FDPA

The currently applicable version of the DPA. The texts have been converted automatically – thank you for pointing out errors.

The Regulation to this (VDSG) can be found here, the revised version of the DSG here.

fold out | fold

Section 1: Purpose, Scope and Terms

Art. 1 Purpose

This law aims to protect the personality and fundamental rights of persons about whom data are processed.

Art. 2 Scope

1 This law applies to the processing of data of natural and legal persons by:

a private persons;

b Federal bodies.

2 It is not applicable to:

a Personal data that a natural person processes exclusively for personal use and does not disclose to outsiders;

b deliberations in the Federal Councils and in the parliamentary commissions;

c pending civil proceedings, criminal proceedings, international legal assistance proceedings, and proceedings under state and administrative law, with the exception of first-instance administrative proceedings;

d public registers of private legal transactions;

e Personal data processed by the International Committee of the Red Cross.

Art. 3 Terms

The following expressions mean:

a. Personal data: all data relating to an identified or identifiable person;

b. Data subjects: natural or legal persons about whom data are processed;

c. Personal data requiring special protection: Data about:

1. religious, ideological, political, or trade union views or activities,

2. health, privacy, or race,

3. Social assistance measures,

4. administrative or criminal prosecutions and sanctions;

d. Personality profile: a set of data that allows an assessment of essential aspects of a natural person’s personality;

e. Processing: any handling of personal data, regardless of the means and procedures used, in particular obtaining, storing, using, reprocessing, disclosing, archiving or destroying data;

f. Disclosure: the making available of personal data such as the granting of access, passing on or publication;

g. Data collection: any set of personal data that is structured in such a way that the data is accessible by data subject;

h. Federal bodies: federal authorities and agencies as well as persons, insofar as they are entrusted with public tasks of the federal government;

i. Data collection owners: private persons or federal bodies that decide on the purpose and content of the data collection;

j. Law in the formal sense:

1. federal laws,

2. decisions of international organizations that are binding on Switzerland and international treaties with legislative content that have been approved by the Federal Assembly;

k. …

Section 2: General data protection provisions

Art. 4 Principles

1 Personal data may only be processed lawfully.

2 Their processing must be carried out in good faith and must be proportionate.

3 Personal data may only be processed for the purpose stated in the procurement, evident from the circumstances or provided for by law.

4 The acquisition of personal data and, in particular, the purpose of its processing must be recognizable to the data subject.

5 If the consent of the data subject is required for the processing of personal data, this consent shall only be valid if it is given voluntarily after appropriate information has been provided. In the case of the processing of personal data or personality profiles requiring special protection, consent must also be given expressly.

Art. 5 Accuracy of the data

1 Anyone who processes personal data must ensure that it is accurate. He must take all reasonable measures to ensure that data which is inaccurate or incomplete with regard to the purpose for which it was obtained or processed is corrected or destroyed.

2 Any data subject may request that inaccurate data be corrected.

Art. 6 Cross-border disclosure

1 Personal data may not be disclosed abroad if this would seriously jeopardize the personality of the persons concerned, namely because there is no legislation that ensures adequate protection.

2 In the absence of legislation ensuring adequate protection, personal data may be disclosed abroad only if:

a sufficient guarantees, in particular by contract, ensure adequate protection abroad;

b the data subject has consented in the individual case;

c the processing is directly related to the conclusion or execution of a contract and involves personal data of the contractual partner;

d the disclosure is indispensable in the individual case either for the protection of an overriding public interest or for the establishment, exercise or enforcement of legal claims in court;

e the disclosure is necessary in the individual case to protect the life or physical integrity of the data subject;

f the data subject has made the data generally accessible and has not expressly prohibited processing;

g the disclosure takes place within the same legal entity or company or between legal entities or companies under common management, provided that the parties involved are subject to data protection rules that ensure adequate protection.

3 The Federal Data Protection and Information Commissioner (Commissioner, Article 26) must be informed of the guarantees under paragraph 2(a) and the data protection rules under paragraph 2(g). The Federal Council shall regulate the details of this duty to inform.

