FDPO

Text of the cur­rent VDSG. The texts have been con­ver­ted auto­ma­ti­cal­ly – we thank you for poin­ting out errors. The cur­rent DSG can be found here, the revi­sed ver­si­on here and the DSV here.
fold out | fold

Chap­ter 1: Pro­ce­s­sing of per­so­nal data by pri­va­te persons

Sec­tion 1: Right to information

Art. 1 Modalities

1 Any per­son who requests infor­ma­ti­on from the con­trol­ler of a data file as to whe­ther data rela­ting to him or her is being pro­ce­s­sed (Art. 8 FADP) must, as a rule, make this request in wri­ting and pro­vi­de pro­of of his or her identity.
2 The request for infor­ma­ti­on and the pro­vi­si­on of infor­ma­ti­on may be made by elec­tro­nic means if the con­trol­ler of the data file express­ly so pro­vi­des and takes rea­sonable mea­su­res to:
a. ensu­re the iden­ti­fi­ca­ti­on of the data sub­ject; and
b. pro­tect the per­so­nal data of the data sub­ject from access by unaut­ho­ri­zed third par­ties when pro­vi­ding information.
3 With the agree­ment of the con­trol­ler of the data file or at his sug­ge­sti­on, the data sub­ject may also inspect his data on site. The infor­ma­ti­on may also be pro­vi­ded oral­ly if the data sub­ject has con­sen­ted and has been iden­ti­fi­ed by the controller.
4 The infor­ma­ti­on or the rea­so­ned decis­i­on on the rest­ric­tion of the right to infor­ma­ti­on (Art. 9 and 10 FADP) shall be pro­vi­ded within 30 days of rece­ipt of the request for infor­ma­ti­on. If the infor­ma­ti­on can­not be pro­vi­ded within 30 days, the con­trol­ler of the data file must noti­fy the appli­cant of this and inform him of the peri­od within which the infor­ma­ti­on will be provided.
5 If one or more data files are joint­ly mana­ged by seve­ral pro­prie­tors, the right to infor­ma­ti­on may be asser­ted against any pro­prie­tor, unless one of them is respon­si­ble for hand­ling all requests for infor­ma­ti­on. If the con­trol­ler of the data file is not aut­ho­ri­zed to pro­vi­de infor­ma­ti­on, he shall for­ward the request to the per­son responsible.
6 If the request for infor­ma­ti­on rela­tes to data pro­ce­s­sed by a third par­ty on behalf of the con­trol­ler of the data file, the con­trol­ler shall for­ward the request to the third par­ty for exe­cu­ti­on, unless the con­trol­ler is its­elf in a posi­ti­on to pro­vi­de information.
7 If infor­ma­ti­on is reque­sted about data rela­ting to a decea­sed per­son, it must be pro­vi­ded if the appli­cant demon­stra­tes an inte­rest in the infor­ma­ti­on and no over­ri­ding inte­rests of rela­ti­ves of the decea­sed per­son or of third par­ties con­flict with this. Clo­se rela­ti­ves and mar­ria­ge to the decea­sed per­son con­sti­tu­te an interest.

Art. 2 Excep­ti­ons from the free of charge

1 An appro­pria­te con­tri­bu­ti­on to the costs may excep­tio­nal­ly be requi­red if:
a. the per­son making the request has alre­a­dy been pro­vi­ded with the reque­sted infor­ma­ti­on in the twel­ve months pri­or to the request and no inte­rest wort­hy of pro­tec­tion in the pro­vi­si­on of new infor­ma­ti­on can be demon­stra­ted. An inte­rest wort­hy of pro­tec­tion is given in par­ti­cu­lar if the per­so­nal data has been chan­ged wit­hout noti­fi­ca­ti­on to the per­son concerned;
b. the pro­vi­si­on of infor­ma­ti­on invol­ves a par­ti­cu­lar­ly lar­ge amount of work.
2 The maxi­mum con­tri­bu­ti­on is 300 Swiss francs. The appli­cant must be infor­med of the amount of the con­tri­bu­ti­on befo­re infor­ma­ti­on is pro­vi­ded and may with­draw his appli­ca­ti­on within ten days.

