dataprotection.ch

 
Overview
Legal Framework

National

Constitutional right to privacy

The Swiss Constitution of 18 April 1999 guarantees the right to privacy in Article 13:

Right to Privacy

  1. Every person has the right to privacy in their private and family life and in their home, and in relation to their mail and telecommunications.
  2. Every person has the right to be protected against the misuse of their personal data.

Federal Act on Data Protection

The first Federal Act on Data Protection entered into force on 1 July 1993. Various amendments have been made since the enactment of the law. The current FADP came into force on 1 September 2023. The official German, French and Italian language versions are available online on the website of the Federal Authorities of the Swiss Confederation, as well as an unofficial English translation of the FADP.

Federal Ordinances to the Federal Act on Data Protection

The Federal Ordinance to the Federal Act on Data Protection (FDPO) contains implementing provisions to the FADP on, amongst others, data security and data governance, data processing agreements, cross-border disclosure of personal data, and data subjects’ rights.

The official current German, French and Italian versions of the FDPO are available online on the website of the Federal Authorities of the Swiss Confederation.

Federal Ordinance on Data Protection Certification

The FADP allows for certification of products and services with regard to data protection requirements. The Federal Ordinance on Data Protection Certification (DPCO) contains implementing provisions on the recognition of such certification procedures and the introduction of a quality mark. The official German, French and Italian versions of the DPCO are available online on the website of the Federal Authorities of the Swiss Confederation, as well as an unofficial English translation.

Specific data protection provisions in other laws

Various laws contain provisions relating to data protection in specific fields of application. Most of these provisions relate to data processing by federal government agencies, but there are some that apply to data processing by private entities.

The most noteworthy are provisions in the Swiss Code of Obligations regarding the processing of employee data, which is discussed in more detail in the section on the processing of employee data.

Professional secrecy

Certain professions and businesses are subject to special secrecy obligations, which, if breached, may result in criminal sanctions. The most significant are secrecy obligations of physicians, lawyers, auditors, members of the clergy, telecommunications businesses and banks.

Codes of conduct

Some industries in Switzerland have adopted codes of conduct for data processing and data protection, such as for example the market research and direct marketing industries.

The FADP allows for professional, trade and business associations to develop their own codes of conduct. They may submit the codes of conduct to the FDPIC for an opinion which will be published thereafter. The FDPIC’s opinions may contain objections and recommend relevant modifications or clarifications. If the FDPIC’s opinion on the submitted code of conduct is favourable, it can be assumed that the code of conduct complies with the applicable data protection laws. This form of self-regulation offers the advantage that data controllers do not need to conduct their own data protection impact assessment if they comply with a code of conduct that is based on a previous data protection impact assessment (that is still relevant), provides for measures to protect privacy and fundamental rights and has been approved by the FDPIC.

Cantonal

The FADP applies to data processing by both private entities and federal bodies. All Swiss cantons have their own laws regulating data processing by cantonal and municipal bodies. Each canton also appoints a cantonal data protection commissioner to supervise compliance by the authorities with the applicable cantonal laws. The cantonal and municipal data protection authorities have joined together to form the association “privatim – the Conference of Swiss Data Protection Commissioners”.