Takea­ways (AI):
  • The Fede­ral Coun­cil pro­po­ses the rejec­tion of Phil­ip­pe Nantermod’s postu­la­te on the tyran­ny of data protection.
  • The revi­sed Data Pro­tec­tion Act (DPA) streng­thens the public’s con­trol over their data in a digi­tal world.
  • The Euro­pean Com­mis­si­on con­firms Switzerland’s ade­qua­te level of data pro­tec­tion, which faci­li­ta­tes cross-bor­der data transfers.
  • The Fede­ral Data Pro­tec­tion and Infor­ma­ti­on Com­mis­sio­ner (FDPIC) has exten­ded powers, but no sanc­tio­ning powers.
  • The FDPIC’s recom­men­da­ti­ons aim to give cus­to­mers free­dom of choice when it comes to data pro­ce­s­sing in online purchasing.

The Postu­la­te “Stop­ping the tyran­ny of data pro­tec­tion” by Phil­ip­pe Nan­ter­mod has made some waves. The The Fede­ral Coun­cil has now com­men­ted on this and – unsur­pri­sin­gly – reque­sted that the postu­la­te be rejec­ted. Among other things, he cla­ri­fi­es that the FDPIC does not requi­re a guest purcha­se in the Digi­tec Gala­xus pro­ce­e­dings, to which Nan­ter­mod had refer­red some­what ambi­guous­ly, but only sees it as one of seve­ral possibilities:

In Switz­er­land, the pro­ce­s­sing of per­so­nal data by fede­ral bodies or pri­va­te indi­vi­du­als is gover­ned by the Data Pro­tec­tion Act (DPA; SR 235.1). The com­ple­te­ly revi­sed Data Pro­tec­tion Act has been in force sin­ce Sep­tem­ber 1, 2023. The revi­si­on was neces­sa­ry so that the popu­la­ti­on can retain con­trol over their data in an incre­a­sing­ly digi­ta­li­zed world. In terms of inno­va­ti­on, effec­ti­ve data pro­tec­tion also streng­thens user con­fi­dence in the new technologies.

Fur­ther­mo­re, in its report of Janu­ary 15, 2024, the Euro­pean Com­mis­si­on con­firm­ed its decis­i­on of July 26, 2000, accor­ding to which Switz­er­land offers an ade­qua­te level of data pro­tec­tion. In par­ti­cu­lar, the total­ly revi­sed Data Pro­tec­tion Act has made it pos­si­ble to con­ti­n­ue to meet the requi­re­ments for main­tai­ning ade­qua­cy. This con­fir­ma­ti­on of ade­qua­cy ensu­res that per­so­nal data can con­ti­n­ue to be trans­fer­red from the Euro­pean Uni­on (EU) or the Euro­pean Eco­no­mic Area (EEA) to Switz­er­land wit­hout addi­tio­nal gua­ran­tees, which faci­li­ta­tes access to the Euro­pean mar­ket for Swiss com­pa­nies and SMEs in par­ti­cu­lar. This cross-bor­der data trans­fer is of cen­tral importance for the Swiss eco­no­my and in par­ti­cu­lar for the country’s inno­va­ti­ve strength and competitiveness.

The new DPA is con­side­red equi­va­lent, but reta­ins some spe­cial fea­tures com­pared to Euro­pean legis­la­ti­on. For exam­p­le, the powers of the Fede­ral Data Pro­tec­tion and Infor­ma­ti­on Com­mis­sio­ner (FDPIC) have been exten­ded. Howe­ver, unli­ke the Euro­pean data pro­tec­tion super­vi­so­ry aut­ho­ri­ties, the FDPIC still does not have the power to impo­se sanc­tions. The streng­thening of the FDPIC’s powers is one of the ele­ments high­ligh­ted by the Euro­pean Com­mis­si­on in its report. Ano­ther Rela­xa­ti­on of the Swiss legal frame­work could jeo­par­di­ze the Euro­pean Commission’s ade­qua­cy decis­i­on in par­ti­cu­lar.

The Recom­men­da­ti­ons to Digi­tec made by the FDPIC under the old laware aimed at pro­vi­ding the cus­to­mer with a gua­ran­tee for data pro­ce­s­sing that is not neces­sa­ry for the ful­fill­ment of the online purcha­se con­tract. Free­dom of choice to make this pos­si­ble. The FDPIC has expli­ci­t­ly left seve­ral opti­ons open, inclu­ding guest purcha­ses.

The Fede­ral Coun­cil is of the opi­ni­on that it should wait until the latest revi­si­on has had a grea­ter impact befo­re con­side­ring any changes.

AI-gene­ra­ted takea­ways can be wrong.