235.11

¹Any­one who re­quests in­form­a­tion from the con­trol­ler of a data file on wheth­er data con­cern­ing them is be­ing pro­cessed (Art. 8 DPA) must nor­mally re­quest the in­form­a­tion in writ­ing and provide proof of their iden­tity.

²Re­quests for in­form­a­tion as well as the pro­vi­sion of in­form­a­tion may also be made on­line if the con­trol­ler of the data file ex­pressly ar­ranges for this and takes ap­pro­pri­ate meas­ures to:

a.

guar­an­tee the iden­ti­fic­a­tion of the data sub­ject; and

b.

pro­tect the per­son­al data of the data sub­ject when provid­ing in­form­a­tion against un­au­thor­ised ac­cess by third parties.¹

³With the agree­ment of the con­trol­ler of the data file or at his sug­ges­tion, the data sub­ject may in­spect their data in situ. The in­form­a­tion may also be provided verbally if the data sub­ject has con­sen­ted and has been iden­ti­fied by the con­trol­ler.

⁴The in­form­a­tion or the sub­stan­ti­ated de­cision on the re­stric­tion of the right of ac­cess (Art. 9 and 10 DPA) is provided with­in 30 days of re­ceipt of the re­quest for in­form­a­tion. If the in­form­a­tion can­not be provided with­in 30 days, the con­trol­ler of the data file must no­ti­fy the ap­plic­ant of this and of the date by which the in­form­a­tion will be provided.

⁵If one or more data files are jointly held by two or more con­trol­lers, the right of ac­cess may be as­ser­ted against each con­trol­ler, un­less one of them is re­spons­ible for pro­cessing all re­quests for in­form­a­tion. If the con­trol­ler of the data file is not au­thor­ised to provide in­form­a­tion, he shall pass the re­quest on to the per­son re­spons­ible.

⁶If the re­quest for in­form­a­tion relates to data that is be­ing pro­cessed by a third party on be­half of the con­trol­ler of the data file, the con­trol­ler shall pass the re­quest on to the third party for pro­cessing if the con­trol­ler is not able to provide the in­form­a­tion him­self.²

⁷If in­form­a­tion is re­ques­ted on data re­lat­ing to de­ceased per­sons, it must be provided if the ap­plic­ant proves an in­terest in the in­form­a­tion that is not countered by the over­rid­ing in­terests of re­l­at­ives of the de­ceased or third parties. Close re­l­at­ives and per­sons who have been mar­ried to the de­ceased have a jus­ti­fied in­terest.

¹The pay­ment of an ap­pro­pri­ate share of the costs may by way of ex­cep­tion be re­ques­ted if:

a.

the ap­plic­ant has already been provided with the re­ques­ted in­form­a­tion in the twelve months pri­or to the ap­plic­a­tion and no le­git­im­ate in­terest in the fur­ther pro­vi­sion of in­form­a­tion can be proven. A le­git­im­ate in­terest is con­sti­tuted in par­tic­u­lar if the per­son­al data has been mod­i­fied without no­tice be­ing giv­en to the data sub­ject;

b.

the pro­vi­sion of in­form­a­tion en­tails an ex­cep­tion­ally large amount of work.

²The share of the costs amounts to a max­im­um of 300 francs. The ap­plic­ant must be no­ti­fied of the amount of the share be­fore the in­form­a­tion is provided and may with­draw his re­quest with­in ten days.

¹Data files (Art. 11a para. 3 DPA) must be re­gistered with the Fed­er­al Data Pro­tec­tion and In­form­a­tion Com­mis­sion­er (the Com­mis­sion­er) be­fore their op­er­a­tion­al use.¹ The re­gis­tra­tion con­tains the fol­low­ing in­form­a­tion:

a.

the name and ad­dress of the con­trol­ler of the data file;

b.

the name and com­plete des­ig­na­tion of the data file;

c.

the per­son against whom the right of ac­cess may be as­ser­ted;

d.

the pur­pose of the data file;

e.

the cat­egor­ies of per­son­al data pro­cessed;

f.

the cat­egor­ies of data re­cip­i­ents;

g.

the cat­egor­ies of per­sons par­ti­cip­at­ing in the data file, i.e. third parties who are per­mit­ted to enter and modi­fy data in the data file.