Art. 7 Data security

1 Personal data must be protected against unauthorized processing by appropriate technical and organizational measures.

2 The Federal Council shall issue more detailed provisions on the minimum requirements for data security.

Art. 7a

[lifted]

Art. 8 Right to information

1 Any person may request information from the owner of a data file as to whether data about him or her is being processed.

2 The data controller must inform the data subject:

a all data available about them in the data collection, including available information about the origin of the data;

b the purpose and, where applicable, the legal basis of the processing, as well as the categories of personal data processed, the parties involved in the collection and the data recipients.

3 Data on health may be communicated to the data subject by the data controller through a physician designated by the data subject.

4 If the controller of the data file has personal data processed by a third party, the controller remains obliged to provide information. The third party is obliged to provide information if it does not disclose the data controller or if the data controller is not domiciled in Switzerland.

5 As a rule, the information must be provided in writing, in the form of a printout or photocopy, and free of charge. The Federal Council shall regulate the exceptions.

6 No one can waive the right to information in advance.

Art. 9 Limitation of the right to information

1 The owner of the data collection may refuse, limit or postpone the information to the extent:

a a law in the formal sense provides for this;

b it is necessary due to overriding interests of third parties.

2 A federal body may also refuse, limit, or defer information to the extent:

a it is necessary due to overriding public interests, in particular the internal or external security of the Confederation;

b the information calls into question the purpose of a criminal investigation or other investigative proceedings.

3 As soon as the reason for refusing, restricting or deferring information ceases to exist, the federal body must provide the information, unless this is impossible or only possible with disproportionate effort.

4 In addition, the private owner of a data collection may refuse, limit or postpone the disclosure of information if his own overriding interests so require and he does not disclose the personal data to third parties.

5 The owner of the data collection must specify the reason for which he refuses, restricts or postpones the information.

Art. 10 Restrictions on the right to information for media professionals

1 The owner of a data collection used exclusively for publication in the editorial section of a periodical medium may refuse, limit or postpone the provision of information to the extent:

a the personal data provide information about the sources of information;

b insight into drafts for publications would have to be given;

c the public’s freedom of opinion would be jeopardized.

2 Media professionals may also refuse, limit or postpone the provision of information if a data collection serves them exclusively as a personal work tool.

Art. 10a Data processing by third parties

1 The processing of personal data may be entrusted to third parties by agreement or by law if:

a the data are processed only as the client himself would be allowed to do; and

b no legal or contractual confidentiality obligation prohibits it.

2 In particular, the client must ensure that the third party guarantees data security.

3 Third parties may claim the same grounds for justification as the client.

Art. 11 Certification procedure

1 In order to improve data protection and data security, manufacturers of data processing systems or programs, as well as private persons or federal bodies that process personal data, may submit their systems, procedures and organization to an assessment by recognized independent certification bodies.

2 The Federal Council shall issue regulations on the recognition of certification procedures and the introduction of a data protection quality mark. In doing so, it shall take into account international law and internationally recognized technical standards.

Art. 11a Register of data collections

1 The Commissioner shall keep a register of data collections, which shall be accessible via the Internet. Any person may consult the register.

2 Federal agencies must register all data collections with the Commissioner for registration.

3 Private individuals must register data collections when: #Processing Regulations

a particularly sensitive personal data or personality profiles are regularly processed; or

b personal data is regularly disclosed to third parties.

4 Data collections must be registered before they are opened.

5 Contrary to the provisions of paragraphs 2 and 3, the owner of data collections is not required to declare his collections if:

a private persons process data on the basis of a legal obligation;

b the Federal Council has exempted a processing operation from the notification requirement because it does not jeopardize the rights of the persons concerned;

c it uses the data exclusively for publication in the editorial section of a periodically published medium and does not pass on any data to third parties without the persons concerned being aware of this;

d the data is processed by journalists who use the data collection exclusively as a personal work tool;

e it has designated a data protection officer who independently monitors internal compliance with data protection regulations and maintains a register of data collections;

f it has obtained a data protection quality mark on the basis of a certification procedure pursuant to Article 11 and the result of the assessment has been communicated to the Commissioner.

