FDPA

The cur­r­ent­ly app­li­ca­ble ver­si­on of the DPA. The texts have been con­ver­ted auto­ma­ti­cal­ly – thank you for poin­ting out errors.

The Regu­la­ti­on to this (VDSG) can be found here, the revi­sed ver­si­on of the DSG here.

fold out | fold

Sec­tion 1: Pur­po­se, Scope and Terms

Art. 1 Purpose

This law aims to pro­tect the per­so­na­li­ty and fun­da­men­tal rights of per­sons about whom data are processed.

Art. 2 Scope

1 This law app­lies to the pro­ces­sing of data of natu­ral and legal per­sons by:

a pri­va­te persons;
b Federal bodies.

2 It is not app­li­ca­ble to:

a Per­so­nal data that a natu­ral per­son pro­ces­ses exclu­si­ve­ly for per­so­nal use and does not dis­c­lo­se to outsiders;
b deli­be­ra­ti­ons in the Federal Coun­cils and in the par­lia­men­ta­ry commissions;
c pen­ding civil pro­ce­e­dings, cri­mi­nal pro­ce­e­dings, inter­na­tio­nal legal assi­stance pro­ce­e­dings, and pro­ce­e­dings under sta­te and admi­ni­stra­ti­ve law, with the excep­ti­on of first-instance admi­ni­stra­ti­ve proceedings;
d public regi­sters of pri­va­te legal transactions;
e Per­so­nal data pro­ces­sed by the Inter­na­tio­nal Com­mit­tee of the Red Cross.

Art. 3 Terms

The fol­lo­wing expres­si­ons mean:

a. Per­so­nal data: all data rela­ting to an iden­ti­fied or iden­ti­fia­ble person;
b. Data sub­jects: natu­ral or legal per­sons about whom data are processed;

c. Per­so­nal data requi­ring spe­cial pro­tec­tion: Data about:

1. reli­gious, ideo­lo­gi­cal, poli­ti­cal, or tra­de uni­on views or activities,

2. health, pri­va­cy, or race,

3. Social assi­stance measures,
4. admi­ni­stra­ti­ve or cri­mi­nal pro­se­cu­ti­ons and sanctions;
d. Per­so­na­li­ty pro­fi­le: a set of data that allo­ws an assess­ment of essen­ti­al aspects of a natu­ral person’s personality;
e. Pro­ces­sing: any hand­ling of per­so­nal data, regard­less of the means and pro­ce­du­res used, in par­ti­cu­lar obtai­ning, sto­ring, using, repro­ces­sing, dis­clo­sing, archi­ving or destroy­ing data;
f. Dis­clo­sure: the making avail­ab­le of per­so­nal data such as the gran­ting of access, pas­sing on or publication;
g. Data collec­tion: any set of per­so­nal data that is struc­tu­red in such a way that the data is acces­si­ble by data subject;
h. Federal bodies: federal aut­ho­ri­ties and agen­ci­es as well as per­sons, inso­far as they are ent­ru­sted with public tasks of the federal government;
i. Data collec­tion owners: pri­va­te per­sons or federal bodies that deci­de on the pur­po­se and con­tent of the data collection;

j. Law in the for­mal sense:

1. federal laws,
2. deci­si­ons of inter­na­tio­nal orga­niz­a­ti­ons that are bin­ding on Switz­er­land and inter­na­tio­nal trea­ties with legis­la­ti­ve con­tent that have been appro­ved by the Federal Assembly;
k.

Sec­tion 2: Gene­ral data pro­tec­tion provisions

Art. 4 Principles

1 Per­so­nal data may only be pro­ces­sed lawfully.

2 Their pro­ces­sing must be car­ri­ed out in good faith and must be proportionate.

3 Per­so­nal data may only be pro­ces­sed for the pur­po­se sta­ted in the pro­cu­re­ment, evi­dent from the cir­cum­stan­ces or pro­vi­ded for by law.

4 The acqui­si­ti­on of per­so­nal data and, in par­ti­cu­lar, the pur­po­se of its pro­ces­sing must be reco­gniz­ab­le to the data subject.

5 If the con­sent of the data sub­ject is requi­red for the pro­ces­sing of per­so­nal data, this con­sent shall only be valid if it is given volun­ta­ri­ly after appro­pria­te infor­ma­ti­on has been pro­vi­ded. In the case of the pro­ces­sing of per­so­nal data or per­so­na­li­ty pro­files requi­ring spe­cial pro­tec­tion, con­sent must also be given expressly.

Art. 5 Accu­ra­cy of the data

1 Anyo­ne who pro­ces­ses per­so­nal data must ensu­re that it is accu­ra­te. He must take all rea­son­ab­le mea­su­res to ensu­re that data which is inac­cu­ra­te or incom­ple­te with regard to the pur­po­se for which it was obtai­ned or pro­ces­sed is cor­rec­ted or destroyed.

2 Any data sub­ject may requ­est that inac­cu­ra­te data be corrected.

Art. 6 Cross-bor­der disclosure

1 Per­so­nal data may not be dis­c­lo­sed abroad if this would serious­ly jeo­par­di­ze the per­so­na­li­ty of the per­sons con­cer­ned, name­ly becau­se the­re is no legis­la­ti­on that ensu­res ade­qua­te protection.