²Each con­trol­ler of a data file shall up­date this in­form­a­tion on an on­go­ing basis. …²

¹Ex­empt from the duty to re­gister data files are data files as defined in Art­icle 11a para­graph 5 let­ters a and c-f DPA as well as the fol­low­ing data files (Art. 11a para. 5 let. b DPA):

a.

data files from sup­pli­ers or cus­tom­ers, provided they do not con­tain any sens­it­ive per­son­al data or per­son­al­ity pro­files;

b.

data files whose data is used ex­clus­ively for pur­poses un­re­lated to spe­cif­ic per­sons, in par­tic­u­lar in re­search, plan­ning and stat­ist­ics;

c.

archived data files and the data that are pre­served solely for his­tor­ic­al or sci­entif­ic pur­poses;

d.

data files that con­tain only data that has been pub­lished or that the data sub­jects have them­selves made gen­er­ally ac­cess­ible and whose pro­cessing they have not ex­pressly pro­hib­ited;

e.

data that ex­clus­ively serves to ful­fil the re­quire­ments of Art­icle10;

f.

ac­count­ing re­cords;

g.

sec­ond­ary data files for per­son­nel man­age­ment of the con­trol­ler of the data file, provided they do not con­tain any sens­it­ive per­son­al data or per­son­al­ity pro­files.

²The con­trol­ler of the data files shall take the meas­ures re­quired to be able to provide the Com­mis­sion­er or the data sub­jects on re­quest with the in­form­a­tion (Art. 3 para. 1) on data files not sub­ject to the duty to re­gister.

If per­son­al data is made gen­er­ally ac­cess­ible by means of auto­mated in­form­a­tion and com­mu­nic­a­tions ser­vices for the pur­pose of provid­ing in­form­a­tion to the gen­er­al pub­lic, this is not deemed to be trans­bor­der dis­clos­ure.

¹The con­trol­ler of the data file shall in­form the Com­mis­sion­er pri­or to trans­bor­der dis­clos­ure with re­gard to the safe­guards and data pro­tec­tion rules un­der Art­icle 6 para­graph 2 let­ters a and g DPA. If in­form­a­tion can­not be provided in ad­vance, it must be provided im­me­di­ately after dis­clos­ure.

²If the Com­mis­sion­er has been in­formed of the safe­guards and the data pro­tec­tion rules, the duty to provide in­form­a­tion for all ad­di­tion­al dis­clos­ures is re­garded as ful­filled if such dis­clos­ures:

a.

are made sub­ject to the same safe­guards, provided the cat­egor­ies of re­cip­i­ent, the pur­pose the pro­cessing and the data cat­egor­ies re­main es­sen­tially un­changed; or

b.

take place with­in the same leg­al per­son or com­pany or between leg­al per­sons or com­pan­ies that are un­der the same man­age­ment, provided the data pro­tec­tion rules con­tin­ue to en­sure an ad­equate level of pro­tec­tion.

³The duty to provide in­form­a­tion is also re­garded as ful­filled if data is trans­mit­ted on the basis of mod­el con­tracts or stand­ard con­tract clauses that have been drawn up or ap­proved by the Com­mis­sion­er, and the Com­mis­sion­er has been in­formed about the use of these mod­el con­tracts or stand­ard con­tract clauses by the con­trol­ler of the data file. The Com­mis­sion­er shall pub­lish a list of the mod­el con­tracts and stand­ard con­tract clauses that he has drawn up or ap­proved.

⁴The con­trol­ler of the data file shall take ap­pro­pri­ate meas­ures to en­sure that the re­cip­i­ent com­plies with the safe­guards and the data pro­tec­tion rules.

⁵The Com­mis­sion­er ex­am­ines the safe­guards and the data pro­tec­tion rules that have been no­ti­fied to him (Art. 31 para. 1 let. e DPA) and no­ti­fies the con­trol­ler of the data file of the res­ult of his ex­am­in­a­tion with­in 30 days of re­ceipt of the in­form­a­tion.

The Com­mis­sion­er shall pub­lish a list of the states whose le­gis­la­tion en­sures an ad­equate level of pro­tec­tion.