Sec­tion 2: Regi­stra­ti­on of data collections

Art. 3 Registration

1 Data files (Art. 11a para. 3 FADP) must be noti­fi­ed to the Fede­ral Data Pro­tec­tion and Infor­ma­ti­on Com­mis­sio­ner (Com­mis­sio­ner) befo­re the data file is ope­ned. The noti­fi­ca­ti­on shall con­tain the fol­lo­wing infor­ma­ti­on:
a. Name and address of the owner of the data collection;
b. Name and full desi­gna­ti­on of the data collection;
c. Per­son with whom the right to infor­ma­ti­on may be asserted;
d. Pur­po­se of the data collection;
e. Cate­go­ries of per­so­nal data processed;
f. Cate­go­ries of data recipients;
g. Cate­go­ries of par­ti­ci­pan­ts in the data coll­ec­tion, i.e. third par­ties who may enter data into the data coll­ec­tion and make chan­ges to the data.
2 Each owner of a data coll­ec­tion shall update this infor­ma­ti­on on an ongo­ing basis. …

Art. 4 Exemp­ti­ons from the obli­ga­ti­on to register

1 Data coll­ec­tions under Artic­le 11a para­graph 5 let­ters a and c‑f FADP and the fol­lo­wing data coll­ec­tions (Artic­le 11a para­graph 5 let­ter b FADP) are exempt from the obli­ga­ti­on to regi­ster data coll­ec­tions:
a. Data coll­ec­tions from sup­pliers or cus­to­mers, inso­far as they do not con­tain any per­so­nal data or per­so­na­li­ty pro­files requi­ring spe­cial protection;
b. Data coll­ec­tions who­se data are used exclu­si­ve­ly for non-per­so­nal pur­po­ses, name­ly in rese­arch, plan­ning and statistics;
c. archi­ved data coll­ec­tions kept only for histo­ri­cal or sci­en­ti­fic purposes;
d. data files that con­tain only data that have been published or that the data sub­ject himself/herself has made gene­ral­ly acce­s­si­ble and the pro­ce­s­sing of which he/she has not express­ly prohibited;
e. Data that ser­ve exclu­si­ve­ly to ful­fill the requi­re­ments of Artic­le 10;
f. Accoun­ting records;
g. Auxi­lia­ry data files for the per­son­nel admi­ni­stra­ti­on of the owner of the data file, pro­vi­ded they do not con­tain any per­so­nal data or per­so­na­li­ty pro­files requi­ring spe­cial protection.
2 The con­trol­ler of the data files shall take the neces­sa­ry mea­su­res to be able to com­mu­ni­ca­te the infor­ma­ti­on (Art. 3 para. 1) on the data files not sub­ject to the obli­ga­ti­on to regi­ster to the com­mis­sio­ner or the data sub­jects on request.

Sec­tion 3: Dis­clo­sure abroad

Art. 5 Publi­ca­ti­on in elec­tro­nic form 

If per­so­nal data is made gene­ral­ly available to the public by means of auto­ma­ted infor­ma­ti­on and com­mu­ni­ca­ti­on ser­vices for the pur­po­se of pro­vi­ding infor­ma­ti­on, this shall not be dee­med to be a trans­fer abroad. 

Art. 6 Trans­pa­ren­cy and information

1 The con­trol­ler of the data file shall inform the Com­mis­sio­ner pri­or to [dis­clo­sure abroad of the gua­ran­tees and data pro­tec­tion rules in accordance with Artic­le 6 para­graph 2 let­ters a and g FADP. If pri­or infor­ma­ti­on is not pos­si­ble, it must be pro­vi­ded imme­dia­te­ly after disclosure.
2 If the Com­mis­sio­ner has been infor­med of the gua­ran­tees and the data pro­tec­tion rules, the infor­ma­ti­on obli­ga­ti­on shall be dee­med to have been ful­fil­led for all fur­ther dis­clo­sures that:
a. under the same safe­guards, pro­vi­ded that the cate­go­ries of reci­pi­en­ts, the pur­po­se of the pro­ce­s­sing and the cate­go­ries of data remain sub­stan­ti­al­ly unch­an­ged; or
b. take place within the same legal enti­ty or com­pa­ny or bet­ween legal enti­ties or com­pa­nies under uni­fi­ed manage­ment, to the ext­ent that the data pro­tec­tion rules con­ti­n­ue to pro­vi­de ade­qua­te protection.
3 The duty to inform shall also be dee­med to have been ful­fil­led if data are trans­mit­ted on the basis of model con­tracts or stan­dard con­trac­tu­al clau­ses drawn up or reco­gnized by the com­mis­sio­ner and the com­mis­sio­ner has been infor­med in gene­ral terms by the con­trol­ler of the data file about the use of the­se model con­tracts or stan­dard con­trac­tu­al clau­ses. The com­mis­sio­ner shall publish a list of the model con­tracts and stan­dard con­trac­tu­al clau­ses crea­ted or reco­gnized by it.
4 The data con­trol­ler shall take rea­sonable mea­su­res to ensu­re that the reci­pi­ent com­plies with the safe­guards and data pro­tec­tion rules.
5 The Com­mis­sio­ner shall exami­ne the gua­ran­tees and the data pro­tec­tion rules com­mu­ni­ca­ted to him (Art. 31 para. 1 let. e FADP) and shall noti­fy the con­trol­ler of the data file of the result of his exami­na­ti­on within 30 days of rece­ipt of the information.

