ If the con­trol­ler ar­ranges for per­son­al data to be pro­cessed by a pro­cessor, it re­mains un­der a duty to provide in­form­a­tion.

⁵ No one may waive their right to in­form­a­tion in ad­vance.

⁶ The con­trol­ler must provide in­form­a­tion free of charge. The Fed­er­al Coun­cil may provide for ex­cep­tions, in par­tic­u­lar if the ef­fort re­quired is dis­pro­por­tion­ate.

⁷ The in­form­a­tion shall in gen­er­al be provided with­in 30 days.

¹ The con­trol­ler may re­fuse to provide in­form­a­tion, or re­strict or delay the pro­vi­sion of in­form­a­tion if:

a.

a form­al law so provides, in par­tic­u­lar in or­der to pre­serve pro­fes­sion­al secrecy;

b.

this is re­quired to safe­guard over­rid­ing third-party in­terests; or

c.

the re­quest for in­form­a­tion is ob­vi­ously un­jus­ti­fied, in par­tic­u­lar if does not serve the pur­pose of data pro­tec­tion or is clearly frivol­ous.

² Fur­ther­more, it is pos­sible to re­fuse, re­strict or delay the pro­vi­sion of in­form­a­tion in the fol­low­ing cases:

a.

The con­trol­ler is a private per­son and the fol­low­ing re­quire­ments are sat­is­fied:

1.

The con­trol­ler's own over­rid­ing in­terests re­quire the meas­ure.

2.

The con­trol­ler does not in­tend to dis­close the per­son­al data to third parties.

b.

The con­trol­ler is a fed­er­al body, and one of the fol­low­ing re­quire­ments is sat­is­fied:

1.

The meas­ure is re­quired to sat­is­fy over­rid­ing pub­lic in­terests, in par­tic­u­lar Switzer­land's in­tern­al or ex­tern­al se­cur­ity.

2.

The com­mu­nic­a­tion of the in­form­a­tion may com­prom­ise an en­quiry, an in­vest­ig­a­tion or ad­min­is­trat­ive or ju­di­cial pro­ceed­ings.

³ Leg­al en­tit­ies that be­long to the same group of com­pan­ies are not third parties with­in the mean­ing of para­graph 2 let­ter a num­ber 2.

⁴ The con­trol­ler must in­dic­ate why it is re­fus­ing, re­strict­ing or delay­ing the pro­vi­sion of the in­form­a­tion.

¹ If per­son­al data are pro­cessed ex­clus­ively for their pub­lic­a­tion in the ed­it­or­i­al sec­tion of a peri­od­ic­ally pub­lished me­di­um, the con­trol­ler may re­fuse, re­strict or delay the pro­vi­sion of in­form­a­tion for one of the fol­low­ing reas­ons:

a.

The data re­veals the sources of the in­form­a­tion.

b.

The pro­vi­sion of in­form­a­tion would al­low ac­cess to drafts of pub­lic­a­tions.

c.

The pro­vi­sion of in­form­a­tion would com­prom­ise the free­dom of the pub­lic to shape their own opin­ions.

² Journ­al­ists may also re­fuse, re­strict or delay the pro­vi­sion of in­form­a­tion if they are us­ing the per­son­al data ex­clus­ively as an aid to their own per­son­al work.

¹ Any per­son may re­quest the con­trol­ler to de­liv­er the per­son­al data that they have dis­closed to it in a con­ven­tion­al elec­tron­ic format if:

a.

the con­trol­ler is car­ry­ing out the auto­mated pro­cessing of the data; and

b.

the data are be­ing pro­cessed with the con­sent of the data sub­ject or in dir­ect con­nec­tion with the con­clu­sion or the per­form­ance of a con­tract between the con­trol­ler and the data sub­ject.

² The data sub­ject may also re­quest the con­trol­ler to trans­fer their per­son­al data to an­oth­er con­trol­ler if the re­quire­ments in para­graph 1 are met and no dis­pro­por­tion­ate ef­fort is re­quired.

³ The con­trol­ler must de­liv­er or trans­fer the per­son­al data free of charge. The Fed­er­al Coun­cil may provide for ex­cep­tions, in par­tic­u­lar if the ef­fort is dis­pro­por­tion­ate.

¹ The con­trol­ler may re­fuse, re­strict or delay the de­liv­ery or trans­fer of per­son­al data for the reas­ons set out in Art­icle 26 para­graphs 1 and 2.

² The con­trol­ler must give reas­ons why it has de­cided to re­fuse, re­strict or delay the de­liv­ery or trans­fer.

¹ Any per­son who pro­cesses per­son­al data must not un­law­fully breach the data sub­jects' per­son­al­ity rights.

² A breach of per­son­al­ity rights arises in par­tic­u­lar if:

a.

per­son­al data are pro­cessed con­trary to the prin­ciples of Art­icles 6 and 8;

b.

per­son­al data are pro­cessed con­trary to the ex­press wishes of the data sub­ject;

c.

sens­it­ive per­son­al data are dis­closed to third parties.

³ In gen­er­al no breach of per­son­al­ity rights arises if the data sub­ject makes the per­son­al data gen­er­ally ac­cess­ible and has not ex­pli­citly pro­hib­ited any pro­cessing.

¹ A breach of per­son­al­ity rights is un­law­ful un­less it is jus­ti­fied by the con­sent of the data sub­ject, by an over­rid­ing private or pub­lic in­terest, or by the law.