6 The Federal Council shall regulate the modalities for the notification of data files, the maintenance and publication of the register, as well as the position and duties of the data protection officers pursuant to paragraph 5 letter e and the publication of a list of data file owners who are exempt from the notification requirement pursuant to paragraph 5 letters e and f.

Section 3: Processing of personal data by private persons

Art. 12 Violation of personality rights

1 Anyone who processes personal data must not unlawfully infringe the personality of the persons concerned.

2 In particular, he may not:

a process personal data contrary to the principles of Articles 4, 5(1) and 7(1);

b process data of a person against his or her explicit will without justification;

c disclose sensitive personal data or personality profiles to third parties without justification.

3 As a rule, there is no violation of privacy if the data subject has made the data generally accessible and has not expressly prohibited processing.

Art. 13 Grounds for justification

1 An infringement of personality is unlawful if it is not justified by the consent of the infringed person, by an overriding private or public interest or by law.

2 An overriding interest of the processing person comes into consideration in particular if it:

a processes personal data about its contractual partner in direct connection with the conclusion or performance of a contract;

b is or intends to be in economic competition with another person and processes personal data for this purpose without disclosing it to third parties;

c processes neither sensitive personal data nor personality profiles for the purpose of checking the creditworthiness of another person and only discloses data to third parties that they require for the conclusion or performance of a contract with the data subject;

d professionally processes personal data exclusively for publication in the editorial section of a periodical medium;

e processes personal data for non-personal purposes, in particular in research, planning and statistics, and publishes the results in such a way that the persons concerned cannot be identified;

f collects data about a public figure, provided that the data relates to that person’s activities in public.

Art. 14 Transparency and information when obtaining personal data and personality profiles requiring special protection

1 The owner of the data collection is obliged to inform the data subject about the procurement of personal data or personality profiles requiring special protection; this duty to inform also applies if the data is procured from third parties.

2 At a minimum, the data subject shall be notified of:

a the owner of the data collection;

b the purpose of editing;

c the categories of data recipients, if data disclosure is foreseen.

3 If the data are not obtained from the data subject, the data subject must be informed at the latest when the data are stored or, if the data are not stored, when they are first disclosed to third parties.

4 The data controller’s duty to inform shall not apply if the data subject has already been informed or, in cases under paragraph 3, if:

a the storage or disclosure of the data is expressly provided for by law; or

b the information is not possible or only possible with disproportionate effort.

5 The data controller may refuse, limit or postpone the information under the conditions specified in Article 9(1) and (4).

Art. 15 Legal claims

1 Actions for the protection of personality are governed by Articles 28, 28a and 28l of the Civil Code. The complaining party may in particular demand that data processing be blocked, that no data be disclosed to third parties or that the personal data be corrected or destroyed.

2 If neither the correctness nor the incorrectness of personal data can be demonstrated, the complaining party may request that a corresponding note be added to the data.

3 The plaintiff may also request that the correction, the destruction, the blocking, namely the blocking of disclosure to third parties, the note of contestation or the judgment be communicated to third parties or published.

4 Actions to enforce the right to information shall be decided by the court in simplified proceedings in accordance with the Code of Civil Procedure of December 19, 2008.

Section 4: Processing of Personal Data by Federal Bodies

Art. 16 Responsible body and control

1 The federal body that processes the personal data or has it processed in the performance of its duties is responsible for data protection.

2 If federal bodies process personal data together with other federal bodies, with cantonal bodies or with private persons, the Federal Council may specifically regulate the control of and responsibility for data protection.

Art. 17 Legal bases

1 Federal bodies may process personal data if there is a legal basis for doing so.

2 They may only process personal data requiring special protection and personality profiles if a law in the formal sense expressly provides for it or in exceptional cases:

a it is indispensable for a task clearly defined in a law in the formal sense;

b the Federal Council approves it in an individual case because the rights of the person concerned are not at risk; or

c the data subject has consented in the individual case or has made his/her data generally accessible and has not expressly prohibited processing.