¹Any­one who as private in­di­vidu­al pro­cesses per­son­al data or provides a data com­mu­nic­a­tion net­work shall en­sure the con­fid­en­ti­al­ity, avail­ab­il­ity and the in­teg­rity of the data in or­der to en­sure an ap­pro­pri­ate level of data pro­tec­tion.¹ In par­tic­u­lar, he shall pro­tect the sys­tems against the fol­low­ing risks:

a.

un­au­thor­ised or ac­ci­dent­al de­struc­tion;

b.

ac­ci­dent­al loss;

c.

tech­nic­al faults;

d.

for­gery, theft or un­law­ful use;

e.

un­au­thor­ised al­ter­a­tion, copy­ing, ac­cess or oth­er un­au­thor­ised pro­cessing.

²The tech­nic­al and or­gan­isa­tion­al meas­ures must be ad­equate. In par­tic­u­lar, they must take ac­count of the fol­low­ing cri­ter­ia:

a.

the pur­pose of the data pro­cessing;

b.

the nature and ex­tent of the data pro­cessing;

c.

an as­sess­ment of the pos­sible risks to the data sub­jects;

d.

the cur­rent state of the art.

³These meas­ures must be re­viewed peri­od­ic­ally.

⁴…²

¹The con­trol­ler of the data file shall, in par­tic­u­lar for the auto­mated pro­cessing of per­son­al data, take the tech­nic­al and or­gan­isa­tion­al meas­ures that are suit­able for achiev­ing the fol­low­ing goals in par­tic­u­lar:

a.

en­trance con­trol: un­au­thor­ised per­sons must be denied the ac­cess to fa­cil­it­ies in which per­son­al data is be­ing pro­cessed;

b.

per­son­al data car­ri­er con­trol: un­au­thor­ised per­sons must be pre­ven­ted from read­ing, copy­ing, al­ter­ing or re­mov­ing data car­ri­ers;

c.

trans­port con­trol: on the dis­clos­ure of per­son­al data as well as dur­ing the trans­port of data car­ri­ers, the un­au­thor­ised read­ing, copy­ing, al­ter­a­tion or de­le­tion of data must be pre­ven­ted;

d.

dis­clos­ure con­trol: data re­cip­i­ents to whom per­son­al data is dis­closed by means of devices for data trans­mis­sion must be iden­ti­fi­able;

e.

stor­age con­trol: un­au­thor­ised stor­age in the memory as well as the un­au­thor­ised know­ledge, al­ter­a­tion or de­le­tion of stored per­son­al data must be pre­ven­ted;

f.

us­age con­trol: the use by un­au­thor­ised per­sons of auto­mated data pro­cessing sys­tems by means of devices for data trans­mis­sion must be pre­ven­ted;

g.

ac­cess con­trol: the ac­cess by au­thor­ised per­sons must be lim­ited to the per­son­al data that they re­quired to ful­fil­ment their task;

h.

in­put con­trol: in auto­mated sys­tems, it must be pos­sible to carry out a ret­ro­spect­ive ex­am­in­a­tion of what per­son­al data was entered at what time and by which per­son.

²The data files must be struc­tured so that the data sub­jects are able to as­sert their right of ac­cess and their right to have data cor­rec­ted.

¹The con­trol­ler of the data file shall main­tain a re­cord of the auto­mated pro­cessing of sens­it­ive per­son­al data or per­son­al­ity pro­files if pre­vent­ive meas­ures can­not en­sure data pro­tec­tion. Re­cords are ne­ces­sary in par­tic­u­lar if it would not oth­er­wise be pos­sible to de­term­ine sub­sequently wheth­er data has been pro­cessed for the pur­poses for which it was col­lec­ted or dis­closed. The Com­mis­sion­er¹ may also re­com­mend that re­cords be main­tained of oth­er pro­cessing.²

²The re­cords must be stored for one year in a state suit­able for audit­ing. They are ac­cess­ible only to those bod­ies or private per­sons whose duty it is to su­per­vise com­pli­ance with the data pro­tec­tion reg­u­la­tions, and may be used only for this pur­pose.

