Federal Act on Data Protection

This Act aims to pro­tect the pri­vacy and the fun­da­ment­al rights of per­sons when their data is pro­cessed.

¹This Act ap­plies to the pro­cessing of data per­tain­ing to nat­ur­al per­sons and leg­al per­sons by:

a.

private per­sons;

b.

fed­er­al bod­ies.

²It does not ap­ply to:

a.

per­son­al data that is pro­cessed by a nat­ur­al per­son ex­clus­ively for per­son­al use and which is not dis­closed to out­siders;

b.

de­lib­er­a­tions of the Fed­er­al As­sembly and in par­lia­ment­ary com­mit­tees;

c.

pending civil pro­ceed­ings, crim­in­al pro­ceed­ings, in­ter­na­tion­al mu­tu­al as­sist­ance pro­ceed­ings and pro­ceed­ings un­der con­sti­tu­tion­al or un­der ad­min­is­trat­ive law, with the ex­cep­tion of ad­min­is­trat­ive pro­ceed­ings of first in­stance;

d.

pub­lic re­gisters based on private law;

e.

per­son­al data pro­cessed by the In­ter­na­tion­al Com­mit­tee of the Red Cross.

The fol­low­ing defin­i­tions ap­ply:

a.

per­son­al data (data): all in­form­a­tion re­lat­ing to an iden­ti­fied or iden­ti­fi­able per­son;

b.

data sub­jects: nat­ur­al or leg­al per­sons whose data is pro­cessed;

c.

sens­it­ive per­son­al data: data on:

1.

re­li­gious, ideo­lo­gic­al, polit­ic­al or trade uni­on-re­lated views or activ­it­ies,

2.

health, the in­tim­ate sphere or the ra­cial ori­gin,

3.

so­cial se­cur­ity meas­ures,

4.

ad­min­is­trat­ive or crim­in­al pro­ceed­ings and sanc­tions;

d.

per­son­al­ity pro­file: a col­lec­tion of data that per­mits an as­sess­ment of es­sen­tial char­ac­ter­ist­ics of the per­son­al­ity of a nat­ur­al per­son;

e.

pro­cessing: any op­er­a­tion with per­son­al data, ir­re­spect­ive of the means ap­plied and the pro­ced­ure, and in par­tic­u­lar the col­lec­tion, stor­age, use, re­vi­sion, dis­clos­ure, archiv­ing or de­struc­tion of data;

f.

dis­clos­ure: mak­ing per­son­al data ac­cess­ible, for ex­ample by per­mit­ting ac­cess, trans­mis­sion or pub­lic­a­tion;

g.

data file: any set of per­son­al data that is struc­tured in such a way that the data is ac­cess­ible by data sub­ject;

h.

fed­er­al bod­ies: fed­er­al au­thor­it­ies and ser­vices as well as per­sons who are en­trus­ted with fed­er­al pub­lic tasks;

i.¹

con­trol­ler of the data file: private per­sons or fed­er­al bod­ies that de­cide on the pur­pose and con­tent of a data file;

j.²

form­al en­act­ment:

1.

fed­er­al acts,

2.

de­crees of in­ter­na­tion­al or­gan­isa­tions that are bind­ing on Switzer­land and in­ter­na­tion­al treat­ies con­tain­ing leg­al rules that are ap­proved by the Fed­er­al As­sembly;

k.³

…

¹Per­son­al data may only be pro­cessed law­fully.¹

²Its pro­cessing must be car­ried out in good faith and must be pro­por­tion­ate.

³Per­son­al data may only be pro­cessed for the pur­pose in­dic­ated at the time of col­lec­tion, that is evid­ent from the cir­cum­stances, or that is provided for by law.

⁴The col­lec­tion of per­son­al data and in par­tic­u­lar the pur­pose of its pro­cessing must be evid­ent to the data sub­ject.²

⁵If the con­sent of the data sub­ject is re­quired for the pro­cessing of per­son­al data, such con­sent is val­id only if giv­en vol­un­tar­ily on the pro­vi­sion of ad­equate in­form­a­tion. Ad­di­tion­ally, con­sent must be giv­en ex­pressly in the case of pro­cessing of sens­it­ive per­son­al data or per­son­al­ity pro­files.³

¹Any­one who pro­cesses per­son­al data must make cer­tain that it is cor­rect. He must take all reas­on­able meas­ures to en­sure that data that is in­cor­rect or in­com­plete in view of the pur­pose of its col­lec­tion is either cor­rec­ted or des­troyed.¹

²Any data sub­ject may re­quest that in­cor­rect data be cor­rec­ted.

¹Per­son­al data may not be dis­closed abroad if the pri­vacy of the data sub­jects would be ser­i­ously en­dangered thereby, in par­tic­u­lar due to the ab­sence of le­gis­la­tion that guar­an­tees ad­equate pro­tec­tion.

²In the ab­sence of le­gis­la­tion that guar­an­tees ad­equate pro­tec­tion, per­son­al data may be dis­closed abroad only if:

a.

suf­fi­cient safe­guards, in par­tic­u­lar con­trac­tu­al clauses, en­sure an ad­equate level of pro­tec­tion abroad;

b.

the data sub­ject has con­sen­ted in the spe­cif­ic case;

c.

the pro­cessing is dir­ectly con­nec­ted with the con­clu­sion or the per­form­ance of a con­tract and the per­son­al data is that of a con­trac­tu­al party;

d.

dis­clos­ure is es­sen­tial in the spe­cif­ic case in or­der either to safe­guard an over­rid­ing pub­lic in­terest or for the es­tab­lish­ment, ex­er­cise or en­force­ment of leg­al claims be­fore the courts;

e.

dis­clos­ure is re­quired in the spe­cif­ic case in or­der to pro­tect the life or the phys­ic­al in­teg­rity of the data sub­ject;

f.

the data sub­ject has made the data gen­er­ally ac­cess­ible and has not ex­pressly pro­hib­ited its pro­cessing;

g.

dis­clos­ure is made with­in the same leg­al per­son or com­pany or between leg­al per­sons or com­pan­ies that are un­der the same man­age­ment, provided those in­volved are sub­ject to data pro­tec­tion rules that en­sure an ad­equate level of pro­tec­tion.

