Legal Framework

On a national level, data privacy is protected by the Swiss constitution. Data protection is mainly regulated in the Federal Data Protection Act (DPA), the Federal Data Protection Ordinance (DPCO) and the Federal Ordinance on Data Protection Certification. Various other Swiss laws contain data protection rules relevant for specific fields of application. The DPA is currently under revision. Subsequently to an initial preliminary draft, a draft for a revised DPA was published on 15 September 2017. Additional information about the revision is available here.

As Switzerland is neither a member of the European Union (EU) nor a member of the European Economic Area (EEA), EU law is in principle not directly applicable in Switzerland (please note, however, that applicable bilateral and multilateral international agreements ratified by Switzerland may contain regulations relating to data privacy). EU data protection laws are nevertheless relevant from a Swiss perspective. In fact due to its extensive territorial scope of application, the EU General Data Protection Regulation (GDPR) is directly relevant for many Swiss undertakings (see news 18.12.2015).