2 In the absence of legis­la­ti­on ensu­ring ade­qua­te pro­tec­tion, per­so­nal data may be dis­c­lo­sed abroad only if:

a suf­fi­ci­ent gua­ran­tees, in par­ti­cu­lar by con­tract, ensu­re ade­qua­te pro­tec­tion abroad;
b the data sub­ject has con­sen­ted in the indi­vi­du­al case;
c the pro­ces­sing is direct­ly rela­ted to the con­clu­si­on or exe­cu­ti­on of a con­tract and invol­ves per­so­nal data of the con­trac­tu­al partner;
d the dis­clo­sure is indis­pensable in the indi­vi­du­al case eit­her for the pro­tec­tion of an over­ri­ding public inte­rest or for the estab­lish­ment, exer­cise or enfor­ce­ment of legal claims in court;
e the dis­clo­sure is necessa­ry in the indi­vi­du­al case to pro­tect the life or phy­si­cal inte­gri­ty of the data subject;
f the data sub­ject has made the data gene­ral­ly acces­si­ble and has not express­ly pro­hi­bi­ted processing;
g the dis­clo­sure takes place wit­hin the same legal enti­ty or com­pa­ny or bet­ween legal enti­ties or com­pa­nies under com­mon manage­ment, pro­vi­ded that the par­ties invol­ved are sub­ject to data pro­tec­tion rules that ensu­re ade­qua­te protection.

3 The Federal Data Pro­tec­tion and Infor­ma­ti­on Com­mis­sio­ner (Com­mis­sio­ner, Arti­cle 26) must be infor­med of the gua­ran­tees under para­graph 2(a) and the data pro­tec­tion rules under para­graph 2(g). The Federal Coun­cil shall regu­la­te the details of this duty to inform.

Art. 7 Data security

1 Per­so­nal data must be pro­tec­ted against unaut­ho­ri­zed pro­ces­sing by appro­pria­te tech­ni­cal and orga­niz­a­tio­nal measures.

2 The Federal Coun­cil shall issue more detail­ed pro­vi­si­ons on the mini­mum requi­re­ments for data security.

Art. 7a

[lifted]

Art. 8 Right to information

1 Any per­son may requ­est infor­ma­ti­on from the owner of a data file as to whe­ther data about him or her is being processed.

2 The data con­trol­ler must inform the data subject:

a all data avail­ab­le about them in the data collec­tion, inclu­ding avail­ab­le infor­ma­ti­on about the ori­gin of the data;
b the pur­po­se and, whe­re app­li­ca­ble, the legal basis of the pro­ces­sing, as well as the cate­go­ries of per­so­nal data pro­ces­sed, the par­ties invol­ved in the collec­tion and the data recipients.

3 Data on health may be com­mu­ni­ca­ted to the data sub­ject by the data con­trol­ler through a phy­si­ci­an desi­gna­ted by the data subject.

4 If the con­trol­ler of the data file has per­so­nal data pro­ces­sed by a third par­ty, the con­trol­ler remains obli­ged to pro­vi­de infor­ma­ti­on. The third par­ty is obli­ged to pro­vi­de infor­ma­ti­on if it does not dis­c­lo­se the data con­trol­ler or if the data con­trol­ler is not domic­i­led in Switzerland.

5 As a rule, the infor­ma­ti­on must be pro­vi­ded in wri­ting, in the form of a prin­tout or pho­to­co­py, and free of char­ge. The Federal Coun­cil shall regu­la­te the exceptions.

6 No one can wai­ve the right to infor­ma­ti­on in advance.

Art. 9 Limi­ta­ti­on of the right to information

1 The owner of the data collec­tion may refu­se, limit or post­po­ne the infor­ma­ti­on to the extent:

a a law in the for­mal sen­se pro­vi­des for this;
b it is necessa­ry due to over­ri­ding inte­rests of third parties.

2 A federal body may also refu­se, limit, or defer infor­ma­ti­on to the extent:

a it is necessa­ry due to over­ri­ding public inte­rests, in par­ti­cu­lar the inter­nal or exter­nal secu­ri­ty of the Confederation;
b the infor­ma­ti­on calls into que­sti­on the pur­po­se of a cri­mi­nal inve­sti­ga­ti­on or other inve­sti­ga­ti­ve proceedings.

3 As soon as the rea­son for refu­sing, restric­ting or defer­ring infor­ma­ti­on cea­ses to exist, the federal body must pro­vi­de the infor­ma­ti­on, unless this is impos­si­ble or only pos­si­ble with dis­pro­por­tio­na­te effort.

4 In addi­ti­on, the pri­va­te owner of a data collec­tion may refu­se, limit or post­po­ne the dis­clo­sure of infor­ma­ti­on if his own over­ri­ding inte­rests so requi­re and he does not dis­c­lo­se the per­so­nal data to third parties.

5 The owner of the data collec­tion must spe­ci­fy the rea­son for which he refu­ses, restricts or post­po­nes the information.

Art. 10 Restric­tions on the right to infor­ma­ti­on for media professionals

1 The owner of a data collec­tion used exclu­si­ve­ly for publi­ca­ti­on in the edi­to­ri­al sec­tion of a perio­di­cal medi­um may refu­se, limit or post­po­ne the pro­vi­si­on of infor­ma­ti­on to the extent:

a the per­so­nal data pro­vi­de infor­ma­ti­on about the sources of information;
b insight into drafts for publi­ca­ti­ons would have to be given;
c the public’s free­dom of opi­ni­on would be jeopardized.

2 Media pro­fes­sio­nals may also refu­se, limit or post­po­ne the pro­vi­si­on of infor­ma­ti­on if a data collec­tion ser­ves them exclu­si­ve­ly as a per­so­nal work tool.

Art. 10a Data pro­ces­sing by third parties 

1 The pro­ces­sing of per­so­nal data may be ent­ru­sted to third par­ties by agree­ment or by law if:

a the data are pro­ces­sed only as the cli­ent hims­elf would be allo­wed to do; and
b no legal or con­trac­tu­al con­fi­dentia­li­ty obli­ga­ti­on pro­hi­bits it.