² The con­trol­ler may have an over­rid­ing in­terest in the fol­low­ing cases in par­tic­u­lar:

a.

The con­trol­ler pro­cesses per­son­al data re­lat­ing to a con­tract­ing party in dir­ect con­nec­tion with the con­clu­sion or the per­form­ance of a con­tract.

b.

The con­trol­ler is or in­tends to be in com­mer­cial com­pet­i­tion with an­oth­er per­son and for this pur­pose pro­cesses per­son­al data that are not dis­closed to third parties; leg­al en­tit­ies that be­long to the same group of com­pan­ies as the con­trol­ler are not re­garded as third parties for the pur­poses of this pro­vi­sion.

c.

The con­trol­ler pro­cesses per­son­al data to veri­fy the cred­it­wor­thi­ness of the data sub­ject, provided the fol­low­ing re­quire­ments are sat­is­fied:

1.

The mat­ter in­volves neither sens­it­ive per­son­al data nor high-risk pro­fil­ing.

2.

The data are only dis­closed to third parties if the third parties re­quire the data for the con­clu­sion or the per­form­ance of a con­tract with the data sub­ject.

3.

The data are no more than ten years old.

4.

The data sub­ject has at­tained the age of ma­jor­ity.

d.

The con­trol­ler pro­cesses the per­son­al data pro­fes­sion­ally and ex­clus­ively for pub­lic­a­tion in the ed­it­or­i­al sec­tion of a peri­od­ic­ally pub­lished me­di­um or the con­trol­ler uses the data, if they are not pub­lished, as an aid to their own per­son­al work.

e.

The con­trol­ler pro­cesses the per­son­al data for pur­poses not re­lated to spe­cif­ic per­sons, in par­tic­u­lar for re­search, plan­ning or stat­ist­ics, provided the fol­low­ing re­quire­ments are sat­is­fied:

1.

The con­trol­ler an­onymises the data as soon as the pur­pose of pro­cessing per­mits; if an­onym­ity is im­possible or if it re­quires dis­pro­por­tion­ate ef­fort, the con­trol­ler shall take ap­pro­pri­ate meas­ures to pre­vent the iden­ti­fic­a­tion of the data sub­ject.

2.

If the mat­ter in­volves sens­it­ive per­son­al data, the con­trol­ler shall dis­close such data to third parties in such a man­ner that the data sub­ject is not iden­ti­fi­able; if this is not pos­sible, it must be guar­an­teed that the third parties only pro­cess the data for pur­poses un­re­lated to the data sub­ject's per­son.

3.

The res­ults are pub­lished in such a man­ner that data sub­jects are not iden­ti­fi­able.

f.

The con­trol­ler col­lects per­son­al data re­lat­ing to a pub­lic fig­ure that re­late to that per­son's pub­lic activ­it­ies.

¹ The data sub­ject may re­quest that in­cor­rect per­son­al data be cor­rec­ted un­less:

a.

a stat­utory pro­vi­sion pro­hib­its the cor­rec­tion;

b.

the per­son­al data are pro­cessed for archiv­ing pur­poses that are in the pub­lic in­terest.

² Ac­tions to pro­tect the per­son­al­ity are gov­erned by the Art­icles 28, 28aand 28g–28lof the Civil Code⁷. The ap­plic­ant may in par­tic­u­lar re­quest that:

a.

a spe­cif­ic data pro­cessing activ­ity be pro­hib­ited;

b.

a spe­cif­ic dis­clos­ure of per­son­al data to third parties be pro­hib­ited;

c.

per­son­al data be de­leted or des­troyed.

³ If neither the ac­cur­acy nor the in­ac­cur­acy of the rel­ev­ant per­son­al data can be es­tab­lished, the ap­plic­ant may re­quest that the data be marked as be­ing dis­puted.

⁴ The ap­plic­ant may also re­quest that any cor­rec­tion, de­le­tion or de­struc­tion, pro­hib­i­tion of pro­cessing or dis­clos­ure to third parties, mark­ing as dis­puted or judg­ment be com­mu­nic­ated to third parties or be pub­lished.

The Fed­er­al Coun­cil shall reg­u­late the con­trol pro­ced­ures and re­spons­ib­il­ity for data pro­tec­tion in cases in which a fed­er­al body pro­cesses per­son­al data jointly with oth­er fed­er­al bod­ies, with can­ton­al bod­ies or with private per­sons.

¹ Fed­er­al bod­ies may only pro­cess per­son­al data if there is a stat­utory basis for do­ing so.

² A stat­utory basis in a form­al law is re­quired in the fol­low­ing cases:

a.

The mat­ter in­volves the pro­cessing of sens­it­ive per­son­al data.

b.

The mat­ter in­volves pro­fil­ing.

c.

The pur­pose or man­ner of the data pro­cessing may lead to a ser­i­ous vi­ol­a­tion of the data sub­ject's fun­da­ment­al rights.

³ A stat­utory basis in a sub­stant­ive law is suf­fi­cient as the basis for pro­cessing per­son­al data un­der para­graph 2 let­ters a and b provided the fol­low­ing re­quire­ments are sat­is­fied:

a.

Pro­cessing is es­sen­tial for a task re­quired by a form­al law.

b.

The pur­pose of pro­cessing poses no par­tic­u­lar risks to the data sub­ject's fun­da­ment­al rights.

