Que­sti­on Comte (12.1084): Pri­va­te cre­dit agen­ci­es. What are the pos­si­bi­li­ties for action?

EN 
EN  DE  FR 

from

on

Indu­stries

Aut­ho­ri­ty

Laws

Topics

,
Take-Aways (AI)
  • The Fede­ral Coun­cil wants to exami­ne the hand­ling of blocked addres­ses as part of the FADP revi­si­on, in par­ti­cu­lar quick and uncom­pli­ca­ted dele­ti­on mechanisms.
  • Whe­ther the publi­ca­ti­on of fal­se or out­da­ted data is a cri­mi­nal offen­se depends on the indi­vi­du­al case; civil law claims are pos­si­ble under Art. 28a of the Swiss Civil Code.
  • In the case of dis­se­mi­na­ti­on from pri­va­te sources, vio­la­ti­ons of per­so­na­li­ty rights or cri­mi­nal offen­ses are more likely to be assu­med than in the case of public registers.
  • The­re is no gene­ral ban on the publi­ca­ti­on of minors’ data; the pro­tec­tion of minors is being exami­ned in depth in the revi­si­on of the FADP.

Que­sti­on Comte (12.1084): Pri­va­te cre­dit agen­ci­es. What are the pos­si­bi­li­ties for action?

Sub­mit­ted text

In its respon­se to Moti­on Sava­ry 12.3578, “Cre­dit rating data­ba­ses. A pro­blem that must be sol­ved,” the Fede­ral Coun­cil refers to the upco­ming revi­si­on of the Fede­ral Data Pro­tec­tion Act (DPA) and recalls that pri­va­te cre­dit report­ing agen­ci­es must com­ply with the DPA when pro­ce­s­sing data.

After pro­hi­bi­ting Money­hou­se from con­ti­nuing to offer its “peo­p­le search” ser­vice as part of a super-pro­vi­sio­nal mea­su­re, the Fede­ral Admi­ni­stra­ti­ve Court has allo­wed the com­pa­ny to coll­ect infor­ma­ti­on again, pro­vi­ded that the requests of affec­ted indi­vi­du­als to dele­te their pro­fi­le are com­plied with within 24 hours – and not within a few days or weeks. Appar­ent­ly, howe­ver, the rea­li­ty is dif­fe­rent, and indi­vi­du­als who wish to dele­te infor­ma­ti­on con­cer­ning them can­not do so easi­ly, as cer­tain of the­se com­pa­nies act in bad faith in hand­ling the request or even refu­se to dele­te it on the grounds that it is public data.

I the­r­e­fo­re put the fol­lo­wing que­sti­ons to the Fede­ral Council:

1. is the Fede­ral Coun­cil con­side­ring con­cre­te mea­su­res to ensu­re that the per­sons con­cer­ned can actual­ly dele­te their per­so­nal data – and do so in a straight­for­ward man­ner and wit­hout being unjust­ly denied this?

2. does the Fede­ral Coun­cil con­sider it pos­si­ble that the publi­ca­ti­on of fal­se or out­da­ted data could con­sti­tu­te a cri­mi­nal offen­se (defa­ma­ti­on) or lead to a cla­im for dama­ges (vio­la­ti­on of per­so­nal rights)?

3. in some cases, data on minors is also published on the­se web­sites. Does the Fede­ral Coun­cil not think that this prac­ti­ce should be ban­ned immediately?

Ans­wer of the Fede­ral Coun­cil v. 14.11.2012

The Fede­ral Data Pro­tec­tion and Infor­ma­ti­on Com­mis­sio­ner (FDPIC) had reque­sted the imme­dia­te blocking of the peo­p­le search func­tion of the Money­hou­se inter­net ser­vice after it had recei­ved num­e­rous com­plaints from peo­p­le who had blocked their address and felt that their life and limb were threa­ten­ed becau­se of the publi­ca­ti­on in this inter­net ser­vice due to their spe­ci­fic situa­ti­on, but who­se request for dele­ti­on was not dealt with by the FDPIC. In an inte­rim ruling of August 6, 2012, the Fede­ral Admi­ni­stra­ti­ve Court deci­ded that the publi­ca­ti­on of blocked address data was pro­ble­ma­tic under data pro­tec­tion law. To avo­id dis­ad­van­ta­ges for the per­sons con­cer­ned, it was suf­fi­ci­ent for the Inter­net ser­vice to com­ply with their dele­ti­on requests on the same day. For Edöb, on the other hand, the publi­ca­ti­on of blocked addres­ses on the Inter­net is unacceptable.

The Fede­ral Coun­cil responds to the que­sti­ons as follows:

1 The Fede­ral Coun­cil will exami­ne the hand­ling of blocked addres­ses as part of the revi­si­on of the Fede­ral Act on Data Pro­tec­tion, in par­ti­cu­lar with regard to the que­sti­on of whe­ther spe­ci­fic mea­su­res are to be taken to ensu­re that a request for dele­ti­on is also com­plied with in an uncom­pli­ca­ted and rapid and effec­ti­ve man­ner. The work in this regard has only just begun; he is the­r­e­fo­re not yet in a posi­ti­on to com­ment on this question.

2. whe­ther a cri­mi­nal offen­se has been com­mit­ted, name­ly an offen­se of defa­ma­ti­on, always depends on the indi­vi­du­al case. The same applies to the que­sti­on of whe­ther the publi­ca­ti­on of fal­se or out­da­ted data could lead to a cla­im for dama­ges for vio­la­ti­on of per­so­na­li­ty rights. Artic­le 28a(3) of the Civil Code pro­vi­des for the pos­si­bi­li­ty of a cla­im for dama­ges and satis­fac­tion as well as for the sur­ren­der of a pro­fit in the event of an unlawful vio­la­ti­on of per­so­na­li­ty rights. In the case of dis­se­mi­na­ti­on of infor­ma­ti­on from sources such as pri­va­te web­sites or press sites, the exi­stence of a cri­mi­nal offen­se or unlawful inf­rin­ge­ment of per­so­na­li­ty rights tends to be more likely than in the case of dis­se­mi­na­ti­on of data from public regi­sters (e.g. com­mer­cial regi­sters, tele­pho­ne directories).

3 At pre­sent, the­re is no legal basis to gene­ral­ly pro­hi­bit the publi­ca­ti­on of data of minors. An imme­dia­te ban is, howe­ver, pos­si­ble in indi­vi­du­al cases if this is neces­sa­ry, for exam­p­le, for rea­sons of per­so­na­li­ty pro­tec­tion. The pro­tec­tion of minors will be a par­ti­cu­lar con­cern of the Fede­ral Coun­cil in the revi­si­on of the Fede­ral Act on Data Pro­tec­tion. It will exami­ne this aspect in grea­ter depth.