The SPK-SR has completed the preliminary consultation of the Draft of the DSG concluded and the bill passed unanimously in the overall vote (Media release). The Council of States can thus discuss the business in the winter session (December 2 – 20).
According to the media release, the SPK-SR has by no means waved the deal through, but has tightened it up in some points:
[…] Thus, […] the SPK-SR proposes to its Council to deviate from the resolutions of the National Council in several points; this in particular where the version adopted by the large chamber represents a step backwards from the applicable law or would offer less protection than EU law.The SPK-SR has unanimously decided to Data on union views or activities back into the list of personal data requiring special protection (Art. 4 let. c no. 1 E‑DSG) and thus avoid a difference to EU law.
The SPK-SR also unanimously decided, to remove the exemption from the obligation to provide information in the case of disproportionate effort (Art. 18 para. 1 let. e E‑DSG), which had been introduced by the National Council.
Also unanimously the Commission refrains from introducing an exhaustive list of the information to be provided when exercising the right of access (Art. 23 para. 2 E‑DSG), as required by the National Council.
As far as criminal sanctions are concerned, the SPK-SR proposes by 6 votes to 0 with 2 abstentions that – as proposed by the Federal Council – the intentional Non-compliance with data security requirements penalized will.
[…] In addition to the aforementioned points, which are crucial for the recognition of the equivalence of Swiss data protection law by the EU, the SPK-SR has also deviated from the resolutions of the National Council in the following points in order to increase the level of protection.One of the central points of the law is the Profiling. Already in the debate of the first Council it was recognized that the regulation of this type of data processing according to the National Council variant contains gaps and requires revision. This position was shared by the SPK-SR and, following a more in-depth discussion of this issue, it agreed by 8 votes to 2 with 1 abstention. advocated a compromise solution, which is the Includes term “high-risk profiling” in data protection law and a increased protection if the data processing falls under this category. The minority wants to stick to the original version of the Federal Council, which provides for increased protection in the case of data processing for profiling purposes and refrains from differentiating in the risk definition in the law.
The SPK-SR is also of the opinion that the rights of those persons who are subject to a Credit check must be strengthened. With this in mind, it has, among other things, unanimously restricted the processing of data that is are older than five years or minors concern.
In order to address concerns on the part of media companies that the new law could make journalistic work more difficult, the SPK-SR is requesting a clarification, which will now also allow the Journalistic research covered by the justification ground will be. This means that media can justify data processing that violates personal rights even if this data was collected and stored with a view to publication, even if the publication is not published.
With regard to the facilitations from which companies that appoint data protection advisors can benefit, the SPK-SR followed the National Council by 7 votes to 4. In the eyes of the commission, this can strengthen self-regulation and the companies’ sense of responsibility. The minority requests the deletion of these facilitations, as companies do not need incentives for the appointment of such advisors.