³The Fed­er­al Data Pro­tec­tion and In­form­a­tion Com­mis­sion­er (the Com­mis­sion­er, Art. 26) must be in­formed of the safe­guards un­der para­graph 2 let­ter a and the data pro­tec­tion rules un­der para­graph 2 let­ter g. The Fed­er­al Coun­cil reg­u­lates the de­tails of this duty to provide in­form­a­tion.

¹Per­son­al data must be pro­tec­ted against un­au­thor­ised pro­cessing through ad­equate tech­nic­al and or­gan­isa­tion­al meas­ures.

²The Fed­er­al Coun­cil is­sues de­tailed pro­vi­sions on the min­im­um stand­ards for data se­cur­ity.

¹Any per­son may re­quest in­form­a­tion from the con­trol­ler of a data file as to wheth­er data con­cern­ing them is be­ing pro­cessed.

²The con­trol­ler of a data file must no­ti­fy the data sub­ject:¹

a.²

of all avail­able data con­cern­ing the sub­ject in the data file, in­clud­ing the avail­able in­form­a­tion on the source of the data;

b.

the pur­pose of and if ap­plic­able the leg­al basis for the pro­cessing as well as the cat­egor­ies of the per­son­al data pro­cessed, the oth­er parties in­volved with the file and the data re­cip­i­ent.

³The con­trol­ler of a data file may ar­range for data on the health of the data sub­ject to be com­mu­nic­ated by a doc­tor des­ig­nated by the sub­ject.

⁴If the con­trol­ler of a data file has per­son­al data pro­cessed by a third party, the con­trol­ler re­mains un­der an ob­lig­a­tion to provide in­form­a­tion. The third party is un­der an ob­lig­a­tion to provide in­form­a­tion if he does not dis­close the iden­tity of the con­trol­ler or if the con­trol­ler is not dom­i­ciled in Switzer­land.

⁵The in­form­a­tion must nor­mally be provided in writ­ing, in the form of a prin­tout or a pho­to­copy, and is free of charge. The Fed­er­al Coun­cil reg­u­lates ex­cep­tions.

⁶No one may waive the right to in­form­a­tion in ad­vance.

¹The con­trol­ler of a data file may re­fuse, re­strict or de­fer the pro­vi­sion of in­form­a­tion where:

a.

a form­al en­act­ment so provides;

b.

this is re­quired to pro­tect the over­rid­ing in­terests of third parties.

²A fed­er­al body may fur­ther re­fuse, re­strict or de­fer the pro­vi­sion of in­form­a­tion where:

a.

this is re­quired to pro­tect over­rid­ing pub­lic in­terests, and in par­tic­u­lar the in­tern­al or ex­tern­al se­cur­ity of the Con­fed­er­a­tion;

b.

the in­form­a­tion would jeop­ard­ise the out­come of a crim­in­al in­vest­ig­a­tion or any oth­er in­vest­ig­a­tion pro­ceed­ings.

³As soon as the reas­on for re­fus­ing, re­strict­ing or de­fer­ring the pro­vi­sion of in­form­a­tion ceases to ap­ply, the fed­er­al body must provide the in­form­a­tion un­less this is im­possible or only pos­sible with dis­pro­por­tion­ate in­con­veni­ence or ex­pense.

⁴The private con­trol­ler of a data file may fur­ther re­fuse, re­strict or de­fer the pro­vi­sion of in­form­a­tion where his own over­rid­ing in­terests so re­quire and he does not dis­close the per­son­al data to third parties.

⁵The con­trol­ler of a data file must in­dic­ate the reas­on why he has re­fused, re­stric­ted or de­ferred ac­cess to in­form­a­tion.

¹The con­trol­ler of a data file that is used ex­clus­ively for pub­lic­a­tion in the ed­ited sec­tion of a peri­od­ic­ally pub­lished me­di­um may re­fuse to provide in­form­a­tion, lim­it the in­form­a­tion or de­fer its pro­vi­sion provided:

a.

the per­son­al data re­veals the sources of the in­form­a­tion;

b.

ac­cess to the drafts of pub­lic­a­tions would have to be giv­en;

c.

the free­dom of the pub­lic to form its opin­ion would be pre­ju­diced.

²Journ­al­ists may also re­fuse re­strict or de­fer in­form­a­tion if the data file is be­ing used ex­clus­ively as a per­son­al work aid.

¹The pro­cessing of per­son­al data may be as­signed to third parties by agree­ment or by law if:

a.

the data is pro­cessed only in the man­ner per­mit­ted for the in­struct­ing party it­self; and

b.

it is not pro­hib­ited by a stat­utory or con­trac­tu­al duty of con­fid­en­ti­al­ity.

²The in­struct­ing party must in par­tic­u­lar en­sure that the third party guar­an­tees data se­cur­ity.

³Third parties may claim the same jus­ti­fic­a­tion as the in­struct­ing party.

¹In or­der to im­prove data pro­tec­tion and data se­cur­ity, the man­u­fac­tur­ers of data pro­cessing sys­tems or pro­grams as well as private per­sons or fed­er­al bod­ies that pro­cess per­son­al data may sub­mit their sys­tems, pro­ced­ures and or­gan­isa­tion for eval­u­ation by re­cog­nised in­de­pend­ent cer­ti­fic­a­tion or­gan­isa­tions.