¹The con­trol­ler of an auto­mated data file sub­ject to re­gis­tra­tion (Art. 11a para. 3 DPA) that is not ex­emp­ted from the re­gis­tra­tion re­quire­ment in terms of Art­icle 11a para­graph 5 let­ters b-d DPA shall is­sue a pro­cessing policy that de­scribes in par­tic­u­lar the in­tern­al or­gan­isa­tion and the data pro­cessing and con­trol pro­ced­ures and con­tain doc­u­ments on the plan­ning, real­isa­tion and op­er­a­tion of the data file and the in­form­a­tion tech­no­logy used.

²The con­trol­ler of the data file shall up­date the pro­cessing policy reg­u­larly. He shall make it avail­able to the Com­mis­sion­er or the data pro­tec­tion of­ficer un­der Art­icle 11a para­graph 5 let­ter e DPA on re­quest in a form that is com­pre­hens­ible to them.

The con­trol­ler of the data file shall no­ti­fy the data re­cip­i­ent as to how up-to-date and re­li­able the per­son­al data that he has dis­closed is, un­less this in­form­a­tion is evid­ent from the data it­self or from the cir­cum­stances.

¹If the con­trol­ler of the data file un­der Art­icle 11a para­graph 5 let­ter e DPA wishes to be ex­emp­ted from the duty to re­gister the data file, he must:

a.

ap­point an op­er­a­tion­al data pro­tec­tion of­ficer who ful­fils the re­quire­ments of para­graph 2 and of Art­icle 12b; and

b.

no­ti­fy the Com­mis­sion­er of the ap­point­ment of the data pro­tec­tion of­ficer.

²The con­trol­ler of the data file may ap­point an em­ploy­ee or a third party as the data pro­tec­tion of­ficer. This per­son may not carry out any oth­er activ­it­ies that are in­com­pat­ible with his du­ties as a data pro­tec­tion of­ficer, and must have the re­quired spe­cial­ist know­ledge.

¹The data pro­tec­tion of­ficer has the fol­low­ing du­ties in par­tic­u­lar:

a.

he audits the pro­cessing of per­son­al data and re­com­mends cor­rect­ive meas­ures if he as­cer­tains that the data pro­tec­tion reg­u­la­tions have been in­fringed.

b.

he main­tains a list of the data files in ac­cord­ance with Art­icle 11a para­graph 3 DPA that are op­er­ated by the con­trol­ler of the data files; this list must be made avail­able to the Com­mis­sion­er or on re­quest to data sub­jects.

²The data pro­tec­tion of­ficer:

a.

car­ries out his du­ties in­de­pend­ently and without in­struc­tions from the con­trol­ler of the data file;

b.

has the re­sources re­quired to ful­fil his du­ties;

c.

has ac­cess to all data files and data pro­cessing as well as to all in­form­a­tion, that he re­quires to ful­fil his du­ties.

Art­icles 1 and 2 ap­ply by ana­logy to re­quests for in­form­a­tion made to fed­er­al bod­ies.

¹Swiss rep­res­ent­a­tions abroad as well as the mis­sions to the European Com­munit­ies and to in­ter­na­tion­al or­gan­isa­tions shall for­ward re­quests for in­form­a­tion made to them to the of­fice re­spons­ible in the Fed­er­al De­part­ment of For­eign Af­fairs. The De­part­ment reg­u­lates the re­spons­ib­il­it­ies.¹

²In ad­di­tion, the pro­vi­sions of the Or­din­ance of 10 Decem­ber 2004² on Mil­it­ary Con­trols ap­ply to re­quests for in­form­a­tion on mil­it­ary con­trols abroad.³

¹The fed­er­al bod­ies re­spons­ible (Art. 16 DPA) shall re­gister with the Com­mis­sion­er all the data files that they main­tain be­fore they are opened. The re­gis­tra­tion con­tains the fol­low­ing de­tails:

a.

the name and ad­dress of the re­spons­ible fed­er­al body;

b.

the name and com­plete des­ig­na­tion of the data file;

c.

the body against whom the right of ac­cess may be as­ser­ted;

d.

the leg­al basis and pur­pose of the data file;

e.

the cat­egor­ies of pro­cessed per­son­al data;

f.

the cat­egor­ies of the re­cip­i­ents of the data;

g.

the cat­egor­ies of the par­ti­cipants in the data file, i.e. third parties who may enter or modi­fy data in the file.

h.

