-
- Art. 3 FC
- Art. 5a FC
- Art. 6 FC
- Art. 10 FC
- Art. 13 FC
- Art. 16 FC
- Art. 17 FC
- Art. 20 FC
- Art. 22 FC
- Art. 26 FC
- Art. 29a FC
- Art. 30 FC
- Art. 32 FC
- Art. 42 FC
- Art. 43 FC
- Art. 43a FC
- Art. 55 FC
- Art. 56 FC
- Art. 60 FC
- Art. 68 FC
- Art. 75b FC
- Art. 77 FC
- Art. 96 para. 1 FC
- Art. 96 para. 2 lit. a FC
- Art. 110 FC
- Art. 117a FC
- Art. 118 FC
- Art. 123a FC
- Art. 123b FC
- Art. 130 FC
- Art. 136 FC
- Art. 166 FC
- Art. 178 FC
- Art. 191 FC
-
- Art. 11 CO
- Art. 12 CO
- Art. 50 CO
- Art. 51 CO
- Art. 84 CO
- Art. 97 CO
- Art. 98 CO
- Art. 99 CO
- Art. 100 CO
- Art. 143 CO
- Art. 144 CO
- Art. 145 CO
- Art. 146 CO
- Art. 147 CO
- Art. 148 CO
- Art. 149 CO
- Art. 150 CO
- Art. 701 CO
- Art. 715 CO
- Art. 715a CO
- Art. 734f CO
- Art. 785 CO
- Art. 786 CO
- Art. 787 CO
- Art. 788 CO
- Art. 808c CO
- Transitional provisions to the revision of the Stock Corporation Act of June 19, 2020
-
- Art. 2 PRA
- Art. 3 PRA
- Art. 4 PRA
- Art. 6 PRA
- Art. 10 PRA
- Art. 10a PRA
- Art. 11 PRA
- Art. 12 PRA
- Art. 13 PRA
- Art. 14 PRA
- Art. 15 PRA
- Art. 16 PRA
- Art. 17 PRA
- Art. 19 PRA
- Art. 20 PRA
- Art. 21 PRA
- Art. 22 PRA
- Art. 23 PRA
- Art. 24 PRA
- Art. 25 PRA
- Art. 26 PRA
- Art. 27 PRA
- Art. 29 PRA
- Art. 30 PRA
- Art. 31 PRA
- Art. 32 PRA
- Art. 32a PRA
- Art. 33 PRA
- Art. 34 PRA
- Art. 35 PRA
- Art. 36 PRA
- Art. 37 PRA
- Art. 38 PRA
- Art. 39 PRA
- Art. 40 PRA
- Art. 41 PRA
- Art. 42 PRA
- Art. 43 PRA
- Art. 44 PRA
- Art. 45 PRA
- Art. 46 PRA
- Art. 47 PRA
- Art. 48 PRA
- Art. 49 PRA
- Art. 50 PRA
- Art. 51 PRA
- Art. 52 PRA
- Art. 53 PRA
- Art. 54 PRA
- Art. 55 PRA
- Art. 56 PRA
- Art. 57 PRA
- Art. 58 PRA
- Art. 59a PRA
- Art. 59b PRA
- Art. 59c PRA
- Art. 60 PRA
- Art. 60a PRA
- Art. 62 PRA
- Art. 63 PRA
- Art. 64 PRA
- Art. 67 PRA
- Art. 67a PRA
- Art. 67b PRA
- Art. 73 PRA
- Art. 73a PRA
- Art. 75 PRA
- Art. 75a PRA
- Art. 76 PRA
- Art. 76a PRA
- Art. 90 PRA
-
- Vorb. zu Art. 1 FADP
- Art. 1 FADP
- Art. 2 FADP
- Art. 3 FADP
- Art. 4 FADP
- Art. 5 lit. d FADP
- Art. 5 lit. f und g FADP
- Art. 6 para. 3-5 FADP
- Art. 6 Abs. 6 and 7 FADP
- Art. 7 FADP
- Art. 10 FADP
- Art. 11 FADP
- Art. 12 FADP
- Art. 14 FADP
- Art. 15 FADP
- Art. 19 FADP
- Art. 20 FADP
- Art. 22 FADP
- Art. 23 FADP
- Art. 25 FADP
- Art. 26 FADP
- Art. 27 FADP
- Art. 31 para. 2 lit. e FADP
- Art. 33 FADP
- Art. 34 FADP
- Art. 35 FADP
- Art. 38 FADP
- Art. 39 FADP
- Art. 40 FADP
- Art. 41 FADP
- Art. 42 FADP
- Art. 43 FADP
- Art. 44 FADP
- Art. 44a FADP
- Art. 45 FADP
- Art. 46 FADP
- Art. 47 FADP
- Art. 47a FADP
- Art. 48 FADP
- Art. 49 FADP
- Art. 50 FADP
- Art. 51 FADP
- Art. 52 FADP
- Art. 54 FADP
- Art. 55 FADP
- Art. 57 FADP
- Art. 58 FADP
- Art. 60 FADP
- Art. 61 FADP
- Art. 62 FADP
- Art. 63 FADP
- Art. 64 FADP
- Art. 65 FADP
- Art. 66 FADP