⁴ In derog­a­tion from the para­graphs 1–3, fed­er­al bod­ies may pro­cess per­son­al data if any one one of the fol­low­ing re­quire­ments is sat­is­fied:

a.

The Fed­er­al Coun­cil has au­thor­ised the pro­cessing be­cause it con­siders that the data sub­ject's rights are not at risk.

b.

The data sub­ject has con­sen­ted to the pro­cessing in the spe­cif­ic case or has made their per­son­al data gen­er­ally ac­cess­ible and has not ex­pli­citly pro­hib­ited any pro­cessing.

c.

The pro­cessing is ne­ces­sary in or­der to pro­tect the life or phys­ic­al in­teg­rity of the data sub­ject or of a third party, and it is not pos­sible to ob­tain the con­sent of the data sub­ject with­in a reas­on­able time.

¹ Be­fore a form­al en­act­ment comes in­to force, the Fed­er­al Coun­cil may au­thor­ise the auto­mated pro­cessing of sens­it­ive per­son­al data or oth­er data pro­cessing un­der Art­icle 34 para­graph 2 let­ters b and c if:

a.

the tasks for which the pro­cessing is re­quired are reg­u­lated in a form­al law that is already in force;

b.

ad­equate meas­ures have been taken to lim­it any vi­ol­a­tion of the data sub­jects' fun­da­ment­al rights to a min­im­um; and

c.

a test phase be­fore the en­act­ment comes in­to force is es­sen­tial for the prac­tic­al im­ple­ment­a­tion of the data pro­cessing, in par­tic­u­lar for tech­nic­al reas­ons.

² The Fed­er­al Coun­cil shall ob­tain the FD­PIC's opin­ion be­fore­hand.

³ The com­pet­ent fed­er­al body shall sub­mit an eval­u­ation re­port to the Fed­er­al Coun­cil no later than two years after the start of the pi­lot tri­al. In the re­port, it shall pro­pose the con­tinu­ation or dis­con­tinu­ation of the pro­cessing.

⁴ Auto­mated data pro­cessing must in every case be dis­con­tin­ued if no form­al en­act­ment con­tain­ing the re­quired leg­al basis has come in­to force with­in five years of the start of the pi­lot tri­al.

¹ Fed­er­al bod­ies may only dis­close per­son­al data if there is a stat­utory basis for do­ing so in ac­cord­ance with Art­icle 34 para­graphs 1–3.

² They may dis­close per­son­al data in spe­cif­ic cases in derog­a­tion from para­graph 1, if any one of the fol­low­ing re­quire­ments is sat­is­fied:

a.

The data must be dis­closed in or­der for the con­trol­ler or the re­cip­i­ent to ful­fil a stat­utory duty.

b.

The data sub­ject has con­sen­ted to dis­clos­ure.

c.

The data must be dis­closed in or­der to pro­tect the life or phys­ic­al in­teg­rity of the data sub­ject or of a third party and it is not pos­sible to ob­tain the con­sent of the data sub­ject with­in a reas­on­able time.

d.

The data sub­ject has made their per­son­al data gen­er­ally ac­cess­ible and has not ex­pli­citly pro­hib­ited any pro­cessing.

e.

The re­cip­i­ent has cred­ibly shown that the data sub­ject has re­fused con­sent or ob­jec­ted to the dis­clos­ure in or­der to pre­vent the re­cip­i­ent from en­for­cing leg­al rights or ex­er­cising oth­er le­git­im­ate in­terests; the data sub­ject must be giv­en the op­por­tun­ity be­fore­hand to com­ment, un­less this is im­possible or re­quires dis­pro­por­tion­ate ef­fort.

³ The fed­er­al bod­ies may fur­ther­more dis­close per­son­al data as part of of­fi­cial in­form­a­tion provided to the pub­lic or based on the Free­dom of In­form­a­tion Act of 17 Decem­ber 2004⁸ if:

a.

the data is con­nec­ted with the ful­fil­ment of pub­lic du­ties; and

b.

there is an over­rid­ing pub­lic in­terest in the dis­clos­ure.

⁴ They may also dis­close a per­son’s sur­name, first name, ad­dress and date of birth on re­quest even if the re­quire­ments in para­graphs 1 or 2 are not sat­is­fied.

⁵ They may make per­son­al data gen­er­ally ac­cess­ible by means of auto­mated in­form­a­tion and com­mu­nic­a­tions ser­vices if there is a leg­al basis for pub­lish­ing the data or if they dis­close data based on para­graph 3. If there is no longer a pub­lic in­terest in mak­ing the data gen­er­ally ac­cess­ible, the data con­cerned shall be de­leted from the auto­mated in­form­a­tion and com­mu­nic­a­tions ser­vice.

⁶ The fed­er­al bod­ies shall re­fuse or re­strict dis­clos­ure or make dis­clos­ure sub­ject to re­quire­ments if:

a.

es­sen­tial pub­lic in­terests or the mani­festly le­git­im­ate in­terests of the data sub­ject so re­quire; or

b.

stat­utory du­ties of con­fid­en­ti­al­ity or spe­cial data pro­tec­tion reg­u­la­tions so re­quire.

¹ A data sub­ject who cred­ibly shows a le­git­im­ate in­terest may ob­ject to the dis­clos­ure of spe­cif­ic per­son­al data by the re­spons­ible fed­er­al body.