Art. 17a Automated data processing within the scope of pilot tests

1 The Federal Council may, after obtaining the opinion of the Commissioner, authorize the automated processing of personal data or personality profiles requiring special protection in the formal sense before a law enters into force if:

a the tasks requiring such processing are regulated in a law in the formal sense;

b sufficient measures are taken to prevent violations of privacy;

c the practical implementation of data processing requires a test phase before the law comes into force in the formal sense.

2 The practical implementation of data processing may require a test phase if:

a the performance of a task requires technical innovations, the effects of which must first be evaluated;

b the performance of a task requires significant organizational or technical measures, the effectiveness of which must first be tested, particularly in the case of cooperation between federal and cantonal bodies; or

c it requires the transmission of particularly sensitive personal data or personality profiles to cantonal authorities by means of a retrieval procedure.

3 The Federal Council shall regulate the modalities of automated data processing in an ordinance.

4 The competent federal body shall submit an evaluation report to the Federal Council within two years of the pilot system going into operation. In this report, it shall propose the continuation or discontinuation of the processing.

5 Automated data processing must be discontinued in any case if, within five years of the pilot system going into operation, no law in the formal sense has come into force that includes the necessary legal basis.

Art. 18 Obtaining personal data

1 In the case of systematic surveys, namely with questionnaires, the federal body shall disclose the purpose and legal basis of the processing, the categories of data subjects involved in the data collection and the data recipients.

2 …

Art. 18a Transparency and information when obtaining personal data

1 Federal bodies are obliged to inform the data subject about the procurement of personal data; this duty to inform also applies if the data is procured from third parties.

2 At a minimum, the data subject shall be notified of:

a the owner of the data collection;

b the purpose of editing;

c the categories of data recipients, if data disclosure is foreseen;

d the right to information under Article 8;

e the consequences of a refusal by the data subject to provide the requested personal data.

4 The duty of federal bodies to inform shall not apply if the person concerned has already been informed or, in cases under paragraph 3, if:

a the storage or disclosure of the data is expressly provided for by law; or

b the information is not possible or only possible with disproportionate effort.

5 If the duty to provide information would impair the competitiveness of a federal body, the Federal Council may limit it to the procurement of personal data requiring special protection and personality profiles.

Art. 18b Restriction of transparency and information

1 Federal bodies may refuse, restrict or postpone the provision of information under the conditions specified in Article 9(1) and (2).

2 As soon as the reason for the refusal, restriction or deferral ceases to exist, the federal bodies are bound by the obligation to provide information, unless this is impossible or can only be fulfilled with a disproportionate effort.

Art. 19 Disclosure of personal data

1 Federal bodies may disclose personal data only if there is a legal basis for doing so within the meaning of Article 17 or if:

a the data is indispensable for the recipient in the individual case for the fulfillment of its legal task;

b the data subject has consented in the individual case;

c the data subject has made his/her data generally available and has not expressly prohibited disclosure; or

d the recipient credibly demonstrates that the data subject refuses consent or blocks disclosure in order to prevent him/her from enforcing legal claims or protecting other interests worthy of protection; the data subject must be given the opportunity to comment beforehand, if possible.

1bis Federal bodies may also disclose personal data within the framework of official information to the public ex officio or on the basis of the Public Information Act of 17 December 2004 if:

a the personal data concerned are related to the performance of public duties; and

b in the disclosure of which there is an overriding public interest.

2 Federal bodies may also disclose the surname, first name, address and date of birth of a person on request if the requirements of paragraph 1 are not met.

3 Federal bodies may make personal data accessible by means of a retrieval procedure if this is expressly provided for. Personal data requiring special protection and personality profiles may only be made accessible by means of a retrieval procedure if a law in the formal sense expressly provides for it.

3bis Federal bodies may make personal data accessible to anyone by means of automated information and communication services if a legal basis provides for the publication of this data or if they make information accessible to the public on the basis of paragraph 1bis. If the public interest in making the data accessible no longer exists, the data concerned shall be removed from the automated information and communication service.

