• Home 
  • -
  • Privacy 
  • -
  • Coun­cil of Euro­pe Con­ven­ti­on on Data Pro­tec­tion: Fede­ral Coun­cil adopts dispatch 

Coun­cil of Euro­pe Con­ven­ti­on on Data Pro­tec­tion: Fede­ral Coun­cil adopts dispatch

As a result of its Decis­i­on of Octo­ber 30, 2019 At its mee­ting on Decem­ber 6, 2019, the Fede­ral Coun­cil appro­ved the Mes­sa­ge on the appr­oval of the Pro­to­col amen­ding the Coun­cil of Euro­pe Con­ven­ti­on on Data Pro­tec­tion pas­sed. Howe­ver, par­lia­men­ta­ry appr­oval is still requi­red for rati­fi­ca­ti­on. Acce­s­si­on to the moder­ni­zed con­ven­ti­on will ensu­re that the incre­a­sing data pro­tec­tion requi­re­ments for data pro­ce­s­sing of per­so­nal data in an inter­na­tio­nal con­text are met. In par­ti­cu­lar, it will also faci­li­ta­te cross-bor­der data traf­fic; when deci­ding whe­ther an ade­qua­te level of data pro­tec­tion exists in a third coun­try, the EU Com­mis­si­on will take into account whe­ther the third count­ries con­cer­ned have acce­ded to the convention.

Accor­ding to the amend­ment pro­to­col, various obli­ga­ti­ons of the con­trol­ler are expan­ded, such as the noti­fi­ca­ti­on obli­ga­ti­ons to the super­vi­so­ry aut­ho­ri­ty in the event of data pro­tec­tion vio­la­ti­ons, an obli­ga­ti­on to con­duct a data pro­tec­tion impact assess­ment, and the infor­ma­ti­on obli­ga­ti­on of the con­trol­ler. Fur­ther­mo­re, the prin­ci­ples of pri­va­cy by design and pri­va­cy by default are ancho­red. The con­trac­ting sta­tes are also requi­red to intro­du­ce a system of sanc­tions and legal reme­dies, which goes hand in hand with the aut­ho­ri­ty of the super­vi­so­ry aut­ho­ri­ties to issue bin­ding decis­i­ons; against the back­drop of the syste­ma­tics of Swiss data pro­tec­tion law, this point will pro­ba­b­ly be one of the main sticking points.

The cor­re­spon­ding adap­t­ati­ons are also to be inclu­ded in the Data Pro­tec­tion Act (DPA); the draft for the revi­sed DPA has just been dis­cus­sed by the Com­mis­si­on of the Coun­cil of Sta­tes and is now being deba­ted in the Coun­cil of Sta­tes as part of the win­ter ses­si­on curr­ent­ly under­way. As soon as the deli­be­ra­ti­ons along the­se lines have been con­clu­ded, both the DPA and the fede­ral reso­lu­ti­on appro­ving the new data pro­tec­tion con­ven­ti­on can be adopted and the new data pro­tec­tion con­ven­ti­on ratified.

It should be noted that rati­fi­ca­ti­on is also bin­ding on the can­tons. They are obli­ged to com­ply with the new requi­re­ments of the amen­ding pro­to­col and to imple­ment them in their law, i.e. the can­to­nal data pro­tec­tion laws may also have to be adapted.