- Art. 67 FADP
- Art. 69 FADP
- Art. 72 FADP
- Art. 72a FADP
-
- Art. 2 CCC (Convention on Cybercrime)
- Art. 3 CCC (Convention on Cybercrime)
- Art. 4 CCC (Convention on Cybercrime)
- Art. 5 CCC (Convention on Cybercrime)
- Art. 6 CCC (Convention on Cybercrime)
- Art. 7 CCC (Convention on Cybercrime)
- Art. 8 CCC (Convention on Cybercrime)
- Art. 9 CCC (Convention on Cybercrime)
- Art. 11 CCC (Convention on Cybercrime)
- Art. 12 CCC (Convention on Cybercrime)
- Art. 16 CCC (Convention on Cybercrime)
- Art. 18 CCC (Convention on Cybercrime)
- Art. 25 CCC (Convention on Cybercrime)
- Art. 27 CCC (Convention on Cybercrime)
- Art. 28 CCC (Convention on Cybercrime)
- Art. 29 CCC (Convention on Cybercrime)
- Art. 32 CCC (Convention on Cybercrime)
- Art. 33 CCC (Convention on Cybercrime)
- Art. 34 CCC (Convention on Cybercrime)
-
- Art. 2 para. 1 AMLA
- Art. 2a para. 1-2 and 4-5 AMLA
- Art. 3 AMLA
- Art. 7 AMLA
- Art. 7a AMLA
- Art. 8 AMLA
- Art. 8a AMLA
- Art. 11 AMLA
- Art. 14 AMLA
- Art. 15 AMLA
- Art. 20 AMLA
- Art. 23 AMLA
- Art. 24 AMLA
- Art. 24a AMLA
- Art. 25 AMLA
- Art. 26 AMLA
- Art. 26a AMLA
- Art. 27 AMLA
- Art. 28 AMLA
- Art. 29 AMLA
- Art. 29a AMLA
- Art. 29b AMLA
- Art. 30 AMLA
- Art. 31 AMLA
- Art. 31a AMLA
- Art. 32 AMLA
- Art. 38 AMLA
FEDERAL CONSTITUTION
MEDICAL DEVICES ORDINANCE
CODE OF OBLIGATIONS
FEDERAL LAW ON PRIVATE INTERNATIONAL LAW
LUGANO CONVENTION
CODE OF CRIMINAL PROCEDURE
CIVIL PROCEDURE CODE
FEDERAL ACT ON POLITICAL RIGHTS
CIVIL CODE
FEDERAL ACT ON CARTELS AND OTHER RESTRAINTS OF COMPETITION
FEDERAL ACT ON INTERNATIONAL MUTUAL ASSISTANCE IN CRIMINAL MATTERS
DEBT ENFORCEMENT AND BANKRUPTCY ACT
FEDERAL ACT ON DATA PROTECTION
SWISS CRIMINAL CODE
CYBERCRIME CONVENTION
COMMERCIAL REGISTER ORDINANCE
FEDERAL ACT ON COMBATING MONEY LAUNDERING AND TERRORIST FINANCING
FREEDOM OF INFORMATION ACT
FEDERAL ACT ON THE INTERNATIONAL TRANSFER OF CULTURAL PROPERTY
I. Introduction
1 The fact that professional and skilled cybercriminals are increasingly using the latest technologies and the internet for their illegal purposes poses growing challenges for authorities. However, the technical possibilities for abuse do not guarantee permanent and absolute security for criminals as long as authorities take targeted action. This is because traces are left behind on data carriers and on the internet: every action carried out online, such as visiting a website, posting on social media, or shopping online, generates data that can be stored and tracked. By creating images of seized data carriers, deleted and unoverwritten data can be recovered. Such data, even if only stored temporarily, can be useful to law enforcement agencies in investigating crimes, solving crimes, or carrying out surveillance measures, provided it is secured in a timely manner.
