-
- Art. 5a FC
- Art. 6 FC
- Art. 10 FC
- Art. 16 FC
- Art. 17 FC
- Art. 20 FC
- Art. 22 FC
- Art. 29a FC
- Art. 30 FC
- Art. 32 FC
- Art. 42 FC
- Art. 43 FC
- Art. 43a FC
- Art. 55 FC
- Art. 56 FC
- Art. 60 FC
- Art. 68 FC
- Art. 75b FC
- Art. 77 FC
- Art. 96 para. 2 lit. a FC
- Art. 110 FC
- Art. 117a FC
- Art. 118 FC
- Art. 123b FC
- Art. 136 FC
- Art. 166 FC
-
- Art. 11 CO
- Art. 12 CO
- Art. 50 CO
- Art. 51 CO
- Art. 84 CO
- Art. 143 CO
- Art. 144 CO
- Art. 145 CO
- Art. 146 CO
- Art. 147 CO
- Art. 148 CO
- Art. 149 CO
- Art. 150 CO
- Art. 701 CO
- Art. 715 CO
- Art. 715a CO
- Art. 734f CO
- Art. 785 CO
- Art. 786 CO
- Art. 787 CO
- Art. 788 CO
- Transitional provisions to the revision of the Stock Corporation Act of June 19, 2020
- Art. 808c CO
-
- Art. 2 PRA
- Art. 3 PRA
- Art. 4 PRA
- Art. 6 PRA
- Art. 10 PRA
- Art. 10a PRA
- Art. 11 PRA
- Art. 12 PRA
- Art. 13 PRA
- Art. 14 PRA
- Art. 15 PRA
- Art. 16 PRA
- Art. 17 PRA
- Art. 19 PRA
- Art. 20 PRA
- Art. 21 PRA
- Art. 22 PRA
- Art. 23 PRA
- Art. 24 PRA
- Art. 25 PRA
- Art. 26 PRA
- Art. 27 PRA
- Art. 29 PRA
- Art. 30 PRA
- Art. 31 PRA
- Art. 32 PRA
- Art. 32a PRA
- Art. 33 PRA
- Art. 34 PRA
- Art. 35 PRA
- Art. 36 PRA
- Art. 37 PRA
- Art. 38 PRA
- Art. 39 PRA
- Art. 40 PRA
- Art. 41 PRA
- Art. 42 PRA
- Art. 43 PRA
- Art. 44 PRA
- Art. 45 PRA
- Art. 46 PRA
- Art. 47 PRA
- Art. 48 PRA
- Art. 49 PRA
- Art. 50 PRA
- Art. 51 PRA
- Art. 52 PRA
- Art. 53 PRA
- Art. 54 PRA
- Art. 55 PRA
- Art. 56 PRA
- Art. 57 PRA
- Art. 58 PRA
- Art. 59a PRA
- Art. 59b PRA
- Art. 59c PRA
- Art. 62 PRA
- Art. 63 PRA
- Art. 67 PRA
- Art. 67a PRA
- Art. 67b PRA
- Art. 75 PRA
- Art. 75a PRA
- Art. 76 PRA
- Art. 76a PRA
- Art. 90 PRA
-
- Vorb. zu Art. 1 FADP
- Art. 1 FADP
- Art. 2 FADP
- Art. 3 FADP
- Art. 5 lit. f und g FADP
- Art. 6 Abs. 6 and 7 FADP
- Art. 7 FADP
- Art. 10 FADP
- Art. 11 FADP
- Art. 12 FADP
- Art. 14 FADP
- Art. 15 FADP
- Art. 19 FADP
- Art. 20 FADP
- Art. 22 FADP
- Art. 23 FADP
- Art. 25 FADP
- Art. 26 FADP
- Art. 27 FADP
- Art. 31 para. 2 lit. e FADP
- Art. 33 FADP
- Art. 34 FADP
- Art. 35 FADP
- Art. 38 FADP
- Art. 39 FADP
- Art. 40 FADP
- Art. 41 FADP
- Art. 42 FADP
- Art. 43 FADP
- Art. 44 FADP
- Art. 44a FADP
- Art. 45 FADP
- Art. 46 FADP
- Art. 47 FADP
- Art. 47a FADP
- Art. 48 FADP
- Art. 49 FADP
- Art. 50 FADP
- Art. 51 FADP
- Art. 54 FADP
- Art. 57 FADP
- Art. 58 FADP
- Art. 60 FADP
- Art. 61 FADP
- Art. 62 FADP
- Art. 63 FADP
- Art. 64 FADP
- Art. 65 FADP
- Art. 66 FADP
- Art. 67 FADP
- Art. 69 FADP
- Art. 72 FADP
- Art. 72a FADP
-
- Art. 2 CCC (Convention on Cybercrime)
- Art. 3 CCC (Convention on Cybercrime)
- Art. 4 CCC (Convention on Cybercrime)
- Art. 5 CCC (Convention on Cybercrime)
- Art. 6 CCC (Convention on Cybercrime)
- Art. 7 CCC (Convention on Cybercrime)
- Art. 8 CCC (Convention on Cybercrime)
- Art. 9 CCC (Convention on Cybercrime)
- Art. 11 CCC (Convention on Cybercrime)
- Art. 12 CCC (Convention on Cybercrime)
- Art. 25 CCC (Convention on Cybercrime)
- Art. 29 CCC (Convention on Cybercrime)
- Art. 32 CCC (Convention on Cybercrime)
- Art. 33 CCC (Convention on Cybercrime)
- Art. 34 CCC (Convention on Cybercrime)
FEDERAL CONSTITUTION
CODE OF OBLIGATIONS
FEDERAL LAW ON PRIVATE INTERNATIONAL LAW
LUGANO CONVENTION
CODE OF CRIMINAL PROCEDURE
CIVIL PROCEDURE CODE
FEDERAL ACT ON POLITICAL RIGHTS
CIVIL CODE
FEDERAL ACT ON CARTELS AND OTHER RESTRAINTS OF COMPETITION
FEDERAL ACT ON INTERNATIONAL MUTUAL ASSISTANCE IN CRIMINAL MATTERS
DEBT ENFORCEMENT AND BANKRUPTCY ACT
FEDERAL ACT ON DATA PROTECTION
SWISS CRIMINAL CODE
CYBERCRIME CONVENTION
- In a nutshell
- I. The Hippocratic oath as the first professional secret