4 The federal body shall refuse, restrict, or impose conditions on disclosure if:

a essential public interests or interests of a data subject which are manifestly worthy of protection so require, or

b statutory confidentiality obligations or special data protection regulations require it.

Art. 20 Blocking of disclosure

1 A data subject who credibly demonstrates an interest worthy of protection may request the federal body responsible to block the disclosure of certain personal data.

2 The federal body shall deny or revoke the blocking if:

a there is a legal obligation to disclose; or

b the fulfillment of its task would otherwise be jeopardized.

3 The blocking is subject to Article 19 paragraph 1bis.

Art. 21 Offer of documents to the Federal Archives

1 In accordance with the Archiving Act of 26 June 1998, federal bodies offer to the Federal Archives all personal data that they no longer require on a permanent basis.

2 Federal bodies shall destroy personal data designated by the Federal Archives as not being of archival value, unless:

a are anonymized;

b must be retained for evidentiary or security purposes or to protect the legitimate interests of the data subject.

Art. 22 Edit for research, planning and statistics

1 Federal bodies may process personal data for non-personal purposes, in particular for research, planning and statistics, if:

a the data will be anonymized as soon as the purpose of the processing allows it;

b the recipient discloses the data only with the consent of the federal entity; and

c the results are published in such a way that the persons concerned cannot be identified.

2 The requirements of the following provisions need not be met:

a Article 4(3) on the purpose of processing

b Article 17(2) on the legal basis for the processing of personal data and personality profiles requiring special protection;

c Article 19(1) on disclosure of personal data.

Art. 23 Activities of federal bodies under private law

1 If a federal body acts under private law, the provisions for the processing of personal data by private persons apply.

2 Supervision is governed by the provisions for federal bodies.

Art. 24

[lifted]

Art. 25 Claims and procedure

1 Any person having an interest worthy of protection may require the responsible federal body to:

a refrains from unlawful processing of personal data;

b eliminates the consequences of unlawful processing;

c establishes the unlawfulness of the processing.

2 If neither the accuracy nor the inaccuracy of personal data can be proven, the federal body must make a corresponding note with the data.

3 In particular, the applicant may request that the federal body:

a corrects or destroys personal data or blocks disclosure to third parties;

b notifies or publishes its decision, namely the correction, destruction, blocking or the note of contestation to third parties.

4 The procedure is governed by the Federal Act of 20 December 1968 on Administrative Procedure (Administrative Procedure Act). The exceptions of Articles 2 and 3 of the Administrative Procedure Act do not apply.

Art. 25bis Procedure in the case of disclosure of official documents containing personal data

As long as a procedure concerning access to official documents within the meaning of the Public Access Act of 17 December 2004, which contain personal data, is in progress, the person concerned may, within the framework of this procedure, assert the rights to which he or she is entitled under Article 25 of this Act in relation to those documents which are the subject of the access procedure.

Section 5: Federal Data Protection and Information Commissioner

Art. 26 Election and position

1 The Commissioner shall be elected by the Federal Council for a term of four years. The election must be approved by the Federal Assembly.

2 Unless otherwise provided by this Act, the employment relationship of the Commissioner shall be governed by the Federal Personnel Act of March 24, 2000.

3 The Commissioner exercises his function independently, without receiving instructions from any authority. He is administratively assigned to the Federal Chancellery.

4 It has a permanent secretariat and its own budget. He hires his staff.

5 The appointee is not subject to the appraisal system under Article 4(3) of the Federal Personnel Act of 24 March 2000.

Art. 26a Re-election and termination of the term of office

1 If the Federal Council does not order non-re-election at the latest six months before the expiry of the term of office for objectively sufficient reasons, the commissioner shall be re-elected for a new term of office.

2 The Commissioner may request the Federal Council to dismiss him or her at the end of a month, giving six months’ notice.

3 The Federal Council may remove the commissioner from office before the expiry of the term of office if the commissioner:

a has seriously violated official duties intentionally or through gross negligence; or

b has permanently lost the ability to hold office.

