On a national level, data privacy is protected by the Swiss Federal Constitution. Data protection is mainly regulated in the Federal Act on Data Protection (FADP), the Federal Ordinance to the Federal Act on Data Protection (DPO) and the Federal Ordinance on Data Protection Certification (DPCO). Various other Swiss laws contain data protection rules relevant for specific fields of application. For example, the Swiss Civil Code protects various aspects of individual personality rights.
On 1 April 2015, the Swiss Federal Council formally decided to revise the FADP. At the end of 2017, the Federal Council approved a draft bill revising the FADP, which it referred, together with the associated dispatch, to the Swiss Parliament. The Swiss Parliament adopted the totally revised FADP on 25 September 2020. The Federal Council adopted the final version of the revised Data Protection Ordinance (DPO), and the revised Ordinance on Data Protection Certifications (DPCO) on 31st August 2022. The entry into force of the revised FADP and the aforementioned ordinances will occur on 1 September 2023.
As Switzerland is neither a member of the European Union (EU) nor a member of the European Economic Area (EEA), EU law is in principle not directly applicable in Switzerland (please note, however, that applicable bilateral and multilateral international agreements ratified by Switzerland may contain regulations relating to data privacy). EU data protection laws are nevertheless relevant from a Swiss perspective. In fact due to its extraterritorial scope, the EU General Data Protection Regulation (GDPR) is directly relevant for many Swiss undertakings, as many Swiss companies fall within the scope of the GDPR because of their orientation towards the EEA (see news 18.12.2015).