Art. 7 List of sta­tes with ade­qua­te data pro­tec­tion legislation

The com­mis­sio­ner publishes a list of sta­tes who­se legis­la­ti­on ensu­res ade­qua­te data protection. 

Sec­tion 4: Tech­ni­cal and orga­nizatio­nal measures

Art. 8 Gene­ral measures

1 Anyo­ne who pro­ce­s­ses per­so­nal data or pro­vi­des a data com­mu­ni­ca­ti­ons net­work as a pri­va­te indi­vi­du­al shall ensu­re the con­fi­den­tia­li­ty, avai­la­bi­li­ty and inte­gri­ty of the data in order to gua­ran­tee ade­qua­te data pro­tec­tion. In par­ti­cu­lar, he shall pro­tect the systems against the fol­lo­wing risks:
a. unaut­ho­ri­zed or acci­den­tal destruction;
b. acci­den­tal loss;
c. tech­ni­cal errors;
d. For­gery, theft or unlawful use;
e. unaut­ho­ri­zed altera­ti­on, copy­ing, access or other unaut­ho­ri­zed editing.
2 The tech­ni­cal and orga­nizatio­nal mea­su­res must be appro­pria­te. In par­ti­cu­lar, they shall take into account the fol­lo­wing cri­te­ria:
a. Pur­po­se of data processing;
b. The natu­re and ext­ent of data processing;
c. Assess­ment of the pos­si­ble risks for the per­sons concerned;
d. cur­rent sta­te of the art.
3 The­se mea­su­res shall be review­ed periodically.

Art. 9 Spe­cial measures

1 The con­trol­ler of the data file shall, in par­ti­cu­lar in the case of auto­ma­ted pro­ce­s­sing of per­so­nal data, take the tech­ni­cal and orga­nizatio­nal mea­su­res appro­pria­te to meet the fol­lo­wing objec­ti­ves in par­ti­cu­lar:
a. Access con­trol: unaut­ho­ri­zed per­sons shall be denied access to the faci­li­ties whe­re per­so­nal data are processed;
b. Per­so­nal data car­ri­er con­trol: unaut­ho­ri­zed per­sons must be pre­ven­ted from rea­ding, copy­ing, modi­fy­ing or remo­ving data carriers;
c. Trans­port con­trol: during the dis­clo­sure of per­so­nal data as well as during the trans­port of data car­ri­ers, it must be pre­ven­ted that the data can be read, copied, chan­ged or dele­ted wit­hout authorization;
d. Dis­clo­sure con­trol: Data reci­pi­en­ts to whom per­so­nal data are dis­c­lo­sed by means of data trans­mis­si­on equip­ment must be identifiable;
e. Memo­ry con­trol: unaut­ho­ri­zed ent­ry into the memo­ry and unaut­ho­ri­zed vie­w­ing, modi­fi­ca­ti­on or dele­ti­on of stored per­so­nal data must be prevented;
f. User con­trol: the use of auto­ma­ted data pro­ce­s­sing systems by means of data trans­mis­si­on equip­ment by unaut­ho­ri­zed per­sons shall be prevented;
g. Access con­trol: the access of aut­ho­ri­zed per­sons shall be limi­t­ed to tho­se per­so­nal data that they need for the ful­fill­ment of their task;
h. Input con­trol: in auto­ma­ted systems, it must be pos­si­ble to check retro­s­pec­tively which per­so­nal data was ente­red at what time and by which person.
2 The data coll­ec­tions must be desi­gned in such a way that the data sub­jects can exer­cise their right to infor­ma­ti­on and their right to rectification.

Art. 10 Logging

1 The con­trol­ler of the data file shall log the auto­ma­ted pro­ce­s­sing of sen­si­ti­ve per­so­nal data or per­so­na­li­ty pro­files if pre­ven­ti­ve mea­su­res can­not gua­ran­tee data pro­tec­tion. Log­ging must be car­ri­ed out in par­ti­cu­lar if it can­not other­wi­se be deter­mi­ned retro­s­pec­tively whe­ther the data was pro­ce­s­sed for the pur­po­ses for which it was coll­ec­ted or dis­c­lo­sed. The com­mis­sio­ner may also recom­mend log­ging for other pro­ce­s­sing operations.
2 The minu­tes must be recor­ded in an audi­ta­ble form for a peri­od of one year. They are acce­s­si­ble only to the bodies or pri­va­te per­sons respon­si­ble for moni­to­ring data pro­tec­tion regu­la­ti­ons and may be used only for this purpose.