Art. 26b Other employment

The Federal Council may permit the Commissioner to engage in other employment if this does not impair the Commissioner’s independence and reputation.

Art. 27 Supervision of federal bodies

1 The Commissioner shall supervise compliance by federal bodies with this Act and the other federal data protection provisions. The Federal Council is exempt from this supervision.

2 The commissioner shall clarify the facts in more detail on his own initiative or upon notification by a third party.

3 In the course of the investigation, it may request files, obtain information and be shown data processing. The federal bodies must cooperate in establishing the facts of the case. The right to refuse to testify under Article 16 of the Administrative Procedure Act52 applies mutatis mutandis.

4 If the clarification reveals that data protection regulations are being violated, the commissioner shall recommend to the responsible federal body that the processing be changed or omitted. He shall inform the responsible department or the Federal Chancellery of his recommendation.

5 If a recommendation is not followed or is rejected, he or she may submit the matter to the department or the Federal Chancellery for a decision. The decision shall be communicated to the persons concerned in the form of an order.

6 The Commissioner shall be entitled to appeal against the order under paragraph 5 and against the decision of the Appeals Authority.

Art. 28 Advice to private parties

The Commissioner advises private persons on data protection issues.

Art. 29 Clarifications and recommendations in the area of private law

1 The commissioner shall clarify the facts in more detail on his own initiative or upon notification by a third party if:

a processing methods are likely to violate the personality of a larger number of persons (system error);

b data collections must be registered (Article 11a);

c there is an obligation to provide information pursuant to Article 6(3).

2 In doing so, it may request files, obtain information and be shown data processing. The right to refuse to testify under Article 16 of the Administrative Procedure Act applies mutatis mutandis.

3 Based on his clarifications, the commissioner may recommend to change or refrain from editing.

4 If such a recommendation of the Commissioner is not followed or is rejected, he may submit the matter to the Federal Administrative Court for a decision. He is entitled to appeal against this decision.

Art. 30 Information

1 The Commissioner shall report to the Federal Assembly periodically and as required. He shall simultaneously transmit the report to the Federal Council. The periodic reports shall be published.

2 In cases of general interest, it may inform the public of its findings and recommendations. Personal data subject to official secrecy may only be published with the consent of the competent authority. If the latter refuses to give its consent, the president of the division of the Federal Administrative Court responsible for data protection shall take the final decision.

Art. 31 Other tasks

1 In particular, the commissioner shall have the following additional duties:

a It supports federal and cantonal bodies in matters of data protection.

b It comments on proposals for federal decrees and measures that are relevant to data protection.

c It cooperates with domestic and foreign data protection authorities.

d It assesses the extent to which data protection legislation abroad ensures adequate protection.

e It shall examine the guarantees and data protection rules notified to it in accordance with Article 6(3).

f It shall examine the certification procedures referred to in Article 11 and may make recommendations thereon in accordance with Article 27(4) or 29(3).

g It shall perform the duties assigned to it by the Public Information Act of December 17, 2004.

2 It may advise organs of the Federal Administration even if this Act is not applicable in accordance with Article 2 paragraph 2 letters c and d. The organs of the Federal Administration may allow him to inspect their business.

Art. 32

[lifted]

Section 6: Legal protection

Art. 33

1 Legal protection shall be governed by the general provisions on the administration of federal justice.

2 If, during a fact-finding investigation under Article 27 paragraph 2 or under Article 29 paragraph 1, the Commissioner establishes that the persons concerned are threatened with a disadvantage that cannot be easily remedied, he may apply to the president of the division of the Federal Administrative Court responsible for data protection for precautionary measures. The procedure shall be governed mutatis mutandis by Articles 79 – 84 of the Federal Act of 4 December 1947 on Federal Civil Procedure.

Section 7: Penal provisions

Art. 34 Violation of the duties to provide information, to report and to cooperate

1 Fines are imposed on private persons upon request:

a who violate their obligations under Articles 8 – 10 and 14 by intentionally providing false or incomplete information;

b who intentionally fail to do so:

1. inform the data subject in accordance with Article 14(1), or

2. provide it with the information referred to in Article 14(2).

