Following the conclusion of detailed discussions on the revision of the Data Protection Act in the National Council, the matter will now be discussed by the State Policy Committee of the Council of States (SPK‑S). As time is pressing, the detailed discussions in the Council of States are already scheduled for December, and an informal consultation is already underway. As things stand at present, there are two points in particular that will have to be tackled: Firstly, following the vote in the National Council, the current draft law still has loopholes which, in the worst case, could jeopardize the Commission’s intended decision on adequacy. For example, there is a limited obligation to inform those responsible in the event of disproportionate effort, and contrary to the Federal Council’s draft, the majority in the National Council decided against sanctions for intentional non-compliance with the minimum data security requirements. On the other hand, there are still differences between the political camps regarding the handling of profiling.
If the tight timetable of the SPK‑S is adhered to, the resolution of differences and the final vote will have to be carried out in the coming spring, before the Commission finally decides on the adequacy of the FADP with European legislation probably in the following May. It therefore remains to be seen exactly when the matter will be debated by the Council of States and the subsequent resolution of differences between the Councils next spring.