Art. 11 Pro­ce­s­sing regulations

1 The con­trol­ler of an auto­ma­ted data file sub­ject to noti­fi­ca­ti­on ([Art. 11a para. 3 FADP) that is not exempt­ed from the noti­fi­ca­ti­on requi­re­ment on the basis of Artic­le 11a para. 5 let­ters b‑d FADP shall draw up pro­ce­s­sing regu­la­ti­ons that descri­be in par­ti­cu­lar the inter­nal orga­nizati­on as well as the data pro­ce­s­sing and con­trol pro­ce­du­re and con­tain the docu­ments rela­ting to the plan­ning, imple­men­ta­ti­on and ope­ra­ti­on of the data file and the IT resources.
2 The con­trol­ler of the data file shall update the regu­la­ti­ons regu­lar­ly. He shall make it available to the Com­mis­sio­ner or the data pro­tec­tion offi­cer in accordance with Artic­le 11a para­graph 5 let­ter e FADP on request in a form that they can understand.

Art. 12 Dis­clo­sure of data

The data con­trol­ler shall noti­fy the data reci­pi­ent of the time­liness and relia­bi­li­ty of the per­so­nal data dis­c­lo­sed by the data con­trol­ler, unless this infor­ma­ti­on is appa­rent from the data its­elf or from the circumstances. 

Sec­tion 5: Data Pro­tec­tion Officer

Art. 12a Desi­gna­ti­on of the data pro­tec­tion offi­cer and noti­fi­ca­ti­on to the commissioner

1 If the con­trol­ler of the data file in accordance with Artic­le 11a para­graph 5 let­ter e FADP wis­hes to be exempt­ed from the obli­ga­ti­on to regi­ster the data file, he must:
a. desi­gna­te an ope­ra­tio­nal data pro­tec­tion offi­cer who meets the requi­re­ments of para­graph 2 and of Artic­le 12b; and
b. inform the Com­mis­sio­ner of the desi­gna­ti­on of the data pro­tec­tion officer.
2 The con­trol­ler of the data file may desi­gna­te an employee or a third par­ty as data pro­tec­tion offi­cer. This per­son may not car­ry out any other acti­vi­ties that are incom­pa­ti­ble with his or her duties as data pro­tec­tion offi­cer and must have the neces­sa­ry expertise.

Art. 12b Tasks and posi­ti­on of the data pro­tec­tion officer

1 The data pro­tec­tion offi­cer has the fol­lo­wing tasks in par­ti­cu­lar:
a. It reviews the pro­ce­s­sing of per­so­nal data and recom­mends cor­rec­ti­ve mea­su­res if it finds that data pro­tec­tion regu­la­ti­ons have been violated.
b. It shall main­tain a list of the data files pur­su­ant to Artic­le 11a para­graph 3 FADP kept by the data file owner; this list shall be made available to the com­mis­sio­ner or to data sub­jects who sub­mit a request to this effect.
2 The Data Pro­tec­tion Offi­cer:
a. exer­cis­es his func­tion in a pro­fes­sio­nal­ly inde­pen­dent man­ner, wit­hout being sub­ject to ins­truc­tions from the owner of the data coll­ec­tion in this respect;
b. has the resour­ces neces­sa­ry to per­form its duties;
c. has access to all data coll­ec­tions and data pro­ce­s­sing as well as to all infor­ma­ti­on requi­red for the ful­fill­ment of his task.

Chap­ter 2: Pro­ce­s­sing of Per­so­nal Data by Fede­ral Bodies

Sec­tion 1: Right to information

Art. 13 Modalities

Artic­les 1 and 2 shall app­ly muta­tis mut­an­dis to requests for infor­ma­ti­on addres­sed to fede­ral bodies. 

Art. 14 Requests for infor­ma­ti­on to Swiss diplo­ma­tic mis­si­ons abroad

1 Switzerland’s repre­sen­ta­ti­ons abroad and its mis­si­ons to the Euro­pean Com­mu­ni­ties and to inter­na­tio­nal orga­ni­sa­ti­ons shall for­ward requests for infor­ma­ti­on sub­mit­ted to them to the com­pe­tent office in the Fede­ral Depart­ment of For­eign Affairs. The Depart­ment shall regu­la­te the responsibilities.
2 In all other respects, the pro­vi­si­ons of the Ordi­nan­ce of 10 Decem­ber 2004 on Mili­ta­ry Con­trol app­ly to requests for infor­ma­ti­on on mili­ta­ry con­trol abroad.

Art. 15

Sec­tion 2: Regi­stra­ti­on of data collections

Art. 16 Registration

1 The fede­ral bodies respon­si­ble (Art. 16 FADP) shall noti­fy the Com­mis­sio­ner of all data files they main­tain befo­re they are ope­ned. The noti­fi­ca­ti­on shall con­tain the fol­lo­wing infor­ma­ti­on:
a. Name and address of the respon­si­ble fede­ral entity;
b. Name and full desi­gna­ti­on of the data collection;
c. the body to which the right to infor­ma­ti­on may be asserted;
d. Legal basis and pur­po­se of the data collection;
e. Cate­go­ries of per­so­nal data processed;
f. Cate­go­ries of reci­pi­en­ts of the data;
g. Cate­go­ries of par­ti­ci­pan­ts in the data coll­ec­tion, i.e. third par­ties who may enter and modi­fy data in a data collection.
h. …
2 The respon­si­ble fede­ral body shall update this infor­ma­ti­on on an ongo­ing basis.