2 Fines are imposed on private persons who intentionally:

a fail to provide the information referred to in Article 6(3) or the notification referred to in Article 11a or intentionally provide false information in doing so;

b provide the commissioner with false information or refuse to cooperate when clarifying a matter (Article 29).

Art. 35 Violation of the professional duty of confidentiality

1 Any person who intentionally discloses, without authorization, secret personal data or personality profiles requiring special protection, of which he has learned in the course of his profession requiring knowledge of such data, shall be liable on complaint to a fine.

2 Anyone who intentionally discloses secret personal data or personality profiles requiring special protection without authorization, which he or she learned about while working for the person required to maintain secrecy or during training with that person, shall be punished in the same manner.

3 The unauthorized disclosure of secret personal data or personality profiles requiring special protection is punishable even after the end of professional practice or training.

Section 8: Final Provisions

Art. 36 Enforcement

1 The Federal Council shall issue the implementing provisions.

2 …

3 It may provide for derogations from Articles 8 and 9 for the provision of information by Swiss diplomatic and consular missions abroad.

4 It may further determine:

a which data collections require processing regulations;

b under which conditions a federal body may have personal data processed by a third party or process it for a third party;

c how the means of identification of persons may be used.

5 It may conclude international treaties on data protection if they comply with the principles of this Act.

6 It regulates how data collections are to be secured whose data could endanger the life and limb of the persons concerned in the event of war or crisis.

Art. 37 Enforcement by the cantons

1 Insofar as no cantonal data protection regulations exist that ensure adequate protection, Articles 1 – 11a, 16, 17, 18 – 22 and 25 paragraphs 1 – 3 of this Act shall apply to the processing of personal data by cantonal bodies when implementing federal law.

2 The cantons shall designate a supervisory body to ensure compliance with data protection. Articles 27, 30 and 31 apply mutatis mutandis.

Art. 38 Transitional provisions

1 The owners of data files shall register existing data files to be registered under Article 11 no later than one year after the entry into force of this Act.

2 Within one year of the entry into force of this Act, they must take the necessary steps to enable them to provide the information referred to in Article 8.

3 Federal bodies may continue to use an existing data collection containing personal data requiring special protection or personality profiles until 31 December 2000 without the requirements of Article 17 paragraph 2 being met.

4 In the area of asylum and foreigners, the period under paragraph 3 is extended until the entry into force of the totally revised Asylum Act of 26 June 1998 and the amendment to the Federal Act of 26 March 1931 on the Residence and Settlement of Foreigners.

Art. 38a Transitional provision to the amendment of March 19, 2010

The election of the Commissioner and the termination of his employment shall be governed by the previous law until the end of the legislative term in which this amendment enters into force.

Art. 39 Referendum and entry into force

1 This law is subject to an optional referendum.

2 The Federal Council shall determine the effective date.

Effective date: July 1, 1993

com­mon search words

Topics

FDPA

Sec­tion 1: Pur­po­se, Scope and Terms

Art. 1 Purpose

Art. 2 Scope

Art. 3 Terms

Sec­tion 2: Gene­ral data pro­tec­tion provisions

Art. 4 Principles

Art. 5 Accu­ra­cy of the data

Art. 6 Cross-bor­der disclosure

Art. 7 Data security

Art. 7a

Art. 8 Right to information

Art. 9 Limi­ta­ti­on of the right to information

Art. 10 Restric­tions on the right to infor­ma­ti­on for media professionals

Art. 10a Data pro­ces­sing by third parties

Art. 11 Cer­ti­fi­ca­ti­on procedure

Art. 11a Regi­ster of data collections

Sec­tion 3: Pro­ces­sing of per­so­nal data by pri­va­te persons

Art. 12 Vio­la­ti­on of per­so­na­li­ty rights

Art. 13 Grounds for justification

Art. 14 Trans­pa­ren­cy and infor­ma­ti­on when obtai­ning per­so­nal data and per­so­na­li­ty pro­files requi­ring spe­cial protection