…²

²The re­spons­ible fed­er­al body shall up­date these de­tails reg­u­larly.³

¹Fol­low­ing data files are ex­emp­ted from the duty to re­gister, provided the fed­er­al bod­ies use them ex­clus­ively for the in­tern­al ad­min­is­trat­ive pur­poses:

a.

com­mon cor­res­pond­ence re­gisters;

b.

data files of sup­pli­er or cli­ents, provided they do not con­tain sens­it­ive per­son­al data or per­son­al­ity pro­files;

c.

col­lec­tions of ad­dresses used solely for ad­dress­ing cor­res­pond­ence, provided they do not con­tain sens­it­ive per­son­al data or per­son­al­ity pro­files;

d.

lists for com­pens­a­tion pay­ments;

e.

ac­count­ing doc­u­ments;

f.

sec­ond­ary data files for fed­er­al per­son­nel man­age­ment, provided they do not con­tain sens­it­ive per­son­al data or per­son­al­ity pro­files;

g.

lib­rary data files (cata­logues of au­thors, bor­row­er and user lists).

²The fol­low­ing are also ex­emp­ted from the duty to re­gister:

a.

data files archived in the Fed­er­al Archives;

b.

data files that are made avail­able to the gen­er­al pub­lic in the form of dir­ect­or­ies;

c.

data files where the data is used ex­clus­ively for pur­poses not re­lated to spe­cif­ic per­sons, in par­tic­u­lar in re­search, plan­ning and stat­ist­ics.

³The com­pet­ent fed­er­al body shall take the meas­ures re­quired to be able to provide the Com­mis­sion­er or the data sub­jects on re­quest with the in­form­a­tion (Art. 16 para. 1) on data files ex­emp­ted from the duty to re­gister.

If a fed­er­al body makes a trans­bor­der dis­clos­ure of per­son­al data on the basis of Art­icle 6 para­graph 2 let­ter a DPA known, Art­icle 6 ap­plies.

¹The fed­er­al bod­ies re­spons­ible shall take the tech­nic­al and or­gan­isa­tion­al meas­ures re­quired un­der Art­icles 8-10 to pro­tect the pri­vacy and the fun­da­ment­al rights of per­sons whose data is be­ing pro­cessed. In the case of the auto­mated data pro­cessing, the fed­er­al bod­ies shall co­oper­ate with the Fed­er­al Strategy Unit for IT (FSUIT).

²The fed­er­al bod­ies re­spons­ible shall im­me­di­ately no­ti­fy the data pro­tec­tion of­ficer un­der Art­icle 11a para­graph 5 let­ter e DPA or, if no of­ficer has been ap­poin­ted, the Com­mis­sion­er of all pro­jects in­volving the auto­mated pro­cessing of per­son­al data, so that data pro­tec­tion re­quire­ments are taken in­to ac­count without delay. No­tice is giv­en to the Com­mis­sion­er by way of FSUIT if the pro­ject must also be re­gistered with the lat­ter.²

³The Com­mis­sion­er and FSUIT shall co­oper­ate on tech­nic­al meas­ures with­in the scope of their activ­it­ies. The Data Pro­tec­tion Com­mis­sion­er shall con­sult with FSUIT be­fore re­com­mend­ing such meas­ures.

⁴In ad­di­tion, dir­ect­ives ap­ply that have been is­sued by the fed­er­al bod­ies re­spons­ible based on the Fed­er­al In­form­a­tion Tech­no­logy Or­din­ance of 26 Septem­ber 2003³.⁴

¹The fed­er­al bod­ies re­spons­ible shall is­sue a pro­cessing policy for auto­mated data files that:

a.

con­tain sens­it­ive data or per­son­al­ity pro­files;

b.

are used by two or more fed­er­al bod­ies;

c.

are dis­closed to can­tons, for­eign au­thor­it­ies, in­ter­na­tion­al or­gan­isa­tions or private per­sons; or

d.

are con­nec­ted to oth­er data files.