2 In par­ti­cu­lar, the cli­ent must ensu­re that the third par­ty gua­ran­tees data security.

3 Third par­ties may claim the same grounds for justi­fi­ca­ti­on as the client.

Art. 11 Cer­ti­fi­ca­ti­on procedure

1 In order to impro­ve data pro­tec­tion and data secu­ri­ty, manu­fac­tu­rers of data pro­ces­sing systems or pro­grams, as well as pri­va­te per­sons or federal bodies that pro­cess per­so­nal data, may sub­mit their systems, pro­ce­du­res and orga­niz­a­ti­on to an assess­ment by reco­gni­zed inde­pen­dent cer­ti­fi­ca­ti­on bodies.

2 The Federal Coun­cil shall issue regu­la­ti­ons on the reco­gni­ti­on of cer­ti­fi­ca­ti­on pro­ce­du­res and the intro­duc­tion of a data pro­tec­tion qua­li­ty mark. In doing so, it shall take into account inter­na­tio­nal law and inter­na­tio­nal­ly reco­gni­zed tech­ni­cal standards.

Art. 11a Regi­ster of data collections 

1 The Com­mis­sio­ner shall keep a regi­ster of data collec­tions, which shall be acces­si­ble via the Inter­net. Any per­son may con­sult the register.

2 Federal agen­ci­es must regi­ster all data collec­tions with the Com­mis­sio­ner for registration.

3 Pri­va­te indi­vi­du­als must regi­ster data collec­tions when: #Pro­ces­sing Regulations

a par­ti­cu­lar­ly sen­si­ti­ve per­so­nal data or per­so­na­li­ty pro­files are regu­lar­ly pro­ces­sed; or
b per­so­nal data is regu­lar­ly dis­c­lo­sed to third parties.

4 Data collec­tions must be regi­stered befo­re they are opened.

5 Con­tra­ry to the pro­vi­si­ons of para­graphs 2 and 3, the owner of data collec­tions is not requi­red to decla­re his collec­tions if:

a pri­va­te per­sons pro­cess data on the basis of a legal obligation;
b the Federal Coun­cil has exemp­ted a pro­ces­sing ope­ra­ti­on from the noti­fi­ca­ti­on requi­re­ment becau­se it does not jeo­par­di­ze the rights of the per­sons concerned;
c it uses the data exclu­si­ve­ly for publi­ca­ti­on in the edi­to­ri­al sec­tion of a perio­di­cal­ly published medi­um and does not pass on any data to third par­ties without the per­sons con­cer­ned being awa­re of this;
d the data is pro­ces­sed by jour­na­lists who use the data collec­tion exclu­si­ve­ly as a per­so­nal work tool;
e it has desi­gna­ted a data pro­tec­tion offi­cer who inde­pendent­ly moni­tors inter­nal com­pli­an­ce with data pro­tec­tion regu­la­ti­ons and main­tains a regi­ster of data collections;
f it has obtai­ned a data pro­tec­tion qua­li­ty mark on the basis of a cer­ti­fi­ca­ti­on pro­ce­du­re pur­suant to Arti­cle 11 and the result of the assess­ment has been com­mu­ni­ca­ted to the Commissioner.

6 The Federal Coun­cil shall regu­la­te the moda­li­ties for the noti­fi­ca­ti­on of data files, the main­ten­an­ce and publi­ca­ti­on of the regi­ster, as well as the posi­ti­on and duties of the data pro­tec­tion offi­cers pur­suant to para­graph 5 let­ter e and the publi­ca­ti­on of a list of data file owners who are exempt from the noti­fi­ca­ti­on requi­re­ment pur­suant to para­graph 5 let­ters e and f.

Sec­tion 3: Pro­ces­sing of per­so­nal data by pri­va­te persons

Art. 12 Vio­la­ti­on of per­so­na­li­ty rights

1 Anyo­ne who pro­ces­ses per­so­nal data must not unlaw­ful­ly infrin­ge the per­so­na­li­ty of the per­sons concerned.

2 In par­ti­cu­lar, he may not:

a pro­cess per­so­nal data con­tra­ry to the princi­ples of Arti­cles 4, 5(1) and 7(1);
b pro­cess data of a per­son against his or her expli­cit will without justification;
c dis­c­lo­se sen­si­ti­ve per­so­nal data or per­so­na­li­ty pro­files to third par­ties without justification.

3 As a rule, the­re is no vio­la­ti­on of pri­va­cy if the data sub­ject has made the data gene­ral­ly acces­si­ble and has not express­ly pro­hi­bi­ted processing.

Art. 13 Grounds for justification

1 An infrin­ge­ment of per­so­na­li­ty is unlaw­ful if it is not justi­fied by the con­sent of the infrin­ged per­son, by an over­ri­ding pri­va­te or public inte­rest or by law.

2 An over­ri­ding inte­rest of the pro­ces­sing per­son comes into con­si­de­ra­ti­on in par­ti­cu­lar if it:

a pro­ces­ses per­so­nal data about its con­trac­tu­al part­ner in direct con­nec­tion with the con­clu­si­on or per­for­mance of a contract;
b is or intends to be in eco­no­mic com­pe­ti­ti­on with ano­t­her per­son and pro­ces­ses per­so­nal data for this pur­po­se without dis­clo­sing it to third parties;
c pro­ces­ses neit­her sen­si­ti­ve per­so­nal data nor per­so­na­li­ty pro­files for the pur­po­se of checking the credit­wort­hi­ness of ano­t­her per­son and only dis­c­lo­ses data to third par­ties that they requi­re for the con­clu­si­on or per­for­mance of a con­tract with the data subject;
d pro­fes­sio­nal­ly pro­ces­ses per­so­nal data exclu­si­ve­ly for publi­ca­ti­on in the edi­to­ri­al sec­tion of a perio­di­cal medium;
e pro­ces­ses per­so­nal data for non-per­so­nal pur­po­ses, in par­ti­cu­lar in rese­arch, plan­ning and sta­tis­tics, and publishes the results in such a way that the per­sons con­cer­ned can­not be identified;
f collects data about a public figu­re, pro­vi­ded that the data rela­tes to that person’s acti­vi­ties in public.

