NR Doris Fiala has made a Motion 16.3752 (“Against duplication in data protection”) proposes to instruct the Federal Council,
[…] in view of the revised Federal Data Protection Act (FADP) and the entry into force of the EU General Data Protection Regulation, to seek an agreement with the EU on the coordination of the application of the respective applicable data protection law by the competent data protection authorities and to hold corresponding exploratory talks with the aim of resolving the problems arising from the lack of territorial delimitation of supervisory jurisdiction in the event of parallel application of the FADP and the DPA for the economy and the supervisory authorities of Switzerland and the EU.
We have reported about it. The Federal Council now proposes to accept the motion, although it does not believe that the territorial delimitation of supervisory jurisdiction poses problems. He has on 9.11.16 on this as follows Position taken:
Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data applies to data processing within the scope of the activities of data controllers or data processors established in the EU. This applies regardless of whether the processing takes place inside or outside the EU. In the cases referred to in Article 3(2), the Regulation shall also apply, when data controllers or processors not established in the EU process data of data subjects, which are located in the EU. The scope of the Regulation and the competences of the EU supervisory authorities may thus actually extend to processing controllers. Extend to persons who are established in Switzerland, when personal data of individuals located in the EU are processed. However, this does not mean that the European supervisory authorities can intervene on the territory of Switzerland (see in particular Art. 55 of the Regulation, according to which each supervisory authority is competent to exercise the powers conferred on it on the territory of its own Member State). The Federal Council therefore does not conclude, as the motioner does, that Regulation (EU) 2016/679 affects the sovereignty of Switzerland.. On the other hand, it agrees that efficient cooperation with a view to good implementation of the respective legislations in the digital age would be in the interest of both the Swiss authorities and the EU authorities. For this reason, the Federal Council is prepared in due course to Start exploratory talks with the EUas required by the motion. Moreover, according to recital 116 of Regulation (EU) 2016/679, the Commission and the EU supervisory authorities are required to cooperate with the supervisory authorities of third countries. This could provide a basis for further action by Switzerland.