²The Fed­er­al Coun­cil shall is­sue reg­u­la­tions on the re­cog­ni­tion of cer­ti­fic­a­tion pro­ced­ures and the in­tro­duc­tion of a data pro­tec­tion qual­ity la­bel. In do­ing so, it shall take ac­count of in­ter­na­tion­al law and the in­ter­na­tion­ally re­cog­nised tech­nic­al stand­ards.

¹The Com­mis­sion­er main­tains a re­gister of data files that is ac­cess­ible on­line. Any­one may con­sult the re­gister.

²Fed­er­al bod­ies must de­clare all their data files to the Com­mis­sion­er in or­der to have them re­gistered.

³Private per­sons must de­clare their data files if:

a.

they reg­u­larly pro­cess sens­it­ive per­son­al data or per­son­al­ity pro­files; or

b.

they reg­u­larly dis­close per­son­al data to third parties.

⁴The data files must be de­clared be­fore they are opened.

⁵In derog­a­tion from the pro­vi­sions in para­graphs 2 and 3, the con­trol­ler of data files is not re­quired to de­clare his files if:

a.

private per­sons are pro­cessing the data in terms of a stat­utory ob­lig­a­tion;

b.

the Fed­er­al Coun­cil has ex­emp­ted the pro­cessing from the re­gis­tra­tion re­quire­ment be­cause it does not pre­ju­dice the rights of the data sub­jects;

c.

he uses the data ex­clus­ively for pub­lic­a­tion in the ed­ited sec­tion of a peri­od­ic­ally pub­lished me­di­um and does not pass on any data to third parties without in­form­ing the data sub­jects;

d.

the data is pro­cessed by journ­al­ists who use the data file ex­clus­ively as a per­son­al work aid;

e.

he has des­ig­nated a data pro­tec­tion of­ficer who in­de­pend­ently mon­it­ors in­tern­al com­pli­ance with data pro­tec­tion reg­u­la­tions and main­tains a list of the data files;

f.

he has ac­quired a data pro­tec­tion qual­ity mark un­der a cer­ti­fic­a­tion pro­ced­ure in ac­cord­ance with Art­icle 11 and has no­ti­fied the Com­mis­sion­er of the res­ult of the eval­u­ation.

⁶The Fed­er­al Coun­cil reg­u­lates the mod­al­it­ies for the de­clar­a­tion of data files for re­gis­tra­tion, the main­ten­ance and the pub­lic­a­tion of the re­gister, the ap­point­ment and du­ties of the data pro­tec­tion of­ficer un­der para­graph 5 let­ter e and the pub­lic­a­tion of a list of con­trol­lers of data files that are re­lieved of the re­port­ing ob­lig­a­tion un­der para­graph 5 let­ters e and f.

¹Any­one who pro­cesses per­son­al data must not un­law­fully breach the pri­vacy of the data sub­jects in do­ing so.

²In par­tic­u­lar, he must not:

a.

pro­cess per­son­al data in con­tra­ven­tion of the prin­ciples of Art­icles 4, 5 para­graph 1 and 7 para­graph 1;

b.

pro­cess data per­tain­ing to a per­son against that per­son's ex­press wish without jus­ti­fic­a­tion;

c.

dis­close sens­it­ive per­son­al data or per­son­al­ity pro­files to third parties without jus­ti­fic­a­tion.¹

³Nor­mally there is no breach of pri­vacy if the data sub­ject has made the data gen­er­ally ac­cess­ible and has not ex­pressly pro­hib­ited its pro­cessing.

¹A breach of pri­vacy is un­law­ful un­less it is jus­ti­fied by the con­sent of the in­jured party, by an over­rid­ing private or pub­lic in­terest or by law.

²An over­rid­ing in­terest of the per­son pro­cessing the data shall in par­tic­u­lar be con­sidered if that per­son:

a.

pro­cesses per­son­al data in dir­ect con­nec­tion with the con­clu­sion or the per­form­ance of a con­tract and the per­son­al data is that of a con­trac­tu­al party;

b.

is or in­tends to be in com­mer­cial com­pet­i­tion with an­oth­er and for this pur­pose pro­cesses per­son­al data without dis­clos­ing the data to third parties;

c.

pro­cess data that is neither sens­it­ive per­son­al data nor a per­son­al­ity pro­file in or­der to veri­fy the cred­it­wor­thi­ness of an­oth­er, and dis­closes such data to third parties only if the data is re­quired for the con­clu­sion or the per­form­ance of a con­tract with the data sub­ject;

d.

pro­cesses per­son­al data on a pro­fes­sion­al basis ex­clus­ively for pub­lic­a­tion in the ed­ited sec­tion of a peri­od­ic­ally pub­lished me­di­um;

e.

pro­cesses per­son­al data for pur­poses not re­lat­ing to a spe­cif­ic per­son, in par­tic­u­lar for the pur­poses of re­search, plan­ning and stat­ist­ics and pub­lishes the res­ults in such a man­ner that the data sub­jects may not be iden­ti­fied;

f.

col­lects data on a per­son of pub­lic in­terest, provided the data relates to the pub­lic activ­it­ies of that per­son.

¹The con­trol­ler of the data file is ob­liged to in­form the data sub­ject of the col­lec­tion of sens­it­ive per­son­al data or per­son­al­ity pro­files; this duty to provide in­form­a­tion also ap­plies where the data is col­lec­ted from third parties.