2 Whether computer data has been stored and is still available at the time of the ongoing investigation depends, on the one hand, on the deletion behavior of the data owner and, on the other hand, on the data protection regulations of the respective contracting state.
II. Scope and objectives
3 Due to their volatile nature, computer data is easy to manipulate, modify, and delete. The risk of data loss or destruction is therefore high in practice. In order to ensure that the securing of such computer data and connection data in domestic criminal proceedings does not depend on lengthy evidence-gathering processes, but rather to prevent the deletion and alteration of evidence-relevant data in a timely manner by means of a preservation order through swift and effective measures, thereby increasing the effectiveness of the prosecution of the offenses described in more detail in the Cybercrime Convention, the Contracting States have undertaken to take the necessary legislative measures at the domestic level. The procedure for securing stored computer data immediately and in a timely manner is known in practice as the “quick freeze procedure.” The quick freeze procedure should not be confused with the immediate securing of data in a cross-border context, known as a preservation request, which is regulated in Article 29 CCC.
4 Art. 16 CCC regulates the immediate securing of data, but does not entitle the contracting states per se to order the disclosure of the data or to view its content unless expressly permitted by domestic law. The disclosure of data is regulated in Art. 18 CCC, while search and seizure are dealt with in Art. 19 CCC.
A. Para. 1: Immediate securing of computer data
5 Art. 16 para. 1 CCC guarantees the rapid securing of computer data within a contracting state in order to counteract the risk of obfuscation due to the volatility of computer data. Data should be protected “from anything that would cause its current quality or condition to change or deteriorate” and thus comprehensively protected against changes, deterioration or deletion. Preservation refers to the temporary storage of data and not the denial of access to the data. Legitimate users should continue to be able to use the data or copies thereof as long as they are not subject to seizure under Art. 19 CCC.
6 Art. 16 CCC does not oblige Contracting States to restrict the provision or use of services or to introduce new technical means for the storage and collection of data. The provision therefore does not lead to an obligation to retain data. It is merely intended to ensure that contracting states can arrange for the accelerated securing of stored computer data at the national level in order to support each other at the international level.
7 The specific form of the safeguards is left to the contracting parties. In practice, two options are available as safeguarding methods: safeguarding the original data and creating identical copies of the data.
8 According to the wording of Art. 16 para. 1 CCC, the safeguarding concerns “certain computer data, including traffic data, stored by means of a computer system.” This covers all types of computer data that have already been collected and stored by data owners or service providers, known as “stored computer data.” Connection and traffic data, known as “traffic data,” are also explicitly mentioned. The reference to traffic data serves to establish a link between the measures in Art. 16 and Art. 17 CCC. The latter provision provides for certain special features for traffic data. Future-oriented real-time collection of computer data and data retention are not covered. These are regulated in Articles 20 and 21 CCC.
9 The securing of data may be ordered or effected in a similar manner.
a) “Ordering” includes both a court or official order to secure data and an obligation on the part of the addressee of the order to actively cooperate. The latter is to be achieved by the addressee of the order securing the data unchanged and without loss (see Art. 16 para. 2 CCC).
b) The wording “or effect in a similar manner” allows the Contracting States to organize the preservation of data flexibly and with their own resources in accordance with their procedural law.
10 Preservation measures should be specified by the Contracting States in particular where there is reason to believe that computer data are particularly susceptible to loss or alteration. This may refer, for example, to situations where the data are subject to a short retention period in accordance with business policy, are deleted at regular intervals or are stored in an insecure manner.
B. Paragraph 2: Preservation of data by means of a preservation order
11 Art. 16 para. 2 CCC stipulates that in cases where computer data is preserved pursuant to Art. 16 para. 1 CCC by order against another person, the Contracting States may take measures and introduce “preservation orders” to ensure the integrity of such computer data for a limited period of time. However, Contracting States are not obliged to take such measures. Contracting States must ensure that their investigating authorities – regardless of the procedure chosen – can order or effect immediate/prompt preservation.
12 Persons who are either in possession of stored computer data or who have control over the data are considered to be addressees of orders.