² The fed­er­al body shall re­ject the ob­jec­tion if any one of the fol­low­ing re­quire­ments is sat­is­fied:

a.

There is a leg­al duty to dis­close the data.

b.

The ful­fil­ment of the body's tasks would oth­er­wise be jeop­ard­ised.

³ Art­icle 36 para­graph 3 re­mains re­served.

¹ In ac­cord­ance with the Archiv­ing Act of 26 June 1998⁹, fed­er­al bod­ies shall of­fer to the Fed­er­al Archives all per­son­al data that they no longer reg­u­larly re­quire.

² They shall des­troy per­son­al data that the Fed­er­al Archives do not deem to be worth archiv­ing un­less:

a.

the data are an­onymised;

b.

they must be pre­served for evid­en­tiary or se­cur­ity pur­poses or to safe­guard the data sub­ject's le­git­im­ate in­terests.

¹ Fed­er­al bod­ies may pro­cess per­son­al data for pur­poses not re­lated to spe­cif­ic per­sons, in par­tic­u­lar for re­search, plan­ning or stat­ist­ics, provided:

a.

the data are an­onymised as soon as the pur­pose of pro­cessing per­mits;

b.

the fed­er­al body only dis­closes sens­it­ive per­son­al data to private per­sons in such a man­ner that the data sub­jects are not iden­ti­fi­able;

c.

the re­cip­i­ent only trans­mits the data to third parties with the con­sent of the fed­er­al body that dis­closed the data; and

d.

the res­ults are only pub­lished in such a man­ner that the data sub­jects are not iden­ti­fi­able.

² Art­icles 6 para­graph 3, 34 para­graph 2 and 36 para­graph 1 do not ap­ply.

If a fed­er­al body acts un­der private law, the pro­vi­sions on data pro­cessing by private per­sons ap­ply.

¹ Any per­son who has a le­git­im­ate in­terest may re­quest the re­spons­ible fed­er­al body to:

a.

stop the un­law­ful pro­cessing of the per­son­al data con­cerned;

b.

re­dress the con­sequences of un­law­ful pro­cessing;

c.

de­clare the pro­cessing to be un­law­ful.

² The ap­plic­ant may in par­tic­u­lar re­quest the fed­er­al body to:

a.

cor­rect, de­lete or des­troy the per­son­al data con­cerned;

b.

com­mu­nic­ate its de­cision, in par­tic­u­lar about cor­rect­ing, de­let­ing or des­troy­ing per­son­al data, the ob­jec­tion against the dis­clos­ure un­der Art­icle 37 or mark­ing data as dis­puted un­der para­graph 4, to third parties or pub­lish the de­cision.

³ In­stead of de­let­ing or des­troy­ing the per­son­al data, the fed­er­al body shall re­strict the pro­cessing if:

a.

the data sub­ject dis­putes the ac­cur­acy of the per­son­al data and neither its ac­cur­acy nor its in­ac­cur­acy can be es­tab­lished;

b.

the over­rid­ing in­terests of third parties so re­quire;

c.

an over­rid­ing pub­lic in­terest, in par­tic­u­lar Switzer­land's in­tern­al or ex­tern­al se­cur­ity, so re­quires;

d.

de­let­ing or des­troy­ing the data may jeop­ard­ise an en­quiry, an in­vest­ig­a­tion or an ad­min­is­trat­ive or ju­di­cial pro­ced­ure.

⁴ If neither the ac­cur­acy nor the in­ac­cur­acy of the rel­ev­ant per­son­al data can be es­tab­lished, the fed­er­al body shall mark the data as be­ing dis­puted.

⁵ The cor­rec­tion, de­le­tion or de­struc­tion of per­son­al data may not be re­ques­ted in con­nec­tion with the stocks held by pub­licly ac­cess­ible lib­rar­ies, edu­ca­tion and train­ing in­sti­tu­tions, mu­seums, archives or oth­er pub­lic memory in­sti­tu­tions. If the ap­plic­ant cred­ibly shows an over­rid­ing in­terest, he or she may re­quest the in­sti­tu­tion to re­strict ac­cess to the dis­puted data. Para­graphs 3 and 4 do not ap­ply.

⁶ The pro­ced­ure is gov­erned by the APA¹⁰. The ex­cep­tions in Art­icles 2 and 3 APA do not ap­ply.

Where pro­ceed­ings re­lat­ing to ac­cess to of­fi­cial doc­u­ments that con­tain per­son­al data in ac­cord­ance with the Free­dom of In­form­a­tion Act of 17 Decem­ber 2004¹¹ are pending, the data sub­ject may claim those rights in the pro­ceed­ings that they would have un­der Art­icle 41 of this Act in re­la­tion to the doc­u­ments that are the sub­ject mat­ter of the ac­cess pro­ceed­ings.

¹ The United Fed­er­al As­sembly shall elect the head of the FD­PIC (the Com­mis­sion­er).

² Any per­son with the right to vote on fed­er­al mat­ters is eli­gible for elec­tion.