²The data sub­ject must be no­ti­fied as a min­im­um of the fol­low­ing:

a.

the con­trol­ler of the data file;

b.

the pur­pose of the pro­cessing;

c.

the cat­egor­ies of data re­cip­i­ents if a dis­clos­ure of data is planned.

³If the data is not col­lec­ted from the data sub­ject, the data sub­ject must be in­formed at the latest when the data is stored or if the data is not stored, on its first dis­clos­ure to a third party.

⁴The duty of the con­trol­ler of the data file to provide in­form­a­tion ceases to ap­ply if the data sub­ject has already been in­formed or, in cases un­der para­graph 3, if:

a.

the stor­age or the dis­clos­ure of the data is ex­pressly provided for by law; or

b.

the pro­vi­sion of in­form­a­tion is not pos­sible or pos­sible only with dis­pro­por­tion­ate in­con­veni­ence or ex­pense.

⁵The con­trol­ler of the data file may re­fuse, re­strict or de­fer the pro­vi­sion of in­form­a­tion sub­ject to the re­quire­ments of Art­icle 9 para­graphs 1 and 4.

¹Ac­tions re­lat­ing to pro­tec­tion of pri­vacy are gov­erned by Art­icles 28, 28a and 28l of the Civil Code². The plaintiff may in par­tic­u­lar re­quest that data pro­cessing be stopped, that no data be dis­closed to third parties, or that the per­son­al data be cor­rec­ted or des­troyed.

²Where it is im­possible to demon­strate that per­son­al data is ac­cur­ate or in­ac­cur­ate, the plaintiff may re­quest that a note to this ef­fect be ad­ded to the data.

³The plaintiff may re­quest that no­ti­fic­a­tion of third parties or the pub­lic­a­tion of the cor­rec­tion, de­struc­tion, block­ing, and in par­tic­u­lar the pro­hib­i­tion of dis­clos­ure to third parties, the mark­ing of the data as dis­puted or the court judg­ment.

⁴Ac­tions on the en­force­ment of a right to in­form­a­tion shall be de­cided by the courts in a sim­pli­fied pro­ced­ure un­der the Civil Pro­ced­ure Code of 19 Decem­ber 2008³.

¹The fed­er­al body that pro­cesses or ar­ranges for the pro­cessing of per­son­al data in ful­fil­ment of its tasks is re­spons­ible for data pro­tec­tion.

²If fed­er­al bod­ies pro­cess per­son­al data to­geth­er with oth­er fed­er­al bod­ies, with can­ton­al bod­ies or with private per­sons, the Fed­er­al Coun­cil may spe­cific­ally reg­u­late the con­trol of and re­spons­ib­il­ity for data pro­tec­tion.²

¹Fed­er­al bod­ies may pro­cess per­son­al data if there is a stat­utory basis for do­ing so.

²They may pro­cess sens­it­ive per­son­al data and per­son­al­ity pro­files only if a form­al en­act­ment ex­pressly provides there­for or if, by way of ex­cep­tion:

a.

such pro­cessing is es­sen­tial for a task clearly defined in a form­al en­act­ment;

b.

the Fed­er­al Coun­cil au­thor­ises pro­cessing in an in­di­vidu­al case be­cause the rights of the data sub­ject are not en­dangered; or

c.

the data sub­ject has giv­en his con­sent in an in­di­vidu­al case or made his data gen­er­al ac­cess­ible and has not ex­pressly pro­hib­ited its pro­cessing.¹

¹The Fed­er­al Coun­cil may, hav­ing con­sul­ted the Com­mis­sion­er and be­fore a form­al en­act­ment comes in­to force, ap­prove the auto­mated pro­cessing of sens­it­ive per­son­al data or per­son­al­ity pro­files if:

a.

the tasks that re­quire such pro­cessing re­quired are reg­u­lated in a form­al en­act­ment;

b.

ad­equate meas­ures are taken to pre­vent breaches of pri­vacy;

c.

a test phase be­fore the form­al en­act­ment comes in­to force is in­dis­pens­able for the prac­tic­al im­ple­ment­a­tion of data pro­cessing.

²A test phase may be man­dat­ory for the prac­tic­al im­ple­ment­a­tion of data pro­cessing if:

a.

the ful­fil­ment of a task re­quires tech­nic­al in­nov­a­tions, the ef­fects of which must first be eval­u­ated;

b.

the ful­fil­ment of a task re­quires sig­ni­fic­ant or­gan­isa­tion­al or tech­nic­al meas­ures, the ef­fect­ive­ness of which must first be tested, in par­tic­u­lar in the case of co­oper­a­tion between fed­er­al and the can­ton­al bod­ies; or

c.

pro­cessing re­quires that sens­it­ive per­son­al data or per­son­al­ity pro­files be trans­mit­ted on­line to can­ton­al au­thor­it­ies.

³The Fed­er­al Coun­cil shall reg­u­late the mod­al­it­ies of auto­mated data pro­cessing in an or­din­ance.

⁴The com­pet­ent fed­er­al body shall provide the Fed­er­al Coun­cil with an eval­u­ation re­port at the latest with­in two years of the pi­lot sys­tem com­ing in­to op­er­a­tion. The re­port con­tains a pro­pos­al on wheth­er the pro­cessing should be con­tin­ued or ter­min­ated.

⁵Auto­mated data pro­cessing must be ter­min­ated in every case if with­in five years of the pi­lot sys­tems com­ing in­to op­er­a­tion no form­al en­act­ment has come in force that con­tains the re­quired leg­al basis.

¹In the case of sys­tem­at­ic sur­veys, in par­tic­u­lar by means of ques­tion­naires, the fed­er­al or­gan shall dis­close the pur­pose of and the leg­al basis for the pro­cessing, and the cat­egor­ies of per­sons in­volved with the data file and of the data re­cip­i­ents.