²The fed­er­al body re­spons­ible shall de­term­ine its in­tern­al or­gan­isa­tion in the pro­cessing policy. These shall in par­tic­u­lar de­scribe the data pro­cessing and con­trol pro­ced­ures and con­tain all doc­u­ments on the plan­ning, real­isa­tion and man­age­ment of the data file. The policy shall con­tain the de­tails re­quired for re­gis­tra­tion (Art. 16) as well as in­form­a­tion on:

a.

the body re­spons­ible for the pro­tec­tion and se­cur­ity of the data;

b.

the source of the data;

c.

the pur­poses for which the data is reg­u­larly dis­closed;

d.

the con­trol pro­ced­ures and in par­tic­u­lar the tech­nic­al and or­gan­isa­tion­al meas­ures in terms of Art­icle 20;

e.

the de­scrip­tion of the data fields and the or­gan­isa­tion­al units that have ac­cess to them;

f.

the ac­cess by users of the data files as well as on the nature and ex­tent of such ac­cess;

g.

the data pro­cessing pro­ced­ures, in par­tic­u­lar the pro­ced­ure for the rec­ti­fic­a­tion, block­ing, an­onymising, stor­ing, safe­guard­ing, archiv­ing or de­struc­tion of the data;

h.

the con­fig­ur­a­tion of the in­form­a­tion tech­no­logy used;

i.

the pro­ced­ure for ex­er­cising the right of ac­cess.

³The policy shall be up­dated reg­u­larly. They shall be made avail­able to the con­trol bod­ies re­spons­ible in a form com­pre­hens­ible to them.

¹...¹

²A fed­er­al body that ar­ranges for per­son­al data to be pro­cessed by third parties re­mains re­spons­ible for data pro­tec­tion. It en­sures that the data is pro­cessed in ac­cord­ance with its in­struc­tions, in par­tic­u­lar with re­gard to its use and dis­clos­ure.

³If the third party is not sub­ject to the DPA, the re­spons­ible body shall sat­is­fy it­self that oth­er stat­utory pro­vi­sions en­sure equi­val­ent data pro­tec­tion, and if this is not the case, it shall en­sure pro­tec­tion by con­trac­tu­al means.

¹The Fed­er­al Chan­cellery and the De­part­ments shall each ap­point at least one ad­visor on data pro­tec­tion. This ad­visor has the fol­low­ing du­ties:

a.

ad­vising the re­spons­ible bod­ies and users;

b.

en­cour­aging the pro­vi­sion of in­form­a­tion and the train­ing of staff;

c.

par­ti­cip­at­ing in the im­ple­ment­a­tion of the data pro­tec­tion reg­u­la­tions.

²If fed­er­al bod­ies un­der Art­icle 11a para­graph 5 let­ter e DPA wish to be ex­emp­ted from the duty to re­gister their data files, Art­icles12a and 12b ap­ply.

³The fed­er­al bod­ies con­sult with the Com­mis­sion­er with re­gard to the ad­visor.

¹Where a fed­er­al body col­lects per­son­al data sys­tem­at­ic­ally by means of ques­tion­naires, it must in­form per­sons who are not ob­liged to provide in­form­a­tion that the pro­vi­sion of in­form­a­tion is vol­un­tary.

¹The fed­er­al body that in­tro­duces a per­son­al iden­ti­fic­a­tion num­ber for the ad­min­is­tra­tion of its data file shall cre­ate a non-speak­ing num­ber that is used in its own area of re­spons­ib­il­ity. A non-speak­ing num­ber is any set of clear or clearly iden­ti­fi­able char­ac­ters al­loc­ated to each per­son re­gistered in a data file that does not per­mit any con­clu­sions to be drawn as to the per­son to which it relates.

²The use of the per­son­al iden­ti­fic­a­tion num­ber by oth­er fed­er­al or can­ton­al bod­ies or by private in­di­vidu­als must be ap­proved by the fed­er­al body con­cerned.

³The ap­prov­al may be gran­ted if there is a close con­nec­tion between the planned data pro­cessing and the pro­cessing for which the per­son­al iden­ti­fic­a­tion num­ber has been cre­ated.

⁴In ad­di­tion, the use of the AHV num­ber is reg­u­lated by the AHV le­gis­la­tion.

The fed­er­al body con­cerned shall no­ti­fy the data re­cip­i­ent of the up-to-date­ness and the re­li­ab­il­ity of the per­son­al data that it dis­closes, provided this in­form­a­tion is not evid­ent from the data it­self or from the cir­cum­stances.