Art. 17

Art. 18 Exemp­ti­ons from the obli­ga­ti­on to register

1 The fol­lo­wing data coll­ec­tions are not sub­ject to the obli­ga­ti­on to regi­ster, pro­vi­ded that the fede­ral bodies use them exclu­si­ve­ly for inter­nal admi­ni­stra­ti­ve pur­po­ses:
a. Cor­re­spon­dence registries;
b. Data coll­ec­tions from sup­pliers or cus­to­mers, inso­far as they do not con­tain any per­so­nal data or per­so­na­li­ty pro­files requi­ring spe­cial protection;
c. Address coll­ec­tions that are used sole­ly for addres­sing pur­po­ses, pro­vi­ded they do not con­tain any per­so­nal data or per­so­na­li­ty pro­files that requi­re spe­cial protection;
d. Lists for com­pen­sa­ti­on payments;
e. Accoun­ting records;
f. Auxi­lia­ry data coll­ec­tions for fede­ral per­son­nel admi­ni­stra­ti­on, inso­far as they do not con­tain any per­so­nal data or per­so­na­li­ty pro­files requi­ring spe­cial protection;
g. Libra­ry data coll­ec­tions (aut­hor cata­logs, bor­rower and user directories).
2 Also not sub­ject to the regi­stra­ti­on requi­re­ment:
a. Data coll­ec­tions archi­ved at the Fede­ral Archives;
b. Data coll­ec­tions made available to the public in the form of directories;
c. Data coll­ec­tions who­se data are used exclu­si­ve­ly for non-per­so­nal pur­po­ses, name­ly in rese­arch, plan­ning and statistics.
3 The fede­ral body respon­si­ble shall take the neces­sa­ry mea­su­res to be able to com­mu­ni­ca­te the infor­ma­ti­on (Art. 16 para. 1) on data files not sub­ject to the obli­ga­ti­on to regi­ster to the Com­mis­sio­ner or the data sub­jects on request.

Sec­tion 3: Dis­clo­sure abroad

Art. 19

If a fede­ral body dis­c­lo­ses per­so­nal data abroad on the basis of Artic­le 6 para­graph 2 let­ter a FADP, Artic­le 6 shall apply. 

Sec­tion 4: Tech­ni­cal and orga­nizatio­nal measures

Art. 20 Principles

1 The fede­ral bodies respon­si­ble shall take the tech­ni­cal and orga­nizatio­nal mea­su­res requi­red in accordance with Artic­les 8 – 10 to pro­tect the per­so­na­li­ty and fun­da­men­tal rights of the per­sons about whom data are pro­ce­s­sed. In the case of auto­ma­ted data pro­ce­s­sing, the fede­ral bodies shall coope­ra­te with the Fede­ral Stra­tegy Unit for IT (FSUIT).
2 The fede­ral bodies respon­si­ble shall noti­fy the data pro­tec­tion offi­cer in accordance with Artic­le 11a para­graph 5 let­ter e FADP or, if the­re is no such offi­cer, the Com­mis­sio­ner wit­hout delay of all pro­jects invol­ving the auto­ma­ted pro­ce­s­sing of per­so­nal data so that the requi­re­ments of data pro­tec­tion are taken into account imme­dia­te­ly. The noti­fi­ca­ti­on to the Com­mis­sio­ner shall be made via the FSUIT if the pro­ject must also be noti­fi­ed to the latter.
3 The Com­mis­sio­ner and the FSUIT shall coope­ra­te within the frame­work of their acti­vi­ties con­cer­ning tech­ni­cal mea­su­res. The Com­mis­sio­ner shall obtain the opi­ni­on of the FSUIT befo­re recom­men­ding such measures.
4 In all other respects, the direc­ti­ves issued by the respon­si­ble fede­ral bodies on the basis of the Fede­ral IT Ordi­nan­ce of 26 Sep­tem­ber 2003 shall apply.