²…¹

¹Fed­er­al bod­ies are ob­liged to in­form the data sub­ject of the col­lec­tion of per­son­al data; this duty to provide in­form­a­tion also ap­plies where the data is col­lec­ted from third parties.

²The data sub­ject must be no­ti­fied as a min­im­um of the fol­low­ing:

a.

the con­trol­ler of the data file;

b.

the pur­pose of pro­cessing;

c.

the cat­egor­ies of the data re­cip­i­ents where a dis­clos­ure of data is planned;

d.

the right to in­form­a­tion in ac­cord­ance with Art­icle 8;

e.

the con­sequences of the re­fus­al of the data sub­ject to provide the re­ques­ted per­son­al data.

³If the data is not col­lec­ted from the data sub­ject, the data sub­ject must be in­formed at the latest when the data is stored or if the data is not stored, on its first dis­clos­ure to a third party.

⁴The duty of the con­trol­ler of the data file to provide in­form­a­tion ceases to ap­ply if the data sub­ject has already been in­formed or, in cases un­der para­graph 3, if:

a.

the stor­age or the dis­clos­ure of the data is ex­pressly provided for by law; or

b.

the pro­vi­sion of in­form­a­tion is not pos­sible or pos­sible only with dis­pro­por­tion­ate in­con­veni­ence or ex­pense.

⁵If the duty to provide in­form­a­tion would com­prom­ise the com­pet­it­ive­ness of a fed­er­al body, the Fed­er­al Coun­cil may lim­it the ap­plic­a­tion of the duty to the col­lec­tion of sens­it­ive per­son­al data and per­son­al­ity pro­files.

¹Fed­er­al bod­ies may re­fuse, re­strict or de­fer the pro­vi­sion of in­form­a­tion sub­ject to the re­quire­ments of Art­icle 9 para­graphs 1 and 2.

²As soon as the reas­on for re­fus­al, re­stric­tion or de­fer­ral ceases to ap­ply, the fed­er­al bod­ies are bound by the duty to provide in­form­a­tion un­less com­pli­ance is not pos­sible or pos­sible only with dis­pro­por­tion­ate in­con­veni­ence or ex­pense.

¹Fed­er­al bod­ies may dis­close per­son­al data if there is leg­al basis for do­ing so in ac­cord­ance with Art­icle 17 or if:¹

a.

the data is in­dis­pens­able to the re­cip­i­ent in the in­di­vidu­al case for the ful­fil­ment of his stat­utory task;

b.²

the data sub­ject has con­sen­ted in the in­di­vidu­al case;

c.³

the data sub­ject has made the data gen­er­ally ac­cess­ible and has not ex­pressly pro­hib­ited dis­clos­ure; or

d.

the re­cip­i­ent demon­strates cred­ibly that the data sub­ject is with­hold­ing con­sent or block­ing dis­clos­ure in or­der to pre­vent the en­force­ment of leg­al claims or the safe­guard­ing of oth­er le­git­im­ate in­terests; the data sub­ject must if pos­sible be giv­en the op­por­tun­ity to com­ment be­fore­hand.

^1bisFed­er­al bod­ies may also dis­close per­son­al data with­in the terms of the of­fi­cial in­form­a­tion dis­closed to the gen­er­al pub­lic, either ex of­fi­cio or based on the Free­dom of In­form­a­tion Act of 17 Decem­ber 2004⁴ if:

a.

the per­son­al data con­cerned is con­nec­ted with the ful­fil­ment of pub­lic du­ties; and

b.

there is an over­rid­ing pub­lic in­terest in its dis­clos­ure.⁵

²Fed­er­al bod­ies may on re­quest also dis­close the name, first name, ad­dress and date of birth of a per­son if the re­quire­ments of para­graph1 are not ful­filled.

³Fed­er­al bod­ies may make per­son­al data ac­cess­ible on­line if this is ex­pressly provided for. Sens­it­ive per­son­al data and per­son­al­ity pro­files may be made ac­cess­ible on­line only if this is ex­pressly provided for in a form­al en­act­ment.⁶

^3bisFed­er­al bod­ies may make per­son­al data gen­er­ally ac­cess­ible by means of auto­mated in­form­a­tion and com­mu­nic­a­tion ser­vices if a leg­al basis is provided for the pub­lic­a­tion of such data or if they make in­form­a­tion ac­cess­ible to the gen­er­al pub­lic on the basis of para­graph1^bis. If there is no longer a pub­lic in­terest in the ac­cess­ib­il­ity of such data, the data con­cerned must be re­moved from the auto­mated in­form­a­tion and com­mu­nic­a­tion ser­vice.⁷

⁴ The fed­er­al body shall re­fuse or re­strict dis­clos­ure, or make it sub­ject to con­di­tions if:

a.

es­sen­tial pub­lic in­terests or clearly le­git­im­ate in­terests of a data sub­ject so re­quire or

b.

stat­utory du­ties of con­fid­en­ti­al­ity or spe­cial data pro­tec­tion reg­u­la­tions so re­quire.

¹A data sub­ject that cred­ibly demon­strates a le­git­im­ate in­terest may re­quest the fed­er­al body con­cerned to block the dis­clos­ure of cer­tain per­son­al data.

²The fed­er­al body shall re­fuse to block dis­clos­ure or lift the block if:

a.

there is a leg­al duty of dis­clos­ure; or

b.

the ful­fil­ment of its task would oth­er­wise be pre­ju­diced.

³Any block­ing of dis­clos­ure is sub­ject to Art­icle 19 para­graph 1^bis.¹

¹In ac­cord­ance with the Archiv­ing Act of 26 June 1998², fed­er­al bod­ies shall of­fer the Fed­er­al Archives all per­son­al data that is no longer in con­stant use.