¹Be­fore con­sult­ing the in­ter­ested ad­min­is­trat­ive units, the fed­er­al body re­spons­ible for the pi­lot scheme shall in­form the Com­mis­sion­er as to how it is in­ten­ded to en­sure com­pli­ance with the re­quire­ments of Art­icle 17a DPA, and in­vite him to com­ment there­on.

²The Com­mis­sion­er shall com­ment on the is­sue of wheth­er the li­cens­ing re­quire­ments in terms of Art­icle 17a para­graphs 1 and 2 DPA are ful­filled. The fed­er­al body re­spons­ible shall provide him with all the doc­u­ments re­quired, and in par­tic­u­lar with:

a.

a gen­er­al de­scrip­tion of the pi­lot scheme;

b.

a re­port that proves that the ful­fil­ment of tasks provided for by law re­quires the pro­cessing of sens­it­ive per­son­al data or per­son­al­ity pro­files and that a test phase be­fore the form­al en­act­ment comes in­to force is in­dis­pens­able (Art. 17a para. 1 let. c DPA);

c.

a de­scrip­tion of the in­tern­al or­gan­isa­tion as well as the data pro­cessing and con­trol pro­ced­ures (Art. 21);

d.

a de­scrip­tion of the se­cur­ity and data pro­tec­tion meas­ures;

e.

the draft of or the concept for an or­din­ance that reg­u­lates the de­tails of the pro­cessing;

f.

in­form­a­tion re­lat­ing to the plan­ning of the vari­ous phases of the pi­lot scheme.

³The Com­mis­sion­er may re­quest fur­ther doc­u­ments and carry out ad­di­tion­al in­vest­ig­a­tions.

⁴The fed­er­al body re­spons­ible shall in­form the Com­mis­sion­er of any im­port­ant modi­fic­a­tion re­lat­ing to com­pli­ance with the re­quire­ments of Art­icle 17a DPA. If re­quired, the Com­mis­sion­er shall again state his views there­on.

⁵The opin­ion of the Com­mis­sion­er must be in­cluded in the ap­plic­a­tion to the Fed­er­al Coun­cil.

The fed­er­al body re­spons­ible shall sub­mit the draft of the ana­lys­is re­port for the Fed­er­al Coun­cil (Art. 17a para. 4 DPA) to the Com­mis­sion­er for com­ment. The Fed­er­al Coun­cil must be in­formed of the opin­ion of the Com­mis­sion­er.

¹The re­gister main­tained by the Com­mis­sion­er con­tains the in­form­a­tion in terms of Art­icles 3 and 16.

²The re­gister is ac­cess­ible to the gen­er­al pub­lic on­line. The Com­mis­sion­er shall provide ex­tracts on re­quest free of charge.

³The Com­mis­sion­er main­tains a list of the con­trol­lers of data files who are ex­emp­ted from the re­quire­ment to re­gister data files in terms of Art­icle 11a para­graph 5 let­ters e and f DPA. This list is ac­cess­ible to the gen­er­al pub­lic on­line.

⁴If the con­trol­ler of the data file does not re­gister his data file or does not do so com­pletely, the Com­mis­sion­er shall al­low him a peri­od with­in which to com­ply with his ob­lig­a­tions. On ex­piry of the peri­od, he may, based on the in­form­a­tion avail­able to him, re­gister the file ex of­fi­cio or re­com­mend that the data pro­cessing be ter­min­ated.

¹The Com­mis­sion­er's headquar­ters and sec­ret­ari­at are loc­ated in Bern.

²The em­ploy­ment of the mem­bers of the Com­mis­sion­er's sec­ret­ari­at is gov­erned by the Fed­er­al Per­son­nel Act of 24 March 2000¹ to­geth­er with its im­ple­ment­ing pro­vi­sions.²

³The Com­mis­sion­er's budget is con­tained in a spe­cial sec­tion of the Fed­er­al Chan­cellery budget.³

¹The Com­mis­sion­er deals with the Fed­er­al Coun­cil via the Fed­er­al Chan­cel­lor.¹ The Fed­er­al Chan­cel­lor shall pass on any re­com­mend­a­tions and re­ports from the Data Pro­tec­tion Com­mis­sion­er ir­re­spect­ive of wheth­er he or she con­curs with them.