Art. 21 Pro­ce­s­sing regulations

1 The respon­si­ble fede­ral bodies shall draw up pro­ce­s­sing regu­la­ti­ons for auto­ma­ted data coll­ec­tions that:
a. con­tain par­ti­cu­lar­ly sen­si­ti­ve data or per­so­na­li­ty profiles;
b. used by more than one fede­ral agency;
c. Made available to can­tons, for­eign aut­ho­ri­ties, inter­na­tio­nal orga­nizati­ons or pri­va­te per­sons; or
d. are lin­ked to other data collections.
2 The respon­si­ble fede­ral body shall defi­ne its inter­nal orga­ni­sa­ti­on in the pro­ce­s­sing regu­la­ti­ons. The­se regu­la­ti­ons shall descri­be in par­ti­cu­lar the data pro­ce­s­sing and con­trol pro­ce­du­res and con­tain all docu­ments rela­ting to the plan­ning, imple­men­ta­ti­on and ope­ra­ti­on of the data file. The regu­la­ti­ons shall con­tain the infor­ma­ti­on requi­red for the report­ing obli­ga­ti­on (Art. 16) as well as infor­ma­ti­on on:
a. the body respon­si­ble for data pro­tec­tion and data secu­ri­ty of the data;
b. the ori­gin of the data;
c. the pur­po­ses for which the data are regu­lar­ly disclosed;
d. the con­trol pro­ce­du­res and in par­ti­cu­lar the tech­ni­cal and orga­nizatio­nal mea­su­res in accordance with Artic­le 20;
e. the descrip­ti­on of the data fields and the orga­nizatio­nal units that have access to them;
f. The natu­re and ext­ent of access by users of the data collection;
g. the data pro­ce­s­sing pro­ce­du­res, in par­ti­cu­lar tho­se rela­ting to the rec­ti­fi­ca­ti­on, blocking, anony­mizati­on, sto­rage, reten­ti­on, archi­ving or des­truc­tion of the data;
h. the con­fi­gu­ra­ti­on of the infor­ma­tics means;
i. the pro­ce­du­re for exer­cis­ing the right to information.
3 The regu­la­ti­ons shall be updated regu­lar­ly. They shall be made available to the com­pe­tent con­trol bodies in a form that they can understand.

Art. 22 [Data pro­ce­s­sing on behalf

1 …
2 The fede­ral body that has per­so­nal data pro­ce­s­sed by third par­ties remains respon­si­ble for data pro­tec­tion. It shall ensu­re that the data are pro­ce­s­sed in accordance with the man­da­te, in par­ti­cu­lar with regard to their use and disclosure.
3 If the third par­ty is not sub­ject to the FADP, the respon­si­ble body shall ensu­re that other legal pro­vi­si­ons gua­ran­tee equi­va­lent data pro­tec­tion, other­wi­se it shall ensu­re this by con­trac­tu­al means.

Art. 23 Advi­sor for data protection

1 The Fede­ral Chan­cel­lery and the depart­ments shall each desi­gna­te at least one advi­sor for data pro­tec­tion. This advi­sor shall have the fol­lo­wing tasks:
a. Sup­port of the respon­si­ble bodies and users;
b. Pro­mo­te infor­ma­ti­on and trai­ning of employees;
c. Par­ti­ci­pa­ti­on in the enforce­ment of data pro­tec­tion regulations.
2 If fede­ral bodies under Artic­le 11a para­graph 5 let­ter e FADP wish to be exempt­ed from the obli­ga­ti­on to regi­ster their data files, Artic­les 12a and 12b apply.
3 The fede­ral bodies shall com­mu­ni­ca­te with the com­mis­sio­ner through the consultant.

Sec­tion 5: Spe­cial provisions

Art. 24 Obtai­ning per­so­nal data

If the per­son que­stio­ned is not obli­ged to pro­vi­de infor­ma­ti­on, the fede­ral body syste­ma­ti­cal­ly obtai­ning the per­so­nal data by means of a que­sti­on­n­aire must inform him or her that the pro­vi­si­on of infor­ma­ti­on is voluntary. 

Art. 25 Per­so­nal iden­ti­fi­ca­ti­on number

1 The fede­ral body that intro­du­ces a per­so­nal iden­ti­fi­ca­ti­on num­ber for the manage­ment of its data coll­ec­tion crea­tes a non-spea­king num­ber that is used in its own area of respon­si­bi­li­ty. A non-spea­king num­ber is any uni­que or rever­si­bly uni­que sum of cha­rac­ters that is assi­gned to each per­son regi­stered in a data coll­ec­tion and from which no con­clu­si­ons can be drawn about the person.
2 The use of the per­so­nal iden­ti­fi­ca­ti­on num­ber by other fede­ral or can­to­nal bodies and by pri­va­te per­sons must be appro­ved by the fede­ral body concerned.
3 Aut­ho­ri­sa­ti­on may be gran­ted if the­re is a clo­se con­nec­tion bet­ween the inten­ded data pro­ce­s­sing and the data pro­ce­s­sing for which the per­so­nal iden­ti­fi­ca­ti­on num­ber was created.
4 In all other respects, the use of the AHV num­ber is gover­ned by AHV legislation.

Art. 26 Dis­clo­sure of data

The respon­si­ble fede­ral body shall noti­fy the data reci­pi­ent of the time­liness and relia­bi­li­ty of the per­so­nal data dis­c­lo­sed by it, unless this infor­ma­ti­on is evi­dent from the data its­elf or from the circumstances. 