Art. 14 Trans­pa­ren­cy and infor­ma­ti­on when obtai­ning per­so­nal data and per­so­na­li­ty pro­files requi­ring spe­cial protection

1 The owner of the data collec­tion is obli­ged to inform the data sub­ject about the pro­cu­re­ment of per­so­nal data or per­so­na­li­ty pro­files requi­ring spe­cial pro­tec­tion; this duty to inform also app­lies if the data is pro­cu­red from third parties.

2 At a mini­mum, the data sub­ject shall be noti­fied of:

a the owner of the data collection;
b the pur­po­se of editing;
c the cate­go­ries of data reci­pi­ents, if data dis­clo­sure is foreseen.

3 If the data are not obtai­ned from the data sub­ject, the data sub­ject must be infor­med at the latest when the data are stored or, if the data are not stored, when they are first dis­c­lo­sed to third parties.

4 The data controller’s duty to inform shall not app­ly if the data sub­ject has alrea­dy been infor­med or, in cases under para­graph 3, if:

a the sto­rage or dis­clo­sure of the data is express­ly pro­vi­ded for by law; or
b the infor­ma­ti­on is not pos­si­ble or only pos­si­ble with dis­pro­por­tio­na­te effort.

5 The data con­trol­ler may refu­se, limit or post­po­ne the infor­ma­ti­on under the con­di­ti­ons spe­ci­fied in Arti­cle 9(1) and (4).

Art. 15 Legal claims

1 Actions for the pro­tec­tion of per­so­na­li­ty are gover­ned by Arti­cles 28, 28a and 28l of the Civil Code. The com­p­lai­ning par­ty may in par­ti­cu­lar demand that data pro­ces­sing be blocked, that no data be dis­c­lo­sed to third par­ties or that the per­so­nal data be cor­rec­ted or destroyed.

2 If neit­her the cor­rect­ness nor the incor­rect­ness of per­so­nal data can be demon­stra­ted, the com­p­lai­ning par­ty may requ­est that a cor­re­spon­ding note be added to the data.

3 The plain­tiff may also requ­est that the cor­rec­tion, the dest­ruc­tion, the blocking, name­ly the blocking of dis­clo­sure to third par­ties, the note of con­te­sta­ti­on or the judgment be com­mu­ni­ca­ted to third par­ties or published.

4 Actions to enfor­ce the right to infor­ma­ti­on shall be deci­ded by the court in sim­pli­fied pro­ce­e­dings in accordance with the Code of Civil Pro­ce­du­re of Decem­ber 19, 2008.

Sec­tion 4: Pro­ces­sing of Per­so­nal Data by Federal Bodies

Art. 16 Respon­si­ble body and control

1 The federal body that pro­ces­ses the per­so­nal data or has it pro­ces­sed in the per­for­mance of its duties is respon­si­ble for data protection.

2 If federal bodies pro­cess per­so­nal data tog­e­ther with other federal bodies, with can­to­nal bodies or with pri­va­te per­sons, the Federal Coun­cil may spe­ci­fi­cal­ly regu­la­te the con­trol of and respon­si­bi­li­ty for data protection.

Art. 17 Legal bases

1 Federal bodies may pro­cess per­so­nal data if the­re is a legal basis for doing so.

2 They may only pro­cess per­so­nal data requi­ring spe­cial pro­tec­tion and per­so­na­li­ty pro­files if a law in the for­mal sen­se express­ly pro­vi­des for it or in excep­tio­nal cases:

a it is indis­pensable for a task clear­ly defi­ned in a law in the for­mal sense;
b the Federal Coun­cil appro­ves it in an indi­vi­du­al case becau­se the rights of the per­son con­cer­ned are not at risk; or
c the data sub­ject has con­sen­ted in the indi­vi­du­al case or has made his/her data gene­ral­ly acces­si­ble and has not express­ly pro­hi­bi­ted processing.

Art. 17a Auto­ma­ted data pro­ces­sing wit­hin the scope of pilot tests

1 The Federal Coun­cil may, after obtai­ning the opi­ni­on of the Com­mis­sio­ner, aut­ho­ri­ze the auto­ma­ted pro­ces­sing of per­so­nal data or per­so­na­li­ty pro­files requi­ring spe­cial pro­tec­tion in the for­mal sen­se befo­re a law enters into for­ce if:

a the tasks requi­ring such pro­ces­sing are regu­la­ted in a law in the for­mal sense;
b suf­fi­ci­ent mea­su­res are taken to pre­vent vio­la­ti­ons of privacy;
c the prac­ti­cal imple­men­ta­ti­on of data pro­ces­sing requi­res a test pha­se befo­re the law comes into for­ce in the for­mal sense.

2 The prac­ti­cal imple­men­ta­ti­on of data pro­ces­sing may requi­re a test pha­se if:

a the per­for­mance of a task requi­res tech­ni­cal inno­va­tions, the effects of which must first be evaluated;
b the per­for­mance of a task requi­res signi­fi­cant orga­niz­a­tio­nal or tech­ni­cal mea­su­res, the effec­ti­ve­ness of which must first be tested, par­ti­cu­lar­ly in the case of coope­ra­ti­on bet­ween federal and can­to­nal bodies; or
c it requi­res the trans­mis­si­on of par­ti­cu­lar­ly sen­si­ti­ve per­so­nal data or per­so­na­li­ty pro­files to can­to­nal aut­ho­ri­ties by means of a retrie­val procedure.

3 The Federal Coun­cil shall regu­la­te the moda­li­ties of auto­ma­ted data pro­ces­sing in an ordinance.

4 The com­pe­tent federal body shall sub­mit an eva­lua­ti­on report to the Federal Coun­cil wit­hin two years of the pilot system going into ope­ra­ti­on. In this report, it shall pro­po­se the con­ti­nua­tion or dis­con­ti­nua­tion of the processing.

