- The Federal Council proposes the rejection of Philippe Nantermod’s postulate on the tyranny of data protection.
- The revised Data Protection Act (DPA) strengthens the public’s control over their data in a digital world.
- The European Commission confirms Switzerland’s adequate level of data protection, which facilitates cross-border data transfers.
- The Federal Data Protection and Information Commissioner (FDPIC) has extended powers, but no sanctioning powers.
- The FDPIC’s recommendations aim to give customers freedom of choice when it comes to data processing in online purchasing.
The Postulate “Stopping the tyranny of data protection” by Philippe Nantermod has made some waves. The The Federal Council has now commented on this and – unsurprisingly – requested that the postulate be rejected. Among other things, he clarifies that the FDPIC does not require a guest purchase in the Digitec Galaxus proceedings, to which Nantermod had referred somewhat ambiguously, but only sees it as one of several possibilities:
In Switzerland, the processing of personal data by federal bodies or private individuals is governed by the Data Protection Act (DPA; SR 235.1). The completely revised Data Protection Act has been in force since September 1, 2023. The revision was necessary so that the population can retain control over their data in an increasingly digitalized world. In terms of innovation, effective data protection also strengthens user confidence in the new technologies.
Furthermore, in its report of January 15, 2024, the European Commission confirmed its decision of July 26, 2000, according to which Switzerland offers an adequate level of data protection. In particular, the totally revised Data Protection Act has made it possible to continue to meet the requirements for maintaining adequacy. This confirmation of adequacy ensures that personal data can continue to be transferred from the European Union (EU) or the European Economic Area (EEA) to Switzerland without additional guarantees, which facilitates access to the European market for Swiss companies and SMEs in particular. This cross-border data transfer is of central importance for the Swiss economy and in particular for the country’s innovative strength and competitiveness.
The new DPA is considered equivalent, but retains some special features compared to European legislation. For example, the powers of the Federal Data Protection and Information Commissioner (FDPIC) have been extended. However, unlike the European data protection supervisory authorities, the FDPIC still does not have the power to impose sanctions. The strengthening of the FDPIC’s powers is one of the elements highlighted by the European Commission in its report. Another Relaxation of the Swiss legal framework could jeopardize the European Commission’s adequacy decision in particular.
The Recommendations to Digitec made by the FDPIC under the old laware aimed at providing the customer with a guarantee for data processing that is not necessary for the fulfillment of the online purchase contract. Freedom of choice to make this possible. The FDPIC has explicitly left several options open, including guest purchases.
The Federal Council is of the opinion that it should wait until the latest revision has had a greater impact before considering any changes.