BGE 136 II 508 – Logistep

Rege­ste:
Art. 82 et seq. BGG, Art. 3 lit. a, Art. 4 para. 3 and 4, Art. 12 para. 2 lit. a and Art. 13 DSG; inad­mis­si­ble vio­la­ti­on of pri­va­cy by pro­ce­s­sing data on P2P net­work participants.
A recom­men­da­ti­on by the FDPIC in the area of pri­va­te law pur­su­ant to Art. 29 FADP con­cerns a mat­ter of public law within the mea­ning of Art. 82 et seq. BGG (E. 1.1).
Con­di­ti­ons under which IP addres­ses qua­li­fy as per­so­nal data within the mea­ning of Art. 3 lit. a FADP (E. 3).
If the coll­ec­tion of data on P2P net­work par­ti­ci­pan­ts is not reco­gnizable to them, this vio­la­tes the prin­ci­ples of pur­po­se limi­ta­ti­on and reco­gniza­bi­li­ty under Art. 4 par. 3 and 4 DPA (E. 4).
Despi­te its wor­ding, the pro­vi­si­on of Art. 12 para. 2 lit. a FADP (as in lit. b and c) does not exclude grounds for justi­fi­ca­ti­on; howe­ver, their accep­tance is made only with gre­at reluc­tance (E. 5).
The vio­la­ti­on of pri­va­cy com­mit­ted by the respon­dent with its data pro­ce­s­sing can­not be justi­fi­ed by over­ri­ding pri­va­te or public inte­rests (E. 6).

Source: BGE 136 II 508

See also swiss­blawg.