5 Auto­ma­ted data pro­ces­sing must be dis­con­ti­nued in any case if, wit­hin five years of the pilot system going into ope­ra­ti­on, no law in the for­mal sen­se has come into for­ce that inclu­des the necessa­ry legal basis.

Art. 18 Obtai­ning per­so­nal data

1 In the case of syste­ma­tic sur­veys, name­ly with que­sti­onn­aires, the federal body shall dis­c­lo­se the pur­po­se and legal basis of the pro­ces­sing, the cate­go­ries of data sub­jects invol­ved in the data collec­tion and the data recipients.

2

Art. 18a Trans­pa­ren­cy and infor­ma­ti­on when obtai­ning per­so­nal data 

1 Federal bodies are obli­ged to inform the data sub­ject about the pro­cu­re­ment of per­so­nal data; this duty to inform also app­lies if the data is pro­cu­red from third parties.

2 At a mini­mum, the data sub­ject shall be noti­fied of:

a the owner of the data collection;
b the pur­po­se of editing;
c the cate­go­ries of data reci­pi­ents, if data dis­clo­sure is foreseen;
d the right to infor­ma­ti­on under Arti­cle 8;
e the con­se­quen­ces of a refu­sal by the data sub­ject to pro­vi­de the reque­sted per­so­nal data.

3 If the data are not obtai­ned from the data sub­ject, the data sub­ject must be infor­med at the latest when the data are stored or, if the data are not stored, when they are first dis­c­lo­sed to third parties.

4 The duty of federal bodies to inform shall not app­ly if the per­son con­cer­ned has alrea­dy been infor­med or, in cases under para­graph 3, if:

a the sto­rage or dis­clo­sure of the data is express­ly pro­vi­ded for by law; or
b the infor­ma­ti­on is not pos­si­ble or only pos­si­ble with dis­pro­por­tio­na­te effort.

5 If the duty to pro­vi­de infor­ma­ti­on would impair the com­pe­ti­ti­ve­ness of a federal body, the Federal Coun­cil may limit it to the pro­cu­re­ment of per­so­nal data requi­ring spe­cial pro­tec­tion and per­so­na­li­ty profiles.

Art. 18b Restric­tion of trans­pa­ren­cy and information 

1 Federal bodies may refu­se, restrict or post­po­ne the pro­vi­si­on of infor­ma­ti­on under the con­di­ti­ons spe­ci­fied in Arti­cle 9(1) and (2).

2 As soon as the rea­son for the refu­sal, restric­tion or defer­ral cea­ses to exist, the federal bodies are bound by the obli­ga­ti­on to pro­vi­de infor­ma­ti­on, unless this is impos­si­ble or can only be ful­fil­led with a dis­pro­por­tio­na­te effort.

Art. 19 Dis­clo­sure of per­so­nal data

1 Federal bodies may dis­c­lo­se per­so­nal data only if the­re is a legal basis for doing so wit­hin the mea­ning of Arti­cle 17 or if:

a the data is indis­pensable for the reci­pi­ent in the indi­vi­du­al case for the ful­fill­ment of its legal task;
b the data sub­ject has con­sen­ted in the indi­vi­du­al case;
c the data sub­ject has made his/her data gene­ral­ly avail­ab­le and has not express­ly pro­hi­bi­ted dis­clo­sure; or
d the reci­pi­ent credi­b­ly demon­stra­tes that the data sub­ject refu­ses con­sent or blocks dis­clo­sure in order to pre­vent him/her from enfor­cing legal claims or pro­tec­ting other inte­rests worthy of pro­tec­tion; the data sub­ject must be given the oppor­tu­ni­ty to com­ment befo­re­hand, if possible.

1bis Federal bodies may also dis­c­lo­se per­so­nal data wit­hin the frame­work of offi­cial infor­ma­ti­on to the public ex offi­cio or on the basis of the Public Infor­ma­ti­on Act of 17 Decem­ber 2004 if:

a the per­so­nal data con­cer­ned are rela­ted to the per­for­mance of public duties; and
b in the dis­clo­sure of which the­re is an over­ri­ding public interest.

2 Federal bodies may also dis­c­lo­se the sur­na­me, first name, address and date of birth of a per­son on requ­est if the requi­re­ments of para­graph 1 are not met.

3 Federal bodies may make per­so­nal data acces­si­ble by means of a retrie­val pro­ce­du­re if this is express­ly pro­vi­ded for. Per­so­nal data requi­ring spe­cial pro­tec­tion and per­so­na­li­ty pro­files may only be made acces­si­ble by means of a retrie­val pro­ce­du­re if a law in the for­mal sen­se express­ly pro­vi­des for it.

3bis Federal bodies may make per­so­nal data acces­si­ble to anyo­ne by means of auto­ma­ted infor­ma­ti­on and com­mu­ni­ca­ti­on ser­vices if a legal basis pro­vi­des for the publi­ca­ti­on of this data or if they make infor­ma­ti­on acces­si­ble to the public on the basis of para­graph 1bis. If the public inte­rest in making the data acces­si­ble no lon­ger exists, the data con­cer­ned shall be remo­ved from the auto­ma­ted infor­ma­ti­on and com­mu­ni­ca­ti­on service.

4 The federal body shall refu­se, restrict, or impo­se con­di­ti­ons on dis­clo­sure if:

a essen­ti­al public inte­rests or inte­rests of a data sub­ject which are mani­fest­ly worthy of pro­tec­tion so requi­re, or
b sta­tu­to­ry con­fi­dentia­li­ty obli­ga­ti­ons or spe­cial data pro­tec­tion regu­la­ti­ons requi­re it.

Art. 20 Blocking of disclosure

1 A data sub­ject who credi­b­ly demon­stra­tes an inte­rest worthy of pro­tec­tion may requ­est the federal body respon­si­ble to block the dis­clo­sure of cer­tain per­so­nal data.