²The fed­er­al bod­ies shall des­troy per­son­al data des­ig­nated by the Fed­er­al Archives as not be­ing of archiv­al value un­less it:

a.

is rendered an­onym­ous;

b.³

must be pre­served on evid­en­tiary or se­cur­ity grounds or in or­der to safe­guard the le­git­im­ate in­terests of the data sub­ject.

¹Fed­er­al bod­ies may pro­cess per­son­al data for pur­poses not re­lated to spe­cif­ic per­sons, and in par­tic­u­lar for re­search, plan­ning and stat­ist­ics, if:

a.

the data is rendered an­onym­ous, as soon as the pur­pose of the pro­cessing per­mits;

b.

the re­cip­i­ent only dis­closes the data with the con­sent of the fed­er­al body and

c.

the res­ults are pub­lished in such a man­ner that the data sub­jects may not be iden­ti­fied.

²The re­quire­ments of the fol­low­ing pro­vi­sions need not be ful­filled:

a.

Art­icle 4 para­graph 3 on the pur­pose of pro­cessing

b.

Art­icle17 para­graph 2 on the leg­al basis for the pro­cessing of sens­it­ive per­son­al data and per­son­al­ity pro­files;

c.

Art­icle 19 para­graph 1 on the dis­clos­ure of per­son­al data.

¹If a fed­er­al body acts un­der private law, the pro­vi­sions for the pro­cessing of per­son­al data by private per­sons ap­ply.

²Su­per­vi­sion is gov­erned by the pro­vi­sions on fed­er­al bod­ies.

¹Any­one with a le­git­im­ate in­terest may re­quest the fed­er­al body con­cerned to:

a.

re­frain from pro­cessing per­son­al data un­law­fully;

b.

elim­in­ate the con­sequences of un­law­ful pro­cessing;

c.

as­cer­tain wheth­er pro­cessing is un­law­ful.

²If it is not pos­sible to prove the ac­cur­acy or the in­ac­cur­acy of per­son­al data, the fed­er­al body must mark the data cor­res­pond­ingly.

³The ap­plic­ant may in par­tic­u­lar re­quest that the fed­er­al body:

a.

cor­rects or des­troys the per­son­al data or blocks its dis­clos­ure to third parties;

b.

com­mu­nic­ates its de­cision to third parties, in par­tic­u­lar on the cor­rec­tion, de­struc­tion, block­ing of the data or mark­ing of the data as dis­puted, or pub­lishes the de­cision.

⁴The pro­ced­ure is gov­erned by the Fed­er­al Act of 20 Decem­ber 1968¹ on Ad­min­is­trat­ive Pro­ced­ure (Ad­min­is­trat­ive Pro­ced­ure Act). The ex­cep­tions con­tained in Art­icles 2 and 3 of the Ad­min­is­trat­ive Pro­ced­ure Act do not ap­ply.

⁵…²

For as long as pro­ceed­ings re­lat­ing to ac­cess to of­fi­cial doc­u­ments with­in the mean­ing of the Free­dom of In­form­a­tion Act of 17 Decem­ber 2004² that con­tain per­son­al data are on­go­ing, the data sub­ject may with­in the terms of such pro­ceed­ings claim the rights ac­cor­ded to him on the basis of Art­icle 25 of this Act in re­la­tion to those doc­u­ments that are the sub­ject mat­ter of the ac­cess pro­ceed­ings.

¹The Com­mis­sion­er is ap­poin­ted by the Fed­er­al Coun­cil for a term of of­fice of four years. The ap­point­ment must be ap­proved by the Fed­er­al As­sembly.

^1bisThis term of of­fice shall be ex­ten­ded auto­mat­ic­ally un­less the Fed­er­al Coun­cil has is­sued an or­der no less than six months be­fore its ex­piry based on ma­ter­i­ally ad­equate grounds that the term of of­fice should not be ex­ten­ded.²

²The em­ploy­ment re­la­tion­ship is gov­erned by the Fed­er­al Per­son­nel Act of 24 March 2000³, un­less this Act provides oth­er­wise.

³The Com­mis­sion­er shall ex­er­cise his du­ties in­de­pend­ently, without re­ceiv­ing dir­ect­ives from any au­thor­ity.⁴ He is as­signed to the Fed­er­al Chan­cellery for ad­min­is­trat­ive pur­poses.

³He has a per­man­ent sec­ret­ari­at and his own budget. He ap­points his own staff.

⁵The Com­mis­sion­er is not sub­ject to the sys­tem of as­sess­ment un­der Art­icle 4 para­graph 3 of the Fed­er­al Per­son­nel Act of 24 March 2000.

¹The Com­mis­sion­er's term of of­fice may be ex­ten­ded twice.²

^1bisThis term of of­fice shall be ex­ten­ded auto­mat­ic­ally un­less the Fed­er­al Coun­cil has is­sued an or­der based on ma­ter­i­ally ad­equate grounds that the term of of­fice should not be ex­ten­ded.³

²The Com­mis­sion­er may re­quest the Fed­er­al Coun­cil to be dis­charged from of­fice at the end of any month sub­ject to six months ad­vance no­tice.

³The Fed­er­al Coun­cil may dis­miss the Com­mis­sion­er from of­fice be­fore the ex­piry of his term of of­fice if he:

a.

wil­fully or through gross neg­li­gence ser­i­ously vi­ol­ates his du­ties of of­fice; or

b.

he is per­man­ently un­able to ful­fil his du­ties of of­fice.

¹The Com­mis­sion­er may not carry on an­oth­er oc­cu­pa­tion.