Art. 27 Pro­ce­du­re for the appr­oval of pilot trials

1 Pri­or to con­sul­ting the inte­re­sted admi­ni­stra­ti­ve units, the fede­ral body respon­si­ble for the pilot sche­me shall set out for the atten­ti­on of the Com­mis­sio­ner how com­pli­ance with the requi­re­ments under Artic­le 17a FADP is to be ensu­red and shall invi­te the Com­mis­sio­ner to sub­mit comments.
2 The Com­mis­sio­ner shall com­ment on whe­ther the licen­sing requi­re­ments in accordance with Artic­le 17a para­graphs 1 and 2 FADP are met. The com­pe­tent fede­ral body shall pro­vi­de him with all docu­ments neces­sa­ry for this pur­po­se, in par­ti­cu­lar:
a. a gene­ral descrip­ti­on of the pilot test;
b. a report pro­ving that the ful­fill­ment of the tasks pro­vi­ded for by law requi­res the pro­ce­s­sing of per­so­nal data or per­so­na­li­ty pro­files requi­ring spe­cial pro­tec­tion and that a test pha­se is man­da­to­ry in the for­mal sen­se befo­re the law comes into force (Art. 17a para. 1 let. c FADP);
c. a descrip­ti­on of the inter­nal orga­nizati­on and the data pro­ce­s­sing and con­trol pro­ce­du­res (Art. 21);
d. a descrip­ti­on of the secu­ri­ty and data pro­tec­tion measures;
e. the draft or con­cept of an ordi­nan­ce regu­la­ting the details of processing;
f. the infor­ma­ti­on con­cer­ning the plan­ning of the dif­fe­rent pha­ses of the pilot test.
3 The com­mis­sio­ner may request fur­ther docu­ments and car­ry out addi­tio­nal clarifications.
4 The com­pe­tent fede­ral body shall inform the Com­mis­sio­ner of any important chan­ge affec­ting com­pli­ance with the requi­re­ments of Artic­le 17a FADP. The Com­mis­sio­ner shall com­ment again if necessary.
5 The opi­ni­on of the com­mis­sio­ner shall be atta­ched to the appli­ca­ti­on to the Fede­ral Council.

Art. 27a Eva­lua­ti­on report for pilot tests

The com­pe­tent fede­ral body shall sub­mit the draft eva­lua­ti­on report to the Fede­ral Coun­cil (Art. 17a Para. 4 FADP) for the Commissioner’s opi­ni­on. The commissioner’s opi­ni­on shall be brought to the atten­ti­on of the Fede­ral Council. 

Chap­ter 3: Regi­ster of Data Coll­ec­tions, Fede­ral Data Pro­tec­tion and Infor­ma­ti­on Com­mis­sio­ner and Pro­ce­e­dings befo­re the Fede­ral Admi­ni­stra­ti­ve Court

Sec­tion 1: Regi­ster and regi­stra­ti­on of data collections

Art. 28 Regi­ster of data collections

1 The regi­ster kept by the com­mis­sio­ner shall con­tain the infor­ma­ti­on refer­red to in Artic­les 3 and 16.
2 The regi­ster is acce­s­si­ble to the public online. The com­mis­sio­ner shall pro­vi­de excerp­ts free of char­ge upon request.
3 The Com­mis­sio­ner shall main­tain a list of data file owners who are exempt from their obli­ga­ti­on to regi­ster data files in accordance with Artic­le 11a para­graph 5 let­ters e and f FADP. This direc­to­ry shall be acce­s­si­ble to the public online.
4 If the con­trol­ler of the data file does not regi­ster his data file or does not regi­ster it com­ple­te­ly, the Com­mis­sio­ner shall set him a dead­line to com­ply with his obli­ga­ti­ons. After expiry of the dead­line, he may, on the basis of the infor­ma­ti­on available to him, regi­ster the data file ex offi­cio or recom­mend that pro­ce­s­sing be discontinued.

Art. 29

Sec­tion 2: Fede­ral Data Pro­tec­tion and Infor­ma­ti­on Commissioner

Art. 30 Seat and legal status

1 The seat and secre­ta­ri­at of the com­mis­sio­ner are loca­ted in Bern.
2 The employment rela­ti­on­ship of the secre­ta­ri­at of the Com­mis­sio­ner is gover­ned by the Fede­ral Per­son­nel Act of 24 March 2000 and its imple­men­ting provisions.
3 The bud­get of the Com­mis­sio­ner shall be listed in a spe­cial sec­tion of the bud­get of the Fede­ral Chancellery.