2 The federal body shall deny or revo­ke the blocking if:

a the­re is a legal obli­ga­ti­on to dis­c­lo­se; or
b the ful­fill­ment of its task would other­wi­se be jeopardized.

3 The blocking is sub­ject to Arti­cle 19 para­graph 1bis.

Art. 21 Offer of docu­ments to the Federal Archives

1 In accordance with the Archi­ving Act of 26 June 1998, federal bodies offer to the Federal Archi­ves all per­so­nal data that they no lon­ger requi­re on a per­ma­nent basis.

2 Federal bodies shall destroy per­so­nal data desi­gna­ted by the Federal Archi­ves as not being of archi­val value, unless:

a are anonymized;
b must be retai­ned for evi­den­tia­ry or secu­ri­ty pur­po­ses or to pro­tect the legi­ti­ma­te inte­rests of the data subject.

Art. 22 Edit for rese­arch, plan­ning and statistics

1 Federal bodies may pro­cess per­so­nal data for non-per­so­nal pur­po­ses, in par­ti­cu­lar for rese­arch, plan­ning and sta­tis­tics, if:

a the data will be anony­mi­zed as soon as the pur­po­se of the pro­ces­sing allo­ws it;
b the reci­pi­ent dis­c­lo­ses the data only with the con­sent of the federal enti­ty; and
c the results are published in such a way that the per­sons con­cer­ned can­not be identified.

2 The requi­re­ments of the fol­lo­wing pro­vi­si­ons need not be met:

a Arti­cle 4(3) on the pur­po­se of processing
b Arti­cle 17(2) on the legal basis for the pro­ces­sing of per­so­nal data and per­so­na­li­ty pro­files requi­ring spe­cial protection;
c Arti­cle 19(1) on dis­clo­sure of per­so­nal data.

Art. 23 Acti­vi­ties of federal bodies under pri­va­te law

1 If a federal body acts under pri­va­te law, the pro­vi­si­ons for the pro­ces­sing of per­so­nal data by pri­va­te per­sons apply.

2 Super­vi­si­on is gover­ned by the pro­vi­si­ons for federal bodies.

Art. 24

[lifted]

Art. 25 Claims and procedure

1 Any per­son having an inte­rest worthy of pro­tec­tion may requi­re the respon­si­ble federal body to:

a refrains from unlaw­ful pro­ces­sing of per­so­nal data;
b eli­mi­na­tes the con­se­quen­ces of unlaw­ful processing;
c estab­lishes the unlaw­ful­ness of the processing.

2 If neit­her the accu­ra­cy nor the inac­cu­ra­cy of per­so­nal data can be pro­ven, the federal body must make a cor­re­spon­ding note with the data.

3 In par­ti­cu­lar, the app­li­cant may requ­est that the federal body:

a cor­rects or destroys per­so­nal data or blocks dis­clo­sure to third parties;
b noti­fies or publishes its deci­si­on, name­ly the cor­rec­tion, dest­ruc­tion, blocking or the note of con­te­sta­ti­on to third parties.

4 The pro­ce­du­re is gover­ned by the Federal Act of 20 Decem­ber 1968 on Admi­ni­stra­ti­ve Pro­ce­du­re (Admi­ni­stra­ti­ve Pro­ce­du­re Act). The excep­ti­ons of Arti­cles 2 and 3 of the Admi­ni­stra­ti­ve Pro­ce­du­re Act do not apply.

Art. 25bis Pro­ce­du­re in the case of dis­clo­sure of offi­cial docu­ments con­tai­ning per­so­nal data

As long as a pro­ce­du­re con­cer­ning access to offi­cial docu­ments wit­hin the mea­ning of the Public Access Act of 17 Decem­ber 2004, which con­tain per­so­nal data, is in pro­gress, the per­son con­cer­ned may, wit­hin the frame­work of this pro­ce­du­re, assert the rights to which he or she is enti­t­led under Arti­cle 25 of this Act in rela­ti­on to tho­se docu­ments which are the sub­ject of the access procedure.

Sec­tion 5: Federal Data Pro­tec­tion and Infor­ma­ti­on Commissioner

Art. 26 Elec­tion and position

1 The Com­mis­sio­ner shall be elec­ted by the Federal Coun­cil for a term of four years. The elec­tion must be appro­ved by the Federal Assembly.

2 Unless other­wi­se pro­vi­ded by this Act, the employ­ment rela­ti­ons­hip of the Com­mis­sio­ner shall be gover­ned by the Federal Per­son­nel Act of March 24, 2000.

3 The Com­mis­sio­ner exer­cises his func­tion inde­pendent­ly, without recei­ving inst­ruc­tions from any aut­ho­ri­ty. He is admi­ni­stra­tively assi­gned to the Federal Chancellery.

4 It has a per­ma­nent secre­ta­ri­at and its own bud­get. He hires his staff.

5 The appoin­tee is not sub­ject to the app­rai­sal system under Arti­cle 4(3) of the Federal Per­son­nel Act of 24 March 2000.

Art. 26a Re-elec­tion and ter­mi­na­ti­on of the term of office 

1 If the Federal Coun­cil does not order non-re-elec­tion at the latest six mon­ths befo­re the expi­ry of the term of office for objec­tively suf­fi­ci­ent rea­sons, the com­mis­sio­ner shall be re-elec­ted for a new term of office.

2 The Com­mis­sio­ner may requ­est the Federal Coun­cil to dis­miss him or her at the end of a mon­th, giving six mon­ths’ notice.

3 The Federal Coun­cil may remo­ve the com­mis­sio­ner from office befo­re the expi­ry of the term of office if the commissioner:

a has serious­ly vio­la­ted offi­cial duties inten­tio­nal­ly or through gross negli­gence; or
b has per­ma­nent­ly lost the abi­li­ty to hold office.

