-
- Art. 5a FC
- Art. 6 FC
- Art. 10 FC
- Art. 16 FC
- Art. 17 FC
- Art. 20 FC
- Art. 22 FC
- Art. 29a FC
- Art. 30 FC
- Art. 32 FC
- Art. 42 FC
- Art. 43 FC
- Art. 43a FC
- Art. 55 FC
- Art. 56 FC
- Art. 60 FC
- Art. 68 FC
- Art. 75b FC
- Art. 77 FC
- Art. 96 para. 2 lit. a FC
- Art. 110 FC
- Art. 117a FC
- Art. 118 FC
- Art. 123b FC
- Art. 136 FC
- Art. 166 FC
-
- Art. 11 CO
- Art. 12 CO
- Art. 50 CO
- Art. 51 CO
- Art. 84 CO
- Art. 143 CO
- Art. 144 CO
- Art. 145 CO
- Art. 146 CO
- Art. 147 CO
- Art. 148 CO
- Art. 149 CO
- Art. 150 CO
- Art. 701 CO
- Art. 715 CO
- Art. 715a CO
- Art. 734f CO
- Art. 785 CO
- Art. 786 CO
- Art. 787 CO
- Art. 788 CO
- Transitional provisions to the revision of the Stock Corporation Act of June 19, 2020
- Art. 808c CO
-
- Art. 2 PRA
- Art. 3 PRA
- Art. 4 PRA
- Art. 6 PRA
- Art. 10 PRA
- Art. 10a PRA
- Art. 11 PRA
- Art. 12 PRA
- Art. 13 PRA
- Art. 14 PRA
- Art. 15 PRA
- Art. 16 PRA
- Art. 17 PRA
- Art. 19 PRA
- Art. 20 PRA
- Art. 21 PRA
- Art. 22 PRA
- Art. 23 PRA
- Art. 24 PRA
- Art. 25 PRA
- Art. 26 PRA
- Art. 27 PRA
- Art. 29 PRA
- Art. 30 PRA
- Art. 31 PRA
- Art. 32 PRA
- Art. 32a PRA
- Art. 33 PRA
- Art. 34 PRA
- Art. 35 PRA
- Art. 36 PRA
- Art. 37 PRA
- Art. 38 PRA
- Art. 39 PRA
- Art. 40 PRA
- Art. 41 PRA
- Art. 42 PRA
- Art. 43 PRA
- Art. 44 PRA
- Art. 45 PRA
- Art. 46 PRA
- Art. 47 PRA
- Art. 48 PRA
- Art. 49 PRA
- Art