Art. 31 Rela­ti­ons with other aut­ho­ri­ties and pri­va­te persons

1 The Com­mis­sio­ner shall com­mu­ni­ca­te with the Fede­ral Coun­cil through the Fede­ral Chan­cell­or. The lat­ter shall for­ward all recom­men­da­ti­ons and reports of the Com­mis­sio­ner to the Fede­ral Coun­cil, even if he can­not agree to them.
1bis The Com­mis­sio­ner shall trans­mit the reports inten­ded for the Fede­ral Assem­bly direct­ly to the Par­lia­men­ta­ry Ser­vices.
2 The Com­mis­sio­ner shall com­mu­ni­ca­te direct­ly with the other admi­ni­stra­ti­ve units, the fede­ral courts, for­eign data pro­tec­tion aut­ho­ri­ties and with all other aut­ho­ri­ties and pri­va­te per­sons who are sub­ject to the fede­ral data pro­tec­tion legis­la­ti­on or the legis­la­ti­on on the prin­ci­ple of admi­ni­stra­ti­ve transparency.

Art. 32 Documentation

1 The fede­ral bodies shall sub­mit to the Com­mis­sio­ner all draft legis­la­ti­on rela­ting to the pro­ce­s­sing of per­so­nal data, data pro­tec­tion and access to offi­ci­al docu­ments. In the area of data pro­tec­tion, the depart­ments and the Fede­ral Chan­cel­lery shall noti­fy him of their decis­i­ons in anony­mous form and of their guidelines.
2 The com­mis­sio­ner must have suf­fi­ci­ent docu­men­ta­ti­on for his acti­vi­ties. He shall ope­ra­te an inde­pen­dent infor­ma­ti­on and docu­men­ta­ti­on system for the manage­ment, index­ing and con­trol of cor­re­spon­dence and dos­siers, as well as for the publi­ca­ti­on of infor­ma­ti­on of gene­ral inte­rest and the regi­ster of data coll­ec­tions on the Internet.
3 The Fede­ral Admi­ni­stra­ti­ve Court has access to the sci­en­ti­fic docu­men­ta­ti­on of the Commissioner.

Art. 33 Fees

1 A fee shall be char­ged for the expert opi­ni­ons (Art. 28 FADP) of the Com­mis­sio­ner. The pro­vi­si­ons of the Gene­ral Fees Ordi­nan­ce of 8 Sep­tem­ber 2004 are applicable.
2 No fee is char­ged to admi­ni­stra­ti­ve units of the Con­fe­de­ra­ti­on, aut­ho­ri­ties and cantons.

Art. 34 Checking the pro­ce­s­sing of per­so­nal data

1 For the cla­ri­fi­ca­ti­on of the facts in accordance with Artic­les 27 and 29 FADP, in par­ti­cu­lar when checking the lawful­ness of data pro­ce­s­sing, the Com­mis­sio­ner may request the fol­lo­wing infor­ma­ti­on in par­ti­cu­lar from the con­trol­ler of the data file:
a. tech­ni­cal and orga­nizatio­nal mea­su­res (Art. 8 – 10, 20) that have been taken or are planned;
b. the regu­la­ti­ons con­cer­ning the cor­rec­tion, blocking, anony­mizati­on, sto­rage, reten­ti­on and des­truc­tion of per­so­nal data;
c. the con­fi­gu­ra­ti­on of the infor­ma­ti­on tech­no­lo­gy resources;
d. the links with other data collections;
e. the method of dis­clo­sure of the data;
f. the descrip­ti­on of the data fields and the orga­nizatio­nal units that have access to them;
g. The type and ext­ent of user access to the data in the data collection.
2 In the case of dis­clo­sures abroad, the Com­mis­sio­ner may request addi­tio­nal infor­ma­ti­on, in par­ti­cu­lar on the data recipient’s pro­ce­s­sing capa­bi­li­ties or on the mea­su­res taken for data protection.

Sec­tion 3: Pro­ce­e­dings befo­re the Fede­ral Admi­ni­stra­ti­ve Court

Art. 35

1 The Fede­ral Admi­ni­stra­ti­ve Court may request that data pro­ce­s­sing ope­ra­ti­ons be sub­mit­ted to it.
2 It shall noti­fy the com­mis­sio­ner of its decisions.

Chap­ter 4: Final Provisions

Art. 36 Amend­ment of the pre­vious law

[…]

Art. 37 Tran­si­tio­nal provisions

1 Data coll­ec­tions in pro­cess at the time the Data Pro­tec­tion Act and this Ordi­nan­ce come into force must be regi­stered with the Com­mis­sio­ner by 30 June 1994.
2 The tech­ni­cal and orga­nizatio­nal mea­su­res (Artic­les 8 – 11, 20 and 21) must be imple­men­ted within five years of the ent­ry into force of this Ordi­nan­ce for all auto­ma­ted pro­ce­s­sing and data collection.

Art. 38 Ent­ry into force

This Regu­la­ti­on shall enter into force on July 1, 1993.