FAC (A‑4873/2021): In prin­ci­ple, the right to infor­ma­ti­on does not extend to docu­ments – excep­ti­on for “con­tex­tua­lizati­on”?

English 
English  Deutsch  Français 

Aut­ho­ri­ty

Indu­stry

Laws

Tags

Content 

With Judgment A‑4873/2021 of April 11, 2024 the FAC ruled that the right to infor­ma­ti­on under Art. 8 aDSG (which was still appli­ca­ble under tran­si­tio­nal law) does not pro­vi­de a right to copies of docu­ments, but only to copies of per­so­nal data.

An excep­ti­on should app­ly if the pro­vi­si­on of a docu­ment is neces­sa­ry in indi­vi­du­al cases in order to make the infor­ma­ti­on con­tent of a per­so­nal data com­pre­hen­si­ble (which was not explai­ned in the pre­sent case; the FAC’s state­ment in this regard is the­r­e­fo­re an obiter dictum):

6.4.8 In sum­ma­ry, a per­son reque­st­ing infor­ma­ti­on has no fun­da­men­tal right to pho­to­co­pies of the docu­ments con­tai­ning their data, eit­her from a gram­ma­ti­cal, syste­ma­tic, histo­ri­cal, teleo­lo­gi­cal or tem­po­ral point of view. Even under the aDSG, the cla­im rela­tes in prin­ci­ple only to per­so­nal data as such. Howe­ver, sin­ce the lat­ter must be com­mu­ni­ca­ted in such a way that they are com­pre­hen­si­ble […], it may be neces­sa­ry in indi­vi­du­al cases – from a teleo­lo­gi­cal point of view, with a view to the sug­ge­sti­on in the Fede­ral Coun­cil Dis­patch and ana­log­ous to the con­vin­cing case law of the ECJ – to pro­vi­de the per­son reque­st­ing infor­ma­ti­on with a pho­to­co­py of the docu­ment in order to con­tex­tua­li­ze the data processing […].

The judgment is cor­rect in its result, i.e. in refu­sing access to docu­ments, both under the old and the cur­rent DPA.

Howe­ver, the­re are three points to criticize:

  • The FAC initi­al­ly pro­vi­des a much more detail­ed inter­pre­ta­ti­on than is neces­sa­ry. Sin­ce the FADP is gene­ral­ly only appli­ca­ble to the pro­ce­s­sing of per­so­nal data, the right to infor­ma­ti­on can­not a prio­ri go any fur­ther. The cur­rent FADP also cla­ri­fi­es that the right to infor­ma­ti­on only applies to “per­so­nal data as such”, which the FAC also takes into account in its interpretation.
  • The FAC refers to the GDPR wit­hout neces­si­ty. At least it holds firm:

    For the sake of com­ple­ten­ess, Art. 15 GDPR and the rela­ted case law should be men­tio­ned. Art. 15 GDPR is not rele­vant for the inter­pre­ta­ti­on of Art. 8 para. 5 aDSG, as the for­mer did not ser­ve as a model for the legis­la­tor […]. This was only the case with the cur­rent DPA […]. Howe­ver, sin­ce Art. 15 GDPR has a com­pa­ra­ble wor­ding and the­re are alre­a­dy court rulings on its scope, a com­pa­ra­ti­ve legal ana­ly­sis is justified.

    It is not true that the GDPR was the model for the right to infor­ma­ti­on. Abo­ve all, howe­ver, it is to be feared that such a look to the side – or upwards? – will beco­me the rule. Howe­ver, it is wrong unless it is clear from the mate­ri­als that the FADP was inten­ded to be ali­gned with the GDPR not only in terms of ter­mi­no­lo­gy but also in terms of con­tent. Even if the FAC descri­bes the refe­rence to the GDPR as “com­pa­ra­ti­ve law”: Courts may not cree­pin­gly adopt the GDPR, and not even under the tit­le of “plau­si­bi­lizati­on”. The DPA must be inter­pre­ted in accordance with the usu­al rules of inter­pre­ta­ti­on; the GDPR is gene­ral­ly not rele­vant, even if the result of the inter­pre­ta­ti­on is “implau­si­ble”. In the pre­sent ruling, it is also com­ple­te­ly unclear to what ext­ent the GDPR was rele­vant to the result.