³ The Com­mis­sion­er's em­ploy­ment re­la­tion­ship is gov­erned, un­less this Act provides oth­er­wise, by the Fed­er­al Per­son­nel Act of 24 March 2000¹² (FPA). The Com­mis­sion­er shall be in­sured against the fin­an­cial con­sequences of re­tire­ment, in­valid­ity and death with PUB­LICA, the Fed­er­al Pen­sion Fund. If the Com­mis­sion­er re­mains in the po­s­i­tion after reach­ing the age of 65 and so re­quests, pen­sion cov­er shall be ex­ten­ded un­til the end of the em­ploy­ment con­tract, but no later than the end of the year in which the Com­mis­sion­er at­tains the age of 68. The FD­PIC shall fin­ance the em­ploy­er’s con­tri­bu­tions.¹³

^3bis The Fed­er­al As­sembly shall is­sue the im­ple­ment­ing pro­vi­sions re­lat­ing to the Com­mis­sion­er’s em­ploy­ment con­tract in an or­din­ance.¹⁴

⁴ The Com­mis­sion­er shall ex­er­cise his or her du­ties in­de­pend­ently, without seek­ing or ac­cept­ing in­struc­tions from any au­thor­ity or third party. He or she is as­signed for ad­min­is­trat­ive pur­poses to the Fed­er­al Chan­cellery.

⁵ He or she shall have a per­man­ent sec­ret­ari­at and his or her own budget. He or she shall ap­point his or her staff.

⁶ He or she is is not sub­ject to the sys­tem of as­sess­ment un­der Art­icle 4 para­graph 3 FPA.

¹ The Com­mis­sion­er's term of of­fice amounts to four years and may be ex­ten­ded twice. It be­gins on the first day of Janu­ary fol­low­ing the start the Na­tion­al Coun­cil's le­gis­lature peri­od.

² The Com­mis­sion­er may ter­min­ate his or her em­ploy­ment con­tract at the end of any month sub­ject to a peri­od of six months' no­tice. The Ju­di­ciary Com­mit­tee may in an in­di­vidu­al case al­low the Com­mis­sion­er a short­er peri­od of no­tice if there are no sub­stan­tial in­terests that pre­clude this.¹⁵

³ The United Fed­er­al As­sembly may re­move the Com­mis­sion­er from of­fice be­fore the end of the term of of­fice if he or she:

a.

has wil­fully or through gross neg­li­gence com­mit­ted a ser­i­ous vi­ol­a­tion of his or her of­fi­cial du­ties; or

b.

has per­man­ently lost the ca­pa­city to carry out his or her of­fi­cial du­ties.

The Ju­di­ciary Com­mit­tee may is­sue a rep­rim­and if it es­tab­lishes that the Com­mis­sion­er has failed to com­ply with of­fi­cial du­ties.

The FD­PIC shall sub­mit the draft of his or her budget each year via the Fed­er­al Chan­cellery to the Fed­er­al Coun­cil. The Fed­er­al Coun­cil shall sub­mit the budget un­changed to the Fed­er­al As­sembly.

The Com­mis­sion­er may not be a mem­ber of the Fed­er­al As­sembly or the Fed­er­al Coun­cil and may not have any oth­er em­ploy­ment re­la­tion­ship with the Con­fed­er­a­tion.

¹ The Com­mis­sion­er may not have any ad­di­tion­al oc­cu­pa­tions.

² The Ju­di­cial Com­mit­tee may per­mit the Com­mis­sion­er to carry out an ad­di­tion­al oc­cu­pa­tion provided this does not ad­versely af­fect the ex­er­cise of his or her du­ties or the in­de­pend­ence and the repu­ta­tion of the FD­PIC.¹⁷ The de­cision shall be pub­lished.

In the event of any dis­pute with re­gard to the Com­mis­sion­er’s re­cus­al, the de­cision shall be taken by the pres­id­ent of the di­vi­sion of the Fed­er­al Ad­min­is­trat­ive Court that is com­pet­ent in data pro­tec­tion mat­ters.

The FD­PIC shall en­sure by means of suit­able con­trol meas­ures, in par­tic­u­lar in re­la­tion to data se­cur­ity, that the leg­ally com­pli­ant im­ple­ment­a­tion of data pro­tec­tion reg­u­la­tions un­der fed­er­al law is guar­an­teed with­in his or her of­fice.

¹ The FD­PIC shall open an in­vest­ig­a­tion in­to a fed­er­al body or a private per­son ex of­fi­cio or in re­sponse to a re­port if there are suf­fi­cient in­dic­a­tions that a data pro­cessing activ­ity could vi­ol­ate data pro­tec­tion reg­u­la­tions.

² It may re­frain from open­ing an in­vest­ig­a­tion if the vi­ol­a­tion of data pro­tec­tion reg­u­la­tions is of minor im­port­ance.

³ The fed­er­al body or the private per­son shall provide the FD­PIC with all the in­form­a­tion and doc­u­ments that is needed for the in­vest­ig­a­tion. The right to re­fuse to provide in­form­a­tion is gov­erned by the Art­icles 16 and 17 of the APA¹⁹, un­less Art­icle 50 para­graph 2 of this Act provides oth­er­wise.

⁴ If the data sub­ject has filed a re­port, the FD­PIC shall in­form them about the steps taken in re­sponse and the res­ult of any in­vest­ig­a­tion.

¹ If the fed­er­al body or the private per­son fails to ful­fil the du­ties to co­oper­ate, the FD­PIC may as part of the in­vest­ig­a­tion or­der the fol­low­ing in par­tic­u­lar:

a.

ac­cess to all in­form­a­tion, doc­u­ments, re­cords of pro­cessing activ­it­ies and per­son­al data that are re­quired for the in­vest­ig­a­tion;

b.

ac­cess to premises and in­stall­a­tions;

c.

ques­tion­ing of wit­nesses;

d.

ap­prais­als by ex­perts.