Art. 26b Other employment 

The Federal Coun­cil may per­mit the Com­mis­sio­ner to enga­ge in other employ­ment if this does not impair the Commissioner’s inde­pen­dence and reputation.

Art. 27 Super­vi­si­on of federal bodies

1 The Com­mis­sio­ner shall super­vi­se com­pli­an­ce by federal bodies with this Act and the other federal data pro­tec­tion pro­vi­si­ons. The Federal Coun­cil is exempt from this supervision.

2 The com­mis­sio­ner shall cla­ri­fy the facts in more detail on his own initia­ti­ve or upon noti­fi­ca­ti­on by a third party.

3 In the cour­se of the inve­sti­ga­ti­on, it may requ­est files, obtain infor­ma­ti­on and be shown data pro­ces­sing. The federal bodies must coope­ra­te in estab­li­shing the facts of the case. The right to refu­se to testi­fy under Arti­cle 16 of the Admi­ni­stra­ti­ve Pro­ce­du­re Act52 app­lies muta­tis mutandis.

4 If the cla­ri­fi­ca­ti­on reve­als that data pro­tec­tion regu­la­ti­ons are being vio­la­ted, the com­mis­sio­ner shall recom­mend to the respon­si­ble federal body that the pro­ces­sing be chan­ged or omit­ted. He shall inform the respon­si­ble depart­ment or the Federal Chan­cel­le­ry of his recommendation.

5 If a recom­men­da­ti­on is not fol­lo­wed or is rejec­ted, he or she may sub­mit the mat­ter to the depart­ment or the Federal Chan­cel­le­ry for a deci­si­on. The deci­si­on shall be com­mu­ni­ca­ted to the per­sons con­cer­ned in the form of an order.

6 The Com­mis­sio­ner shall be enti­t­led to appeal against the order under para­graph 5 and against the deci­si­on of the Appeals Authority.

Art. 28 Advice to pri­va­te parties

The Com­mis­sio­ner advi­ses pri­va­te per­sons on data pro­tec­tion issues.

Art. 29 Cla­ri­fi­ca­ti­ons and recom­men­da­ti­ons in the area of pri­va­te law

1 The com­mis­sio­ner shall cla­ri­fy the facts in more detail on his own initia­ti­ve or upon noti­fi­ca­ti­on by a third par­ty if:

a pro­ces­sing methods are likely to vio­la­te the per­so­na­li­ty of a lar­ger num­ber of per­sons (system error);
b data collec­tions must be regi­stered (Arti­cle 11a);
c the­re is an obli­ga­ti­on to pro­vi­de infor­ma­ti­on pur­suant to Arti­cle 6(3).

2 In doing so, it may requ­est files, obtain infor­ma­ti­on and be shown data pro­ces­sing. The right to refu­se to testi­fy under Arti­cle 16 of the Admi­ni­stra­ti­ve Pro­ce­du­re Act app­lies muta­tis mutandis.

3 Based on his cla­ri­fi­ca­ti­ons, the com­mis­sio­ner may recom­mend to chan­ge or refrain from editing.

4 If such a recom­men­da­ti­on of the Com­mis­sio­ner is not fol­lo­wed or is rejec­ted, he may sub­mit the mat­ter to the Federal Admi­ni­stra­ti­ve Court for a deci­si­on. He is enti­t­led to appeal against this decision.

Art. 30 Information

1 The Com­mis­sio­ner shall report to the Federal Assem­bly perio­di­cal­ly and as requi­red. He shall simul­ta­ne­ous­ly trans­mit the report to the Federal Coun­cil. The perio­dic reports shall be published.

2 In cases of gene­ral inte­rest, it may inform the public of its fin­dings and recom­men­da­ti­ons. Per­so­nal data sub­ject to offi­cial secrecy may only be published with the con­sent of the com­pe­tent aut­ho­ri­ty. If the lat­ter refu­ses to give its con­sent, the pre­si­dent of the divi­si­on of the Federal Admi­ni­stra­ti­ve Court respon­si­ble for data pro­tec­tion shall take the final decision.

Art. 31 Other tasks

1 In par­ti­cu­lar, the com­mis­sio­ner shall have the fol­lo­wing addi­tio­nal duties:

a It sup­ports federal and can­to­nal bodies in mat­ters of data protection.
b It com­ments on pro­po­sals for federal decrees and mea­su­res that are rele­vant to data protection.
c It coope­ra­tes with dome­stic and for­eign data pro­tec­tion authorities.
d It asses­ses the extent to which data pro­tec­tion legis­la­ti­on abroad ensu­res ade­qua­te protection.
e It shall exami­ne the gua­ran­tees and data pro­tec­tion rules noti­fied to it in accordance with Arti­cle 6(3).
f It shall exami­ne the cer­ti­fi­ca­ti­on pro­ce­du­res refer­red to in Arti­cle 11 and may make recom­men­da­ti­ons the­re­on in accordance with Arti­cle 27(4) or 29(3).
g It shall per­form the duties assi­gned to it by the Public Infor­ma­ti­on Act of Decem­ber 17, 2004.

2 It may advi­se organs of the Federal Admi­ni­stra­ti­on even if this Act is not app­li­ca­ble in accordance with Arti­cle 2 para­graph 2 let­ters c and d. The organs of the Federal Admi­ni­stra­ti­on may allow him to inspect their business.

Art. 32

[lifted]

Sec­tion 6: Legal protection

Art. 33

1 Legal pro­tec­tion shall be gover­ned by the gene­ral pro­vi­si­ons on the admi­ni­stra­ti­on of federal justice.

2 If, during a fact-fin­ding inve­sti­ga­ti­on under Arti­cle 27 para­graph 2 or under Arti­cle 29 para­graph 1, the Com­mis­sio­ner estab­lishes that the per­sons con­cer­ned are threa­tened with a dis­ad­van­ta­ge that can­not be easi­ly reme­di­ed, he may app­ly to the pre­si­dent of the divi­si­on of the Federal Admi­ni­stra­ti­ve Court respon­si­ble for data pro­tec­tion for pre­cau­tio­na­ry mea­su­res. The pro­ce­du­re shall be gover­ned muta­tis mutan­dis by Arti­cles 79 – 84 of the Federal Act of 4 Decem­ber 1947 on Federal Civil Procedure.

