The Flag concerning the formal proposals of the National Council’s State Policy Committee (SPK-N) of January 23, 2020 has now been published. According to this, there are essentially the following official applications of the SPK-N to the National Council:
- High-risk profiling (Art. 4 lit. f E-FDPA): A minority requests the following wording with regard to this term: “.Profiling, which results in personal data requiring special protection”. The wording of the proposal thus deviates from the Council of States’ redefinition of the term and restricts it to profiling measures that lead to personal data requiring special protection.
- In connection with the duty of the controller to provide information (Art. 17 E-.FDPA), neither information on the rights of the data subject nor the intention to use personal data for the purpose of credit checks shall be covered by the aforementioned obligation. Regarding the exceptions to the obligation to provide information (Art. 18 E-FDPA), a minority proposal states that, contrary to the proposal of the Council of States, a disproportionate effort should make a corresponding obligation on the part of the responsible party superfluous.
- Right to information (Art. 23 E-FDPA): A minority amendment requires that data subjects be allowed to request information about the existence of automated individual decision-making and about the logic underlying this procedure if it is associated with a negative legal consequence or impairment. Information about possible processing for the purpose of checking creditworthiness is to be deleted.
- Grounds for justification (Art. 27 E-FDPA): the Commission formulates several requests regarding the justification of processing for creditworthiness purposes: a majority request maintains the original proposal of its Chamber and wants to allow them if no particularly sensitive personal data are involved (Art. 27(2)(c) E‑CODE).FDPA). However, the minority proposal follows the Council of States and does not want to allow such processing if it involves high-risk profiling. Furthermore, personal data may only be disclosed to third parties if they are not older than 10 years; the requirement to explicitly state the principle of proportionality is to be dropped compared to the original proposal of the National Council (Art. 27 Para. 2 lit. c No. 2 E-FDPA). In addition, another minority, in accordance with the Council’s original proposal, requests the deletion of the provision according to which personal data may only be disclosed to third parties if this concerns adults (Art. 27 para. 2 lit. c no. 4 E‑IV).FDPA).
- Group privilege: Both for the duty to inform (Art. 18 para. 4 E-FDPA) as well as for the right to information (Art. 24 para. 2to E-FDPA) as well as in the grounds for justification (Art. 27 para. 2 lit. b E-.FDPA), the proposed group privilege is confirmed (cf. also Blog post from 25 January 2020).
The proposals will be discussed in the upcoming spring session (March 2 – 20, 2020) in the National Council. It therefore remains to be seen what the outcome of these discussions will be.