² Pro­fes­sion­al secrecy re­mains re­served.

³ In or­der to en­force the meas­ures un­der para­graph 1 the FD­PIC may re­quest sup­port from oth­er fed­er­al au­thor­it­ies and from the can­ton­al or com­mun­al po­lice.

¹ If data pro­tec­tion reg­u­la­tions have been vi­ol­ated, the FD­PIC may or­der that the pro­cessing be mod­i­fied, sus­pen­ded or ter­min­ated, wholly or in part, and the per­son­al data de­leted or des­troyed, wholly or in part.

² It may delay or pro­hib­it dis­clos­ure abroad if this vi­ol­ates the re­quire­ments of Art­icle 16 or 17 or pro­vi­sions re­lat­ing to the dis­clos­ure of per­son­al data abroad in oth­er fed­er­al acts.

³ It may in par­tic­u­lar or­der that the fed­er­al body or the private per­son:

a.

provide him or her with in­form­a­tion in ac­cord­ance with Art­icles 16 para­graph 2 let­ters b and c and 17 para­graph 2;

b.

take the meas­ures in ac­cord­ance with Art­icles 7 and 8;

c.

in­form the data sub­jects in ac­cord­ance with Art­icles 19 and 21;

d.

con­duct a data pro­tec­tion im­pact as­sess­ment in ac­cord­ance with Art­icle 22;

e.

con­sult him or her in ac­cord­ance with Art­icle 23;

f.

provide him or her or, if ap­plic­able, the data sub­ject with in­form­a­tion in ac­cord­ance with Art­icle 24;

g.

provide the data sub­ject with the in­form­a­tion spe­cified in Art­icle 25.

⁴ It may also or­der that private con­trol­lers with re­gistered of­fice or dom­i­cile abroad ap­point a rep­res­ent­at­ive in ac­cord­ance with Art­icle 14.

⁵ If the fed­er­al body or the private per­son has taken the re­quired meas­ures dur­ing the in­vest­ig­a­tion in or­der to re­store com­pli­ance with the data pro­tec­tion reg­u­la­tions, the FD­PIC may simply is­sue an of­fi­cial warn­ing.

¹ The in­vest­ig­a­tion pro­ceed­ings and rul­ings un­der Art­icles 50 and 51 are gov­erned by the APA²⁰.

² The only party is the fed­er­al body or the private per­son against which or whom an in­vest­ig­a­tion has been opened.

³ The FD­PIC may con­test ap­peal de­cisions of the Fed­er­al Ad­min­is­trat­ive Court.

¹ Fed­er­al ad­min­is­trat­ive au­thor­it­ies that su­per­vise private per­sons or or­gan­isa­tions out­side the Fed­er­al Ad­min­is­tra­tion in ac­cord­ance with an­oth­er fed­er­al act shall in­vite the FD­PIC to com­ment be­fore they is­sue a rul­ing that relates to data pro­tec­tion is­sues.

² If the FD­PIC is con­duct­ing his or her own in­vest­ig­a­tion against the same party, the two au­thor­it­ies shall co­ordin­ate their pro­ceed­ings.

¹ Fed­er­al au­thor­it­ies and can­ton­al au­thor­it­ies shall provide the FD­PIC with the in­form­a­tion and per­son­al data that it re­quires to ful­fil its stat­utory du­ties.

² The FD­PIC shall provide the fol­low­ing au­thor­it­ies with the in­form­a­tion and per­son­al data that they re­quire to ful­fil their stat­utory du­ties:

a.

the au­thor­it­ies re­spons­ible for data pro­tec­tion in Switzer­land;

b.

the com­pet­ent pro­sec­u­tion au­thor­it­ies, where the mat­ter relates to an of­fence re­por­ted un­der Art­icle 65 para­graph 2;

c.

the fed­er­al au­thor­it­ies and the can­ton­al and com­mun­al po­lice for the im­ple­ment­a­tion of meas­ures in ac­cord­ance with Art­icles 50 para­graph 3 and 51.

¹ The FD­PIC may ex­change in­form­a­tion or per­son­al data with for­eign au­thor­it­ies that are re­spons­ible for data pro­tec­tion in or­der that they may ful­fil their re­spect­ive stat­utory du­ties in re­la­tion to data pro­tec­tion, provided the fol­low­ing re­quire­ments are sat­is­fied:

a.

Re­cipro­city with re­gard to ad­min­is­trat­ive as­sist­ance is guar­an­teed.

b.

The in­form­a­tion and per­son­al data are used only in the pro­ceed­ings re­lated to data pro­tec­tion that are the sub­ject of the re­quest for ad­min­is­trat­ive as­sist­ance.

c.

The re­cip­i­ent au­thor­ity un­der­takes to pre­serve pro­fes­sion­al secrecy as well as trade and man­u­fac­tur­ing secrecy.

d.

The in­form­a­tion and per­son­al data are only dis­closed to third parties if the au­thor­ity that provided them gives its ap­prov­al be­fore­hand.

e.

The re­cip­i­ent au­thor­ity un­der­takes to com­ply with the re­quire­ments and re­stric­tions im­posed by the au­thor­ity that provided the in­form­a­tion and per­son­al data.