Sec­tion 7: Penal provisions

Art. 34 Vio­la­ti­on of the duties to pro­vi­de infor­ma­ti­on, to report and to cooperate

1 Fines are impo­sed on pri­va­te per­sons upon request:

a who vio­la­te their obli­ga­ti­ons under Arti­cles 8 – 10 and 14 by inten­tio­nal­ly pro­vi­ding fal­se or incom­ple­te information;
b who inten­tio­nal­ly fail to do so:

1. inform the data sub­ject in accordance with Arti­cle 14(1), or

2. pro­vi­de it with the infor­ma­ti­on refer­red to in Arti­cle 14(2).

2 Fines are impo­sed on pri­va­te per­sons who intentionally:

a fail to pro­vi­de the infor­ma­ti­on refer­red to in Arti­cle 6(3) or the noti­fi­ca­ti­on refer­red to in Arti­cle 11a or inten­tio­nal­ly pro­vi­de fal­se infor­ma­ti­on in doing so;
b pro­vi­de the com­mis­sio­ner with fal­se infor­ma­ti­on or refu­se to coope­ra­te when cla­ri­fy­ing a mat­ter (Arti­cle 29).

Art. 35 Vio­la­ti­on of the pro­fes­sio­nal duty of confidentiality

1 Any per­son who inten­tio­nal­ly dis­c­lo­ses, without aut­ho­riz­a­ti­on, secret per­so­nal data or per­so­na­li­ty pro­files requi­ring spe­cial pro­tec­tion, of which he has lear­ned in the cour­se of his pro­fes­si­on requi­ring know­ledge of such data, shall be liable on com­p­laint to a fine.

2 Anyo­ne who inten­tio­nal­ly dis­c­lo­ses secret per­so­nal data or per­so­na­li­ty pro­files requi­ring spe­cial pro­tec­tion without aut­ho­riz­a­ti­on, which he or she lear­ned about while working for the per­son requi­red to main­tain secrecy or during trai­ning with that per­son, shall be punis­hed in the same manner.

3 The unaut­ho­ri­zed dis­clo­sure of secret per­so­nal data or per­so­na­li­ty pro­files requi­ring spe­cial pro­tec­tion is punis­ha­ble even after the end of pro­fes­sio­nal prac­ti­ce or training.

Sec­tion 8: Final Provisions

Art. 36 Enforcement

1 The Federal Coun­cil shall issue the imple­men­ting provisions.

2

3 It may pro­vi­de for dero­ga­ti­ons from Arti­cles 8 and 9 for the pro­vi­si­on of infor­ma­ti­on by Swiss diplo­ma­tic and con­su­lar mis­si­ons abroad.

4 It may fur­ther determine:

a which data collec­tions requi­re pro­ces­sing regulations;
b under which con­di­ti­ons a federal body may have per­so­nal data pro­ces­sed by a third par­ty or pro­cess it for a third party;
c how the means of iden­ti­fi­ca­ti­on of per­sons may be used.

5 It may con­clu­de inter­na­tio­nal trea­ties on data pro­tec­tion if they com­ply with the princi­ples of this Act.

6 It regu­la­tes how data collec­tions are to be secu­red who­se data could end­an­ger the life and limb of the per­sons con­cer­ned in the event of war or crisis.

Art. 37 Enfor­ce­ment by the cantons

1 Inso­far as no can­to­nal data pro­tec­tion regu­la­ti­ons exist that ensu­re ade­qua­te pro­tec­tion, Arti­cles 1 – 11a, 16, 17, 18 – 22 and 25 para­graphs 1 – 3 of this Act shall app­ly to the pro­ces­sing of per­so­nal data by can­to­nal bodies when imple­men­ting federal law.

2 The can­tons shall desi­gna­te a super­vi­so­ry body to ensu­re com­pli­an­ce with data pro­tec­tion. Arti­cles 27, 30 and 31 app­ly muta­tis mutandis.

Art. 38 Tran­si­tio­nal provisions

1 The owners of data files shall regi­ster exi­sting data files to be regi­stered under Arti­cle 11 no later than one year after the ent­ry into for­ce of this Act.

2 Wit­hin one year of the ent­ry into for­ce of this Act, they must take the necessa­ry steps to enab­le them to pro­vi­de the infor­ma­ti­on refer­red to in Arti­cle 8.

3 Federal bodies may con­ti­nue to use an exi­sting data collec­tion con­tai­ning per­so­nal data requi­ring spe­cial pro­tec­tion or per­so­na­li­ty pro­files until 31 Decem­ber 2000 without the requi­re­ments of Arti­cle 17 para­graph 2 being met.

4 In the area of asyl­um and for­eig­ners, the peri­od under para­graph 3 is exten­ded until the ent­ry into for­ce of the total­ly revi­sed Asyl­um Act of 26 June 1998 and the amend­ment to the Federal Act of 26 March 1931 on the Resi­dence and Sett­le­ment of Foreigners.

Art. 38a Tran­si­tio­nal pro­vi­si­on to the amend­ment of March 19, 2010

The elec­tion of the Com­mis­sio­ner and the ter­mi­na­ti­on of his employ­ment shall be gover­ned by the pre­vious law until the end of the legis­la­ti­ve term in which this amend­ment enters into force.

Art. 39 Refe­ren­dum and ent­ry into force

1 This law is sub­ject to an optio­nal referendum.

2 The Federal Coun­cil shall deter­mi­ne the effec­ti­ve date.

Effec­ti­ve date: July 1, 1993

Table of Contents