- II. 20th century: Data protection law makes its way into the legal systems
- III. 21st century: Data protection and digitization
- Bibliography
In a nutshell
Data protection law has its origins in (ancient) professional secrecy as first developed by Hippocrates: The idea was to keep information about patients secret. From this concept, with the increasing technical progress, the associated complexity and globalization of the exchange of information, the first overall codifications of data protection law developed from 1970 onwards - first in individual countries, then gradually also across borders by international organizations and finally by the European Community. Switzerland's first data protection law came into force in 1992, the totally revised (new) data protection law on September 1, 2023.
I. The Hippocratic oath as the first professional secret
1 The first codified regulation on the protection of personal data can be traced back to the period between 460 and 370 BC: With the Hippocratic Oath, physicians undertake to this day to keep information about their patients secret. This was followed by various professional secrets, such as the midwife's secret, the confessional secret or the lawyer's secret.
II. 20th century: Data protection law makes its way into the legal systems
2 The originally profession-related requirements for the protection of personal information, such as medical secrecy, midwifery secrecy, or even attorney-client privilege, are based on the conviction that violations can be detected immediately and that the responsible persons can also be held accountable without further effort.
3 This concept of clear responsibilities was already overtaken by technological progress, the associated complexity and increasing globalization of information exchange in the last century. Thus, in the 1970s, the first questions arose about how to deal with "automated" data processing, i.e. the use of computers and the associated responsibilities and challenges for data security - suddenly, for example, it was no longer "just" the doctor who made a handwritten note in the physical patient file - the data was stored on a PC, which was at best maintained by an external IT company, and so on. The new challenges this presented heralded the creation of the first overall codifications of data protection law around 1970 - first in individual countries, then gradually across borders by international organizations, and finally by the European Community.
4Examples:
1973: Sweden.
1977: Federal Republic of Germany.
1978: Austria and France.
1980: OECD Guidelines for the Protection of Privacy and Transborder Flows of Personal Data.
1981: Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data.
1995: EU Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
2000: EU Charter of Fundamental Rights (EU-GRC) with Art. 8 "Protection of personal data".
In Switzerland, the codification movement began at both the cantonal and federal levels in the 1970s and finally culminated in the Federal Data Protection Act in 1992.
III. 21st century: Data protection and digitization
5 Still stemming from a time when "automated data processing" was the exception, the FADP was increasingly unable to meet the requirements of the digitized world. The revision of the FADP was significantly influenced by the data protection revision in the EU:
A. Impetus: Data Protection Revision in the EU
6 The European Union launched deliberations on modern data protection law in 2012. After intensive negotiations, the European Parliament and the Council of the European Union finally adopted the EU General Data Protection Regulation (DSGVO) and Directive 2016/680 in 2016.