  • The state­ment is high­ly que­stionable,enti­re docu­ment should be han­ded over if this Requi­red to under­stand the per­so­nal data is. The­re are seve­ral rea­sons against this view, which is dis­cus­sed in the literature: 
    • The legis­la­tor its­elf has set out in Art. 25 para. 1 lit. a‑g what is neces­sa­ry for under­stan­ding. It is true that Art. 25 para. 1 con­ta­ins a gene­ral clau­se, the scope of which is unclear. In any case, howe­ver, the legis­la­tor has endea­vor­ed to spe­ci­fy the gene­ral­ly rele­vant infor­ma­ti­on about the pro­ce­s­sing. More may only be neces­sa­ry in excep­tio­nal cases. A lack of under­stan­ding of per­so­nal data can hard­ly be suf­fi­ci­ent. Anyo­ne who knows their per­so­nal data and the pur­po­se and other cir­cum­stances of the data pro­ce­s­sing spe­ci­fi­ed in the law should have the neces­sa­ry under­stan­ding of the processing.
    • What would be the object of the “under­stan­ding” any­way? Ulti­m­ate­ly, aspects of data pro­tec­tion law must be rele­vant – the under­stan­ding that is appar­ent­ly to be sought must be inter­pre­ted with a view to infor­ma­tio­nal self-deter­mi­na­ti­on. Howe­ver, a basic under­stan­ding and a right to object are suf­fi­ci­ent for this self-deter­mi­na­ti­on. A broa­der under­stan­ding of data pro­ce­s­sing can hard­ly be a con­cern under data pro­tec­tion law. Data pro­tec­tion law is not the AT of a gene­ral right to self-deter­mi­na­ti­on. It would the­r­e­fo­re have to be shown to what ext­ent a data sub­ject can only exer­cise self-deter­mi­na­ti­on over their per­so­nal data if they are awa­re of the enti­re document.
    • If a data con­trol­ler can only men­tal­ly estab­lish a con­nec­tion bet­ween a per­so­nal data item and the con­text, i.e. deri­ves or can deri­ve con­clu­si­ons from the con­text of a per­so­nal data item that can­not be deri­ved from the per­so­nal data item its­elf, the fol­lo­wing must be taken into account BGE 147 III 139 The right to infor­ma­ti­on is “about the legis­la­tor […] recor­ding data coll­ec­tions that exist in wri­ting or ‘phy­si­cal­ly’ and can the­r­e­fo­re be view­ed objec­tively in the long term, but not just data that can be retrie­ved from memo­ry”. A con­text that mere­ly allo­ws men­tal con­clu­si­ons is not an objec­tively visi­ble datum, which is why it is not the sub­ject of the infor­ma­ti­on, which is why no enti­re docu­ment can be reque­sted for “con­tex­tua­lizati­on”.
    • The FAC refers here to the Judgment of the ECJ in Case. C‑487/21 in the case of CRIF. This judgment is not transferable: 
      • The GDPR does not app­ly here (see abo­ve). The­re is no indi­ca­ti­on in the mate­ri­als that the GDPR should have been adopted for the right of access.
      • On the con­tra­ry: Art. 12 of the GDPR con­ta­ins a gene­ral requi­re­ment to sim­pli­fy the rights of data sub­jects. The ECJ has reli­ed on this. Swiss data pro­tec­tion law does not con­tain an ana­log­ous provision.
    • Art. 16 para. 4 GDPR does pro­vi­de that the infor­ma­ti­on must be pro­vi­ded “in an intel­li­gi­ble form”. Howe­ver, it is clear from the expl­ana­to­ry report on the DPA that this requi­re­ment only rela­tes to the for­mat of the infor­ma­ti­on (“If per­so­nal data is pro­vi­ded in a tech­ni­cal form, for exam­p­le in a non-stan­dard file for­mat, which is not legi­ble and/or under­stan­da­ble for the data sub­ject, the con­trol­ler must be able to pro­vi­de addi­tio­nal expl­ana­ti­ons, for exam­p­le oral­ly”). No cla­im to the “con­tex­tua­lizati­on” of the FADP can be deri­ved from this (and the FADP does not con­tain any dele­ga­ti­on for the intro­duc­tion of a sim­pli­fi­ca­ti­on requi­re­ment by the legislator).