- Newly introduced Art. 26a permits the disclosure of non-public data to external ICT service providers under strict conditions.
- Disclosure is only permitted if it is necessary for the provision of the ICT service and the responsible authority agrees in writing.
- Contractual, organizational and technical measures must be taken; in the case of self-accessibility, the supervisor decides on approval.
The Federal Council has adopted the Federal Information Technology Ordinance (BInfV) adjusted to November 1, 2016 (see Media release). The amendment consists of a new Art. 26a and concerns the disclosure of data that is not public (regardless of whether it is personal data) to external parties. Art. 26a reads as follows:
Art. 26a – Making data accessible to external ICT service providers
1 Data that is not generally accessible may be made available to external ICT service providers under the following conditions:
a. It is necessary for the provision of the ICT service.
b. The authority responsible for the data has agreed in writing.
c. Appropriate contractual, organizational and technical precautions have been taken to prevent further dissemination of the data.2 If the authority responsible for the data makes the data itself accessible, it shall
their superior authority shall be responsible for the approval referred to in paragraph 1 letter b.