13 The Contracting States may, in their domestic law, as a measure within the meaning of Art. 16 para. 2 CCC, oblige the addressees of the order to preserve the integrity of the computer data that is the subject of the order for as long as necessary, but for no longer than 90 days. However, they may also provide for an extension of this retention period. The setting of a time limit as a measure serves to give the competent authorities sufficient time to obtain the necessary authorizations and to initiate legal steps such as search, seizure, securing, or issuing a surrender order, so that they can then, in a second step, obtain knowledge of the content of the data, in particular also within the framework of mutual legal assistance within the meaning of Art. 29 CCC.
C. Paragraph 3: Duty of confidentiality
14 Art. 16 para. 3 CCC requires the contracting states to take the necessary legislative measures to ensure that, in the event of an order addressed to the depositary or a third party, they are obliged to carry out the data preservation in a confidential manner for a period specified in domestic law. This measure takes into account, on the one hand, the requirements of the law enforcement authority that suspects and third parties cannot learn of the investigations and, on the other hand, protects the privacy of the persons concerned, in particular those who are mentioned or identifiable in the data.
D. Paragraph 4
15 Through the references in Art. 16 para. 4 CCC, the Contracting States undertake to ensure that the powers and procedures referred to in Art. 16 CCC are subject to the conditions and safeguards laid down in Art. 14 and Art. 15 CCC.
III. Implementation in Switzerland
16 The securing of stored computer data in accordance with Art. 16 CCC is an important investigative tool for combating computer and IT-related crime. The Contracting States – including Switzerland – are obliged to create the necessary legislative and organizational framework conditions for this.
17 Switzerland has not incorporated the “quick freeze procedure” provided for in Art. 16 CCC as a separate measure into the applicable Swiss Criminal Procedure Code. Instead, Swiss law already complies with the requirements of Art. 16 CCC in general in that providers of telecommunications services are obliged, on the one hand, pursuant to Art. 21 para. 2 and Art. 22 para. 2 BÜPF, to ensure that identification data is collected when the customer relationship is established and that this data remains accessible throughout the customer relationship and for six months after its termination, and, on the other hand, pursuant to Art. 26 para. 5 BÜPF, to store edge data for six months.
18 Even when considered specifically, the applicable Swiss law meets the requirements of the Convention provision under Art. 16 CCC. Under the Swiss Criminal Procedure Code, computer data can either be secured by a written order of the public prosecutor's office in the context of a search under Art. 246 ff. CrimPC or added to the case file by means of a disclosure order under Art. 265 CrimPC. The securing of stored computer data in Switzerland can be divided into two categories: securing by law enforcement authorities and requests for securing to individuals. Both measures may also be taken by the police without a public prosecutor's order if there is imminent danger, thereby ensuring that stored computer data is secured in an expedited and proportionate manner.
A. Securing by law enforcement authorities
19 In Switzerland, temporary securing of data material is ordered by the public prosecutor's office (or, where applicable, the court hearing the case) in accordance with Art. 198 in conjunction with Art. 241 para. 1 and Art. 246 CrimPC in order to search records. This order ensures that data can be examined in terms of its content or nature in order to determine its admissibility as evidence and, if necessary, to seize it. Such searches and the securing of data are ordered by the police in accordance with Art. 312 CrimPC. The police then carry out a search in accordance with the instructions of the public prosecutor's office (or the court hearing the case) and either take the data carrier with them for safekeeping or make a forensic copy of the data stored on the data carriers found and to be searched (known as “data mirroring”). Mirroring ensures that data is copied to an external data carrier and protected against manipulation. In economic criminal proceedings in particular, this ensures that data within the meaning of Art. 16 para. 1 CCC can be secured immediately. On the other hand, this allows the persons affected by the search to continue using their devices to carry out their business activities, taking into account the principle of proportionality, as long as the devices do not have to be seized for the purpose of confiscation in accordance with Art. 263 CrimPC in conjunction with Art. 69 para. 1 SCC.
20 In order to ensure the security of data on digital servers or in the cloud, it is essential to immediately create a data mirror on site to prevent this data from being altered or deleted through alternative means of access. The legal basis for making copies of such records and data in the context of a search is Art. 247 para. 3 CrimPC.