²The Fed­er­al Coun­cil may per­mit the Com­mis­sion­er to carry on an­oth­er oc­cu­pa­tion provided this does not com­prom­ise his in­de­pend­ence and stand­ing. The de­cision shall be pub­lished.

¹The Com­mis­sion­er¹ su­per­vises com­pli­ance by fed­er­al bod­ies with this Act and oth­er fed­er­al data pro­tec­tion reg­u­la­tions of the Con­fed­er­a­tion. The Fed­er­al Coun­cil is ex­cluded from such su­per­vi­sion.

²The Com­mis­sion­er in­vest­ig­ates cases either on his own ini­ti­at­ive or at the re­quest of a third party.

³In in­vest­ig­at­ing cases, he may re­quest the pro­duc­tion of files, ob­tain in­form­a­tion and ar­range for pro­cessed data to be shown to him. The fed­er­al bod­ies must as­sist in de­term­in­ing the facts of any case. The right to re­fuse to testi­fy un­der Art­icle 16 of the Ad­min­is­trat­ive Pro­ced­ure Act² ap­plies by ana­logy.

⁴If the in­vest­ig­a­tion re­veals that data pro­tec­tion reg­u­la­tions are be­ing breached, the Com­mis­sion­er shall re­com­mend that the fed­er­al body con­cerned change the meth­od of pro­cessing or aban­don the pro­cessing. He in­forms the de­part­ment con­cerned or the Fed­er­al Chan­cellery of his re­com­mend­a­tion.

⁵If a re­com­mend­a­tion is not com­plied with or is re­jec­ted, he may refer the mat­ter to the de­part­ment or to the Fed­er­al Chan­cellery for a de­cision. The de­cision is com­mu­nic­ated to the data sub­jects in the form of a rul­ing.³

⁶The Com­mis­sion­er has a right of ap­peal against the rul­ing un­der para­graph 5 and against the de­cision of the ap­peal au­thor­ity.⁴

The Com­mis­sion­er ad­vises private per­sons on data pro­tec­tion mat­ters.

¹The Com­mis­sion­er shall in­vest­ig­ate cases in more de­tail on his own ini­ti­at­ive or at the re­quest of a third party if:

a.

meth­ods of pro­cessing are cap­able of breach­ing the pri­vacy of lar­ger num­ber of per­sons (sys­tem er­rors);

b.¹

data files must be re­gistered (Art. 11a);

c.²

there is a duty to provide in­form­a­tion in terms of Art­icle 6 para­graph 3.

²To this end, he may re­quest files, ob­tain in­form­a­tion and ar­range for pro­cessed data to be shown to him. The right to re­fuse to testi­fy un­der Art­icle 16 of the Ad­min­is­trat­ive Pro­ced­ure Act³ ap­plies by ana­logy.

³On the basis of his in­vest­ig­a­tions, the Com­mis­sion­er may re­com­mend that the meth­od of pro­cessing be changed or aban­doned.

⁴If a re­com­mend­a­tion made by the Com­mis­sion­er is not com­plied with or is re­jec­ted, he may refer the mat­ter to the Fed­er­al Ad­min­is­trat­ive Court for a de­cision. He has the right to ap­peal against this de­cision.⁴

¹The Com­mis­sion­er shall sub­mit a re­port to the Fed­er­al As­sembly at reg­u­lar in­ter­vals and as re­quired. He shall provide the Fed­er­al Coun­cil with a copy of the re­port at the same time. The reg­u­lar re­ports are pub­lished.¹

²In cases of gen­er­al in­terest, he in­forms the gen­er­al pub­lic of his find­ings and re­com­mend­a­tions. He may only pub­lish per­son­al data sub­ject to of­fi­cial secrecy with con­sent of the au­thor­ity re­spons­ible. If it re­fuses its con­sent, the Pres­id­ent of the di­vi­sion of the Fed­er­al Ad­min­is­trat­ive Court re­spons­ible for data pro­tec­tion makes the fi­nal de­cision.²

¹The Com­mis­sion­er has the fol­low­ing ad­di­tion­al tasks in par­tic­u­lar:¹

a.

he as­sists fed­er­al and can­ton­al bod­ies on data pro­tec­tion is­sues;

b.

he provides an opin­ion on draft fed­er­al le­gis­la­tion and on oth­er fed­er­al meas­ures that are rel­ev­ant to data pro­tec­tion;

c.

he co­oper­ates with do­mest­ic and for­eign data pro­tec­tion au­thor­it­ies;

d.²

he provides an ex­pert opin­ion on the ex­tent to which for­eign data pro­tec­tion le­gis­la­tion guar­an­tees ad­equate pro­tec­tion;

e.³

he ex­am­ines safe­guards and data pro­tec­tion rules no­ti­fied to him un­der Art­icle 6 para­graph 3;

f.⁴

he ex­am­ines the cer­ti­fic­a­tion pro­ced­ure un­der Art­icle11 and may is­sue re­com­mend­a­tions in ac­cord­ance with Art­icle 27 para­graph 4 or Art­icle 29 para­graph 3;.

g.⁵

he car­ries out the tasks as­signed to him un­der the Free­dom of In­form­a­tion Act of 17 Decem­ber 2004⁶;

h.⁷

he shall raise the level of pub­lic aware­ness of data pro­tec­tion mat­ters.

²He may also ad­vise bod­ies of the Fed­er­al Ad­min­is­tra­tion even if, in ac­cord­ance with Art­icle 2 para­graph 2 let­ters c and d, this Act does not ap­ply. The bod­ies of the Fed­er­al Ad­min­is­tra­tion may per­mit him to in­spect their files.