² In or­der to jus­ti­fy its re­quest for ad­min­is­trat­ive as­sist­ance or to com­ply with the re­quest from an au­thor­ity, the FD­PIC may provide the fol­low­ing in­form­a­tion in par­tic­u­lar:

a.

the iden­tity of the con­trol­ler, of the pro­cessor or of oth­er third parties in­volved;

b.

the cat­egor­ies of data sub­jects;

c.

the iden­tity the data sub­jects, provided:

1.

the data sub­jects have con­sen­ted, or

2.

dis­clos­ure of the iden­tity of the data sub­jects is es­sen­tial for the FD­PIC or the for­eign au­thor­ity to ful­fil stat­utory du­ties;

d.

pro­cessed per­son­al data or cat­egor­ies of pro­cessed per­son­al data;

e.

the pur­pose of pro­cessing;

f.

the re­cip­i­ents or the cat­egor­ies of re­cip­i­ents;

g.

tech­nic­al and or­gan­isa­tion­al meas­ures.

³ Be­fore the FD­PIC provides in­form­a­tion that may in­clude pro­fes­sion­al, trade or man­u­fac­tur­ing secrets to a for­eign au­thor­ity, it shall in­form the nat­ur­al per­sons or leg­al en­tit­ies con­cerned that hold these secrets, and in­vite them to com­ment, un­less this is not pos­sible or re­quires dis­pro­por­tion­ate ef­fort.

The FD­PIC shall keep a re­gister of the pro­cessing activ­it­ies of fed­er­al bod­ies. The re­gister shall be pub­lished.

¹ The FD­PIC shall sub­mit a re­port on his or her activ­it­ies to the Fed­er­al As­sembly every year. He or she shall sub­mit the re­port to the Fed­er­al Coun­cil at the same time. The re­port shall be pub­lished.

² In cases of gen­er­al in­terest, the FD­PIC shall in­form the pub­lic about its find­ings and rul­ings.

¹ The FD­PIC shall also carry out the fol­low­ing tasks in par­tic­u­lar:

a.

It shall in­form, train and ad­vise fed­er­al bod­ies and private per­sons on data pro­tec­tion mat­ters.

b.

It shall sup­port the can­ton­al bod­ies and work with Swiss and for­eign au­thor­it­ies that are re­spons­ible for data pro­tec­tion.

c.

It shall raise pub­lic aware­ness, and in par­tic­u­lar that of per­sons in need of pro­tec­tion, in re­la­tion to data pro­tec­tion.

d.

It shall provide data sub­jects on re­quest with in­form­a­tion on how they may ex­er­cise their rights.

e.

It shall com­ment on draft fed­er­al le­gis­la­tion and meas­ures that in­volve data pro­cessing.

f.

It shall carry out the du­ties as­signed to it un­der the Free­dom of In­form­a­tion Act of 17 Decem­ber 2004²¹ or oth­er fed­er­al acts.

g.

It shall de­vel­op work­ing in­stru­ments as re­com­mend­a­tions of good prac­tice for use by con­trol­lers, pro­cessors and data sub­jects; for this pur­pose, it shall take in­to ac­count the spe­cif­ics of the field con­cerned and the need to pro­tect vul­ner­able per­sons.

² It may also ad­vise fed­er­al bod­ies that are not sub­ject to his or her su­per­vi­sion in ac­cord­ance with Art­icles 2 and 4. The fed­er­al bod­ies may al­low him or her to in­spect files.

³ The FD­PIC has the power to de­clare to for­eign au­thor­it­ies that are re­spons­ible for data pro­tec­tion that dir­ect ser­vice is per­mit­ted in re­la­tion to data pro­tec­tion in Switzer­land, provided Switzer­land is gran­ted re­cip­roc­al rights.

¹ The FD­PIC shall charge private per­sons fees for:

a.

its opin­ion on a code of con­duct in ac­cord­ance with Art­icle 11 para­graph 2;

b.

the ap­prov­al of stand­ard data pro­tec­tion clauses and bind­ing cor­por­ate rules in ac­cord­ance with Art­icle 16 para­graph 2 let­ters d and e;

c.

con­sulta­tion in con­nec­tion with a data pro­tec­tion im­pact as­sess­ment in ac­cord­ance with Art­icle 23 para­graph 2;

d.

pre­cau­tion­ary meas­ures and meas­ures un­der Art­icle 51;

e.

ad­vice on data pro­tec­tion is­sues in ac­cord­ance with Art­icle 58 para­graph 1 let­ter a.

² The Fed­er­al Coun­cil shall spe­cify the amount of the fees.

³ It may stip­u­late the cases in which it is pos­sible to waive or re­duce a fee.

¹ On com­plaint, a fine not ex­ceed­ing 250,000 francs shall be im­posed on private per­sons who:

a.

vi­ol­ate their du­ties un­der Art­icles 19, 21 and 25–27, in that they wil­fully provide false or in­com­plete in­form­a­tion;

b.

fail wil­fully:

1.

to provide in­form­a­tion to the data sub­ject in ac­cord­ance with Art­icles 19 para­graph 1 and 21 para­graph 1, or

2.

to provide the data sub­ject with the in­form­a­tion spe­cified in Art­icle 19 para­graph 2.

² A fine not ex­ceed­ing 250,000 francs shall be im­posed on private per­sons who, in vi­ol­a­tion of Art­icle 49 para­graph 3, wil­fully provide the FD­PIC with false in­form­a­tion or wil­fully fail to co­oper­ate in the course of an in­vest­ig­a­tion.