The DSGVO mainly regulates the protection of data processed within the European single market, but also applies to the public sector. It entered into force on May 25, 2018.
Directive 2016/680 is designed to protect personal data processed for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the protection against and the prevention of threats to public security. Directive 2016/680 is aligned with the wording of the DSGVO in order to achieve a consistent basic vocabulary throughout the EU area regarding the general principles. It entered into force on May 5, 2016.
B. The Swiss path to a modern data protection law
7 On December 9, 2011, the Federal Council approved a report on the evaluation of the FADP and instructed the Federal Department of Justice and Police (FDJP) to consider legislative measures to strengthen data protection, taking into account the results of the evaluation and ongoing developments in the EU and the Council of Europe. At the time, the Federal Council was faced with the question of the extent to which transparency about data processing should be increased and the persons concerned should be made more aware of the new risks. In particular, the review of the need for legal action should also take into account the fact that minors are particularly vulnerable when it comes to the processing of their data. At the same time, however, the Federal Council also emphasized that the review of legislative measures must also take into account the fact that data protection measures may conflict with other interests. Therefore, in addition to the protection of privacy, the interests of the economy, the right to freedom of opinion and information, and other private and public interests must also be taken into account. This work was carried out with the involvement of an advisory group, which defined the need for legislative action by 2014.
8 After the Federal Council took note of the report of the advisory group on April 1, 2015, it instructed the FDJP to prepare a preliminary draft for a revision of the FADP by the end of August 2016 at the latest. This preliminary draft for a total revision of the FADP and for amending other enactments on data protection was sent out for consultation on December 21, 2016.
9 The Federal Council finally adopted the dispatch on the "new" Data Protection Act on September 15, 2017. The Federal Council's goal was to "adapt data protection to the Internet age and strengthen the position of citizens. At the same time, the Swiss data protection level was to be brought into line with that of the EU in order to preserve the adequacy decision, which is important for the free transfer of data between Swiss companies and those in the EU.
10 The parliamentary deliberations were difficult; in some cases, there were fundamentally divergent opinions as to how far the new data protection law should go. At the same time, however, time was of the essence: individual provisions of the new data protection law were "Schengen-relevant" and had to be implemented within two years of the entry into force of the corresponding Schengen law. Parliament therefore decided to split the bill: The so-called "Schengen Data Protection Act" was passed on September 28, 2018, and entered into force on March 1, 2019. It was repealed or re-integrated into the Data Protection Act when the new Data Protection Act came into force. The "Schengen Data Protection Act" regulated the processing of personal data by federal bodies for the purpose of preventing, investigating, or prosecuting criminal offenses or the execution of sentences, including the protection against and the prevention of threats to public security.
11 In a second stage, those aspects of the data protection revision were then discussed that were not relevant to the Schengen area and were strongly influenced by the DSGVO. These included in particular the innovations for the processing of personal data by private individuals (i.e. primarily companies). The discussions focused on the following topics:
Strengthening the rights of data subjects: Extension of the right to information (OC-Steiger on Art. 25 FADP) and introduction of a right to data portability (see OC commentary on Art. 28 FADP).
Extension of the obligations of data controllers and processors: introduction of the principle of privacy by design and default (OC Claus on Art. 7 FADP) and the obligation to conduct a data protection impact assessment for certain forms of data processing (OC Harasgama on Art. 22 FADP) and to report breaches of data subject protection to the supervisory authority (OC de la Cruz on Art. 24 FADP).
Introduction of a catalog of sanctions (OK-Gassmann on Art. 60 ff. FADP) and strengthening the competences of the FDPIC (OK-Reinle on Art. 49 FADP; OK-Fanger/Oehri on Art. 50 FADP).
12 Finally, after three years, the revised Data Protection Act could be adopted on September 25, 2020. The referendum passed unused, which is why the law entered into force on September 1, 2023, together with the implementing ordinance (DSV), which was also totally revised.
The author gives her personal assessment in this commentary.
Bibliography
Husi-Stämpfli Sandra, Kommentierung zur Entstehungsgeschichte des DSG, in: Baeriswyl Bruno/Pärli Kurt/Blonski Dominika (Hrsg.), Datenschutzgesetz, Stämpflis Handkommentar, 2. Auflage, Bern 2023.