Motion Béglé (16.3379): Promoting Switzerland as a universal virtual data vault
Submitted text
The Federal Council is instructed to maintain the following two legal provisions in order to ensure an optimal level of data protection and thus position Switzerland as a universal virtual data vault. Based on this, an “ecosystem” of innovative companies could then be created that would contribute to the economic well-being of the country.
In the context of the ongoing revision of the Data Protection Act (DPA), it is crucial that two articles of the currently valid law be retained:
1. article 3b states that data protection concerns natural and legal persons. Switzerland is one of the few countries that offers companies such a high level of data protection. This is therefore a major advantage for Switzerland as a digital location that should not be abandoned.
(2) Article 11 provides that entities engaged in data collection and
-storage can have their data security assessed by recognized, independent certification bodies. The Vigiswiss association has already made efforts in this direction to certify data centers that are members of it. If these legal articles are retained, this would allow such an association to intensify its work on quality assurance and contribute to Switzerland becoming a digital data vault. Furthermore, this would be in line with Articles 38 and 39 of the future, European data protection regulation, which encourage the development of a code of conduct and the establishment of a data protection certification procedure.
Justification
Certain Internet giants currently intend to make it mandatory to tie the data to the server. This would make the locations of the servers even more important. In such a situation, Switzerland must seize this historic opportunity. It is already 5th in the ranking of European countries with the most data centers, and 25 percent of European data is stored in Swiss data centers.
A law that would enable a high level of data protection by guaranteeing good hosting quality and permanent framework conditions would make Switzerland even more attractive.
Such an environment would attract an entire “ecosystem” of service companies in the areas of data processing, analysis, transmission, authentication, and encryption.
As a result, Switzerland could assume an important, global leadership role in the area of digital data storage.
Answer of the Federal Council from 24.8.2016
The Federal Council is aware that it is important to position Switzerland as a reliable and innovative country in the field of data protection.
He commented on the two points raised in the motion as follows:
1 The Federal Council considers it important to take into account the state of data protection law within the framework of the Council of Europe and the European Union. Therefore, it is planned to waive the protection of personal data of legal entities. This can improve cross-border data traffic because the disclosure of data of legal persons abroad is no longer conditional on adequate data protection being guaranteed in the country of destination (Art. 6 FADP). The majority of experts consulted for the regulatory impact assessment of the revision of the Data Protection Act were also in favor of waiving the protection of personal data of legal persons. Moreover, the practical scope of this protection provided for in Article 2(1) and Article 3(b) FADP is limited. This is because legal persons only very rarely assert their rights on the grounds of unlawful processing of their data. The Federal Data Protection and Information Commissioner has also never had cause to issue a recommendation in this regard. In addition, Articles 28 et seq. of the Civil Code on violations of personality, the Federal Act against Unfair Competition (UCA), the Federal Copyright Act (URG) and the rules on professional, business and manufacturing secrecy remain unchanged and continue to protect legal entities. Finally, the Federal Council doubts that Swiss companies have a competitive advantage due to Article 3 letter b FADP: Rather, a decisive role for Swiss companies is played by political and economic stability, high data protection standards, and the recognition of the adequacy of Swiss data protection legislation by other countries.
2 The Federal Council does not envisage questioning the possibility of certification as part of the work on the revision of the federal legislation on data protection.