Introduction

On 21 December 2016, the Swiss Federal Council issued a preliminary draft of a revised Swiss Federal Data Protection Act (DPA), proposing a major overhaul of the current Swiss data protection regime. At the end of the consultation process for this preliminary draft, the opinions of the various parties involved, from businesses to cantons and political parties, were published. Consequently, on 15 September 2017 the Swiss Federal Council issued the draft DPA. This draft act is now set to go through the parliamentary vetting process (and eventual referendum) before entering into force as the new DPA.

The overhaul of the DPA has been prompted in part by the changes affecting European legislation. Indeed, two European acts, Regulation EU 2016/679 – the so-called General Data Protection Regulation –, and Directive EU 2016/680 as well as amendments to the Council of Europe Treaty 108 bring extensive changes to the legal landscape.

Moreover, the fast-evolving technological backdrop has progressively been eroding the relevance of the present DPA, which was drafted before the emergence of many of today’s key technologies and processes.