On com­plaint, a fine not ex­ceed­ing 250,000 francs shall be im­posed on private per­sons who wil­fully:

a.

dis­close per­son­al data abroad in vi­ol­a­tion of Art­icle 16 para­graphs 1 and 2 without sat­is­fy­ing the re­quire­ments of Art­icle 17;

b.

as­sign the data pro­cessing to a pro­cessor without sat­is­fy­ing the re­quire­ments of Art­icle 9 para­graphs 1 and 2;

c.

fail to com­ply with the min­im­um re­quire­ments for data se­cur­ity stip­u­lated by the Fed­er­al Coun­cil in Art­icle 8 para­graph 3.

¹ Any per­son who, while prac­tising his or her pro­fes­sion, ac­quires know­ledge of secret per­son­al data for the pur­pose of that pro­fes­sion but there­after wil­fully dis­closes such data shall on com­plaint be li­able to a fine not ex­ceed­ing 250,000 francs.

² The same pen­alty shall ap­ply to any per­son who wil­fully dis­closes secret per­son­al data that has come to his or her know­ledge while car­ry­ing on an activ­ity for or while train­ing with a per­son sub­ject to a duty of con­fid­en­ti­al­ity.

³ The dis­clos­ure of secret per­son­al data after ceas­ing to prac­tise a pro­fes­sion or after com­plet­ing train­ing is also a crim­in­al of­fence.

Any private per­son who wil­fully fails to com­ply with a rul­ing is­sued by the FD­PIC or a de­cision of the ap­peal courts that refers to the pen­alty un­der this Art­icle shall be li­able to a fine not ex­ceed­ing 250,000 francs.

¹ The crim­in­al li­ab­il­ity of busi­nesses is gov­erned by Art­icles 6 and 7 of the Fed­er­al Act of 22 March 1974²² on Ad­min­is­trat­ive Crim­in­al Law (ACLA).

² If a fine not ex­ceed­ing 50,000 francs is un­der con­sid­er­a­tion and if the iden­ti­fic­a­tion of the per­pet­rat­ors in ac­cord­ance with Art­icle 6 ACLA re­quires meas­ures that would be dis­pro­por­tion­ate in view of the po­ten­tial pen­alty, the au­thor­ity may de­cide not to pur­sue these per­sons but in­stead to or­der the busi­ness to pay the fine (Art. 7 ACLA).

¹ The pro­sec­u­tion and the ad­ju­dic­a­tion of crim­in­al acts is a mat­ter for the can­tons.

² The FD­PIC may file a com­plaint with the com­pet­ent pro­sec­u­tion au­thor­ity and ex­er­cise the rights of a private claimant in the pro­ceed­ings.

Pro­sec­u­tion is sub­ject to a stat­ute of lim­it­a­tions of five years.

The Fed­er­al Coun­cil may con­clude in­ter­na­tion­al treat­ies re­lat­ing to:

a.

in­ter­na­tion­al co­oper­a­tion between data pro­tec­tion au­thor­it­ies;

b.

the mu­tu­al ac­know­ledge­ment of an ad­equate level of pro­tec­tion for the dis­clos­ure of per­son­al data abroad.

The re­peal and the amend­ment of oth­er le­gis­la­tion are reg­u­lated in An­nex 1.

Art­icles 7, 22 and 23 do not ap­ply to data pro­cessing that began be­fore this Act comes in­to force, provided the pur­pose of pro­cessing re­mains un­changed and no new data are col­lec­ted.

This Act does not ap­ply to FD­PIC in­vest­ig­a­tions that are on­go­ing at the time that it comes in­to force; like­wise, this Act does not ap­ply to ap­peals pending against first in­stance de­cisions is­sued be­fore it comes in­to force. Such cases are gov­erned by the pre­vi­ous law.

For fed­er­al bod­ies, reg­u­la­tions in oth­er fed­er­al le­gis­la­tion that re­late to per­son­al data shall con­tin­ue to ap­ply to the data of leg­al en­tit­ies for five years from the date on which this Act come in­to force. In par­tic­u­lar fed­er­al bod­ies may con­tin­ue to dis­close the data of leg­al en­tit­ies in ac­cord­ance with Art­icle 57s para­graphs 1 and 2 of the Gov­ern­ment and Ad­min­is­tra­tion Or­gan­isa­tion Act of 21 March 1997²³ for five years from the date on which this Act come in­to force if there is a leg­al basis that au­thor­ises them to dis­close per­son­al data.

¹ The elec­tion of the Com­mis­sion­er and the ter­min­a­tion of his or her term of of­fice shall be gov­erned by the pre­vi­ous law un­til the end of the le­gis­lature peri­od in which this Act comes in­to force.

² If the in­cum­bent is elec­ted in the first vote of the United Fed­er­al As­sembly to elect the Com­mis­sion­er, the Com­mis­sion­er’s new term of of­fice be­gins on the day after the elec­tion.²⁴

If the Com­mis­sion­er’s em­ploy­ment con­tract was based on the pre­vi­ous law, the pre­vi­ous law con­tin­ues to ap­ply.

Co­ordin­a­tion with oth­er en­act­ments is reg­u­lated in An­nex 2.

¹ This Act is sub­ject to an op­tion­al ref­er­en­dum.

² The Fed­er­al Coun­cil shall de­term­ine the com­mence­ment date.

Com­mence­ment date: 1 Septem­ber 2023²⁶