B. Request for preservation from individuals
21 With regard to the search and seizure of data material, the public prosecutor's office (and, where applicable, the court of jurisdiction) also has the option, within the meaning of Art. 263 and Art. 265 CrimPC, to order the surrender and seizure of data by means of an order namely to specifically oblige the owner, under threat of punishment under Art. 292 SCC and within a specified period, to surrender the electronic data carriers and data in the original or in copy as evidence. This process is referred to as edition and editing. However, such an order to surrender data is only possible if the holder is not the accused person, a person with the right to refuse to give evidence or a company that could be held criminally or civilly liable if the data were surrendered (Art. 265 para. 2 CrimPC). A further prerequisite for issuing an order to produce evidence is that the order must be addressed to the actual holder of the data with a Swiss domicile, otherwise the route of international mutual assistance in criminal matters must be pursued.
22 If a person is obliged under Art. 2 BÜPF as the data holder to transmit the peripheral data available to them on a person under surveillance, Art. 269 ff. CrimPC apply. Provided that the conditions under Art. 269 para. 1 lit. b and c CrimPC are met and approval has been obtained from the coercive measures court, seizure based on Art. 263 CrimPC is not an option, but telecommunications service providers based in Switzerland, as owners of the peripheral data, may be required to back up the data in accordance with Art. 273 CrimPC. The procurement of inventory data is not a coercive measure and does not require the approval of the coercive measures court.
C. Lack of legal provisions regarding orders to retain data
23 In Switzerland, only telecommunications service providers are required by law to retain identification and peripheral data for a period of six months in accordance with Art. 2 BÜPF. In connection with this stored data, various federal and cantonal authorities are granted the right under Art. 15 BÜPF to obtain information on telecommunications services under Art. 21 BÜPF and on the identification of perpetrators under Art. 22 BÜPF. Such disclosure of information is equivalent to an obligation to surrender data under Art. 265 CrimPC. This does not constitute a “preservation order” within the meaning of Art. 16 para. 2 CCC.
24 By ratifying the Cybercrime Convention, Switzerland did not commit itself to introducing “preservation orders” into domestic law. Currently, the Swiss Criminal Procedure Code also does not provide any legal basis for ordering data holders and service providers to protect data from loss or alteration and to keep it available for law enforcement authorities without having to disclose it immediately. The message assumes that the possibility of obliging anyone to retain data by means of an order would go too far and would hardly be compatible with the principle of proportionality. This assessment is no longer in line with the times: due to the ongoing development of digitalization, even private individuals now have considerable storage capacity on their data carriers. Numerous trustworthy and cooperative companies voluntarily store data relevant for evidence purposes, such as customer data and technical data (not covered by the FIPCA), in accordance with Swiss data protection regulations (FADP) without being bound by any retention period. Ordering the holders of such data to extend the retention period to a maximum of 90 days is a much less severe measure than ordering the search of records at the relevant data holders (see N. 19 f. above) or requiring them to surrender the complete data immediately (see N. 21 f. above). In view of the technical possibilities available today, extending the retention period does not impose a disproportionate burden on the addressees of the order, and there is a public interest in ensuring that data collected voluntarily by private individuals can be secured as evidence for the purpose of establishing the truth before it is deleted.
25 Under the current Swiss Criminal Procedure Code, the storage of data in the possession of persons not covered by the BÜPF can also be ensured by means of a graduated order in accordance with the legal principle of argumentum a maiore ad minus: An order within the meaning of Art. 263 ff. CrimPC may be issued, whereby the data holder is first obliged, under threat of punishment for disobedience under Art. 292 SCC, to provide information, store the data and maintain confidentiality, in order to collect the data relevant to the investigation for the investigation files in a second step. Such a step-by-step obligation does not contradict the principle of numerus clausus for coercive measures (Art. 197 para. 1 lit. a CrimPC), because the first obligation to retain the data is already for the purpose of requesting the evidence-relevant data at a later date in accordance with Art. 263 CrimPC. Such a step-by-step obligation interferes less with the rights of the data holder than the search order under Art. 246 ff. CrimPC or a disclosure order under Art. 265 CrimPC. The retention period of no more than 90 days provided for in Art. 16 para. 2 CCC must be observed so that the measure does not go beyond the text of the Convention.
D. Securing of data blocked by the Federal Supreme Court despite valid application for sealing
26 In recent years, the Federal Supreme Court has had to rule several times on cases where, after electronic devices had been secured despite being sealed, a forensic backup copy (mirror image) of the data stored on them was made by the investigating authorities or by a specialist agency commissioned to do so. The Federal Supreme Court considers it inadmissible for an investigating authority to arrange for the mirroring of data after a request for sealing has been made or to transfer this task to a person or authority commissioned by it and bound by its instructions. Instead, after sealing the data carriers, the investigating authority must submit a request for mirroring to the coercive measures court, even if mirroring is urgently necessary to protect against data loss. The request may be submitted together with the application for unsealing or, in cases of urgent necessity, on a super-provisional basis. After sealing, the order to make a copy is the sole responsibility of the coercive measures court.