Art. 15 Legal claims

Sec­tion 4: Pro­ces­sing of Per­so­nal Data by Federal Bodies

Art. 16 Respon­si­ble body and control

Art. 17 Legal bases

Art. 17a Auto­ma­ted data pro­ces­sing wit­hin the scope of pilot tests

Art. 18 Obtai­ning per­so­nal data

Art. 18a Trans­pa­ren­cy and infor­ma­ti­on when obtai­ning per­so­nal data

Art. 18b Restric­tion of trans­pa­ren­cy and information

Art. 19 Dis­clo­sure of per­so­nal data

Art. 20 Blocking of disclosure

Art. 21 Offer of docu­ments to the Federal Archives

Art. 22 Edit for rese­arch, plan­ning and statistics

Art. 23 Acti­vi­ties of federal bodies under pri­va­te law

Art. 24

Art. 25 Claims and procedure

Art. 25bis Pro­ce­du­re in the case of dis­clo­sure of offi­cial docu­ments con­tai­ning per­so­nal data

Sec­tion 5: Federal Data Pro­tec­tion and Infor­ma­ti­on Commissioner

Art. 26 Elec­tion and position

Art. 26a Re-elec­tion and ter­mi­na­ti­on of the term of office

Art. 26b Other employment

Art. 27 Super­vi­si­on of federal bodies

Art. 28 Advice to pri­va­te parties

Art. 29 Cla­ri­fi­ca­ti­ons and recom­men­da­ti­ons in the area of pri­va­te law

Art. 30 Information

Art. 31 Other tasks

Art. 32

Sec­tion 6: Legal protection

Art. 33

Sec­tion 7: Penal provisions

Art. 34 Vio­la­ti­on of the duties to pro­vi­de infor­ma­ti­on, to report and to cooperate

Art. 35 Vio­la­ti­on of the pro­fes­sio­nal duty of confidentiality

Sec­tion 8: Final Provisions

Art. 36 Enforcement

Art. 37 Enfor­ce­ment by the cantons

Art. 38 Tran­si­tio­nal provisions

Art. 38a Tran­si­tio­nal pro­vi­si­on to the amend­ment of March 19, 2010

Art. 39 Refe­ren­dum and ent­ry into force

Table of Contents

common search words

Section 1: Purpose, Scope and Terms

Section 2: General data protection provisions

Art. 5 Accuracy of the data

Art. 6 Cross-border disclosure

Art. 9 Limitation of the right to information

Art. 10 Restrictions on the right to information for media professionals

Art. 10a Data processing by third parties

Art. 11 Certification procedure

Art. 11a Register of data collections

Section 3: Processing of personal data by private persons

Art. 12 Violation of personality rights

Art. 14 Transparency and information when obtaining personal data and personality profiles requiring special protection

Section 4: Processing of Personal Data by Federal Bodies

Art. 16 Responsible body and control

Art. 17a Automated data processing within the scope of pilot tests

Art. 18 Obtaining personal data

Art. 18a Transparency and information when obtaining personal data

Art. 18b Restriction of transparency and information

Art. 19 Disclosure of personal data

Art. 21 Offer of documents to the Federal Archives

Art. 22 Edit for research, planning and statistics

Art. 23 Activities of federal bodies under private law

Art. 25bis Procedure in the case of disclosure of official documents containing personal data

Section 5: Federal Data Protection and Information Commissioner

Art. 26 Election and position

Art. 26a Re-election and termination of the term of office

Art. 27 Supervision of federal bodies

Art. 28 Advice to private parties

Art. 29 Clarifications and recommendations in the area of private law

Section 6: Legal protection

Section 7: Penal provisions

Art. 34 Violation of the duties to provide information, to report and to cooperate

Art. 35 Violation of the professional duty of confidentiality

Section 8: Final Provisions

Art. 37 Enforcement by the cantons

Art. 38 Transitional provisions

Art. 38a Transitional provision to the amendment of March 19, 2010

Art. 39 Referendum and entry into force