^1bisThe Com­mis­sion­er passes on the re­ports in­ten­ded for the Fed­er­al As­sembly dir­ectly to the Par­lia­ment­ary Ser­vices.²

²The Com­mis­sion­er deals dir­ectly with oth­er ad­min­is­trat­ive units, the fed­er­al courts, for­eign data pro­tec­tion au­thor­it­ies and with all oth­er au­thor­it­ies and private per­sons that are sub­ject to fed­er­al data pro­tec­tion le­gis­la­tion or the le­gis­la­tion on the prin­ciple of free­dom of in­form­a­tion in gov­ern­ment.³

¹The fed­er­al bod­ies shall sub­mit to the Com­mis­sion­er any draft le­gis­la­tion that relates to the pro­cessing of per­son­al data, data pro­tec­tion or ac­cess to of­fi­cial doc­u­ments.¹ In the area of the data pro­tec­tion, the de­part­ments and the Fed­er­al Chan­cellery no­ti­fy him of their de­cisions in an­onymised form as well as their guidelines.²

²The Com­mis­sion­er must have suf­fi­cient doc­u­ment­a­tion made avail­able to him in or­der to carry out his activ­it­ies. He op­er­ates an in­de­pend­ent in­form­a­tion and doc­u­ment­a­tion sys­tem for the ad­min­is­tra­tion, in­dex­ing and con­trol of cor­res­pond­ence and the files as well as for the on­line pub­lic­a­tion of in­form­a­tion of gen­er­al in­terest and of the re­gisters of data files.³

³The Fed­er­al Ad­min­is­trat­ive Court has ac­cess to the Com­mis­sion­er's sci­entif­ic doc­u­ment­a­tion.⁴

¹A fee is charged for ex­pert opin­ions (Art. 28 DPA) from the Com­mis­sion­er. The pro­vi­sions of the Gen­er­al Fees Or­din­ance of 8 Septem­ber 2004¹ ap­ply.²

²No fee is charged to fed­er­al ad­min­is­trat­ive units, au­thor­it­ies and the can­tons.

¹For the in­vest­ig­a­tion of the cir­cum­stances un­der Art­icles 27 and 29 DPA, and in par­tic­u­lar the ex­am­in­a­tion of the law­ful­ness of data pro­cessing, the Com­mis­sion­er may re­quest the fol­low­ing in­form­a­tion in par­tic­u­lar from the con­trol­ler of the data file:

a.

tech­nic­al and or­gan­isa­tion­al meas­ures (Art. 8-10, 20) that have been taken or that are planned;

b.

the reg­u­la­tions re­lat­ing to the cor­rec­tion, block­ing, ren­der­ing an­onym­ous, stor­ing, safe­guard­ing and de­struc­tion of per­son­al data;

c.

the con­fig­ur­a­tion of the in­form­a­tion tech­no­logy used;

d.

links with oth­er data files;

e.

the man­ner of the dis­clos­ure the data;

f.

the de­scrip­tion of the data fields and the or­gan­isa­tion­al units that have ac­cess to them;

g.

the nature and ex­tent of ac­cess by users to the data in the data file.

²In the case of trans­bor­der dis­clos­ure, the Com­mis­sion­er may re­quest ad­di­tion­al in­form­a­tion, in par­tic­u­lar on the pro­cessing pos­sib­il­it­ies of the data re­cip­i­ent or on the data pro­tec­tion meas­ures taken.

¹The Fed­er­al Ad­min­is­trat­ive Court may re­quest the sub­mis­sion of pro­cessed data.

²It no­ti­fies the Com­mis­sion­er of its de­cisions.

1.-2. …¹

3. -8. …²

¹Data files that are be­ing pro­cessed when the DPA and this Or­din­ance come in­to force must be re­gistered with the Com­mis­sion­er by 30 June 1994.

²The tech­nic­al and or­gan­isa­tion­al meas­ures (Art­icle 8-11, 20 and 21) must be car­ried out in re­la­tion to all auto­mated pro­cessing and data files with­in five years of this Or­din­ance com­ing in­to force.

This Or­din­ance comes in­to force on 1 Ju­ly 1993.