27 This ruling has rightly been met with considerable criticism. It also proves to be contrary to international law in light of the Cybercrime Convention. The Federal Supreme Court is ignoring the fact that Switzerland has committed itself to ensuring that computer data relevant to evidence is secured immediately in domestic proceedings in order to prevent the loss of evidence. With its ruling, the Federal Supreme Court is not only introducing a previously unknown super-provisional procedure before the coercive measures court, but also a procedure in which, even in the case of a coercive order, the collection of evidence-relevant data can be significantly jeopardized within a few hours: As long as the investigating authority cannot make or have a copy of the data made during an on-site search and must instead apply to the coercive measures court and wait for its decision, in current practice there is a considerable risk that persons with access rights will alter or delete the data stored on digital servers or in the cloud before the coercive measures court issues its decision on mirroring. New developments also offer increased protection against access by authorities, provided that immediate action is not taken. Just recently, one of the largest technology companies introduced a security feature on its (mobile) devices that blocks the USB port 60 minutes after the device is last unlocked, with the result that data cannot be read from that point on, nor can software be installed on the device that would enable subsequent reading. It can be assumed that other companies will follow suit. Consequently, certain risk scenarios – both new ones and those considered in the Explanatory Report – can only be prevented by immediate intervention by the investigating authority or the police or person appointed by it during the on-site search. The procedure established by the Federal Supreme Court, which requires a super-provisional mirroring application to be filed with the coercive measures court after sealing, significantly increases the risk of evidence being lost. This cannot be said to be more effective prosecution as intended by the Cybercrime Convention.
Bibliography
Burgermeister Daniel, Beweiserhebung in der Cloud, Master of Advanced Studies in Forensics (MAS Forensics), August 2015.
Graf Damian K., Praxishandbuch zur Siegelung, StPO inklusive revidierter Bestimmungen – VStrR – IRSG – MStP, Bern 2022.
Graf Damian K./Günal Rütsche Serdar, Datensicherung von Mobiltelefonen und Tablets – technische und (siegelungs-)rechtliche Herausforderungen im Strafverfahren, SJZ 121 (2025), S. 604 ff.
Hansjakob Thomas, Überwachungsrecht der Schweiz, Kommentar zu Art. 269 ff. StPO und zum BÜPF, Zürich 2018.
Materials
Bundesamt für Justiz, Vernehmlassungsentwurf, Genehmigung und Umsetzung des Übereinkommens des Europarates über die Cyberkriminalität, Vorentwurf und Erläuternder Bericht, Bern, März 2009, abrufbar unter https://www.bj.admin.ch/bj/de/home/sicherheit/gesetzgebung/archiv/cybercrime-europarat.html, besucht am 4.5.2025.
Botschaft über die Genehmigung und die Umsetzung des Übereinkommens des Europarates über die Cyberkriminalität vom 18.6.2010, BBl 2010 4697 ff., abrufbar unter https://www.fedlex.admin.ch/eli/fga/2010/813/de, besucht am 4.5.2025.
Botschaft zur Änderung des Schweizerischen Strafgesetzbuches (Allgemeine Bestimmungen, Einführung und Anwendung des Gesetzes) und des Militärstrafgesetzes sowie zu einem Bundesgesetz über das Jugendstrafrecht vom 21.9.1998, BBl 1999 II 1979 ff., abrufbar unter https://www.fedlex.admin.ch/eli/fga/1999/1_1979_1787_1669/de, besucht am 4.5.2025.
Europarat, Explanatory Report to the Convention on Cybercrime, Budapest, 23.11.2001, abrufbar unter https://rm.coe.int/16800cce5b, besucht am 4.5.2025 (zit. Explanatory Report).
Verordnung (EU) 2016/679 des Europäischen Parlaments und des Rates vom 27.4.2016 zum Schutz natürlicher Personen bei der Verarbeitung personenbezogener Daten, zum freien Datenverkehr und zur Aufhebung der Richtlinie 95/46/EG (Datenschutz-Grundverordnung), abrufbar unter https://eur-lex.europa.eu/legal-content/de/TXT/?uri=CELEX%3A32016R0679, besucht am 4.5.2025.