¹Leg­al pro­tec­tion is gov­erned by the gen­er­al pro­vi­sions on the ad­min­is­tra­tion of fed­er­al justice.

²If the Com­mis­sion­er es­tab­lishes in a case in­vest­ig­a­tion un­der Art­icle 27 para­graph 2 or un­der Art­icle 29 para­graph 1 that the data sub­jects are threatened with a dis­ad­vant­age that can­not be eas­ily remedied, he may ap­ply to the Pres­id­ent of the di­vi­sion of the Fed­er­al Ad­min­is­trat­ive Court re­spons­ible for data pro­tec­tion for in­ter­im meas­ures to be taken. The pro­ced­ure is gov­erned by ana­logy by Art­icles 79-84 of the Fed­er­al Act of 4 Decem­ber 1947¹ on Fed­er­al Civil Pro­ced­ure.

¹On com­plaint, private per­sons are li­able to a fine if they:¹

a.

breach their ob­lig­a­tions un­der Art­icles 8-10 and 14, in that they wil­fully provide false or in­com­plete in­form­a­tion; or

b.

wil­fully fail:

1.

to in­form the data sub­ject in ac­cord­ance with Art­icle 14 para­graph 1, or

2.

to provide in­form­a­tion re­quired un­der Art­icle 14 para­graph 2.²

²Private per­sons are li­able to a fine³ if they wil­fully:

a.⁴

fail to provide in­form­a­tion in ac­cord­ance with Art­icle 6 para­graph 3 or to de­clare files in ac­cord­ance with Art­icle11a or who in do­ing so wil­fully provide false in­form­a­tion; or

b.

provide the Com­mis­sion­er with false in­form­a­tion in the course of a case in­vest­ig­a­tion (Art. 29) or who re­fuse to co­oper­ate.

¹Any­one who without au­thor­isa­tion wil­fully dis­closes con­fid­en­tial, sens­it­ive per­son­al data or per­son­al­ity pro­files that have come to their know­ledge in the course of their pro­fes­sion­al activ­it­ies where such activ­it­ies re­quire the know­ledge of such data is, on com­plaint, li­able to a fine.¹

²The same pen­al­ties ap­ply to any­one who without au­thor­isa­tion wil­fully dis­closes con­fid­en­tial, sens­it­ive per­son­al data or per­son­al­ity pro­files that have come to their know­ledge in the course of their activ­it­ies for a per­son bound by pro­fes­sion­al con­fid­en­ti­al­ity or in the course of train­ing with such a per­son.

³The un­au­thor­ised dis­clos­ure of con­fid­en­tial, sens­it­ive per­son­al data or per­son­al­ity pro­files re­mains an of­fence after ter­min­a­tion of such pro­fes­sion­al activ­it­ies or train­ing.

¹The Fed­er­al Coun­cil shall is­sue the im­ple­ment­ing pro­vi­sions.

²…¹

³It may provide for derog­a­tions from Art­icles 8 and 9 in re­la­tion to the pro­vi­sion of in­form­a­tion by Swiss dip­lo­mat­ic and con­su­lar rep­res­ent­a­tions abroad.

⁴It may also spe­cify:

a.

which data files re­quire pro­cessing reg­u­la­tions;

b.

the re­quire­ments un­der which a fed­er­al body may ar­range for the pro­cessing of per­son­al data by a third party or for a third party;

c.

how the means of iden­ti­fic­a­tion of per­sons may be used.

⁵It may con­clude in­ter­na­tion­al treat­ies on data pro­tec­tion provided they com­ply with the prin­ciples of this Act.

⁶It reg­u­lates how data files must be se­cured where the data may con­sti­tute a danger to life and limb for the data sub­jects in the event of war or oth­er crisis.

¹Un­less there are can­ton­al data pro­tec­tion reg­u­la­tions that en­sure an ad­equate level of pro­tec­tion, Art­icles 1-11a, 16, 17, 18-22 and 25 para­graphs 1-3 of this Act ap­ply to the pro­cessing of per­son­al data by can­ton­al bod­ies in the im­ple­ment­a­tion of fed­er­al law.¹

²The can­tons shall ap­point a con­trolling body to en­sure com­pli­ance with data pro­tec­tion re­quire­ments. Art­icles 27, 30 and 31 are ap­plic­able in an ana­log­ous man­ner.

¹The con­trol­lers of data files must re­gister ex­ist­ing data files that must be re­gistered un­der Art­icle 11 with­in one year of the com­mence­ment of this Act at the latest.

²They must take the re­quired meas­ures with­in one year of the com­mence­ment of this Act to be able to provide the in­form­a­tion re­quired un­der Art­icle 8.

³Fed­er­al bod­ies may con­tin­ue to use an ex­ist­ing data file with sens­it­ive per­son­al data or with per­son­al­ity pro­files un­til 31 Decem­ber 2000 without ful­filling the re­quire­ments of Art­icle 17 para­graph 2.¹

⁴In mat­ters re­lat­ing to asylum and for­eign na­tion­als, the peri­od men­tioned in para­graph 3 is ex­ten­ded un­til the com­mence­ment of the totally re­vised Asylum Act of 26 June 1998² and the amend­ments to the Fed­er­al Act of 26 March 1931³ on the Res­id­ence and Per­man­ent Set­tle­ment of For­eign Na­tion­als.⁴

The ap­point­ment of the Com­mis­sion­er and the ter­min­a­tion of his em­ploy­ment re­la­tion­ship are sub­ject to the pre­vi­ous law un­til the end of the le­gis­lat­ive peri­od in which this amend­ment comes in­to force.

¹This Act is sub­ject to an op­tion­al ref­er­en­dum.

²The Fed­er­al Coun­cil de­term­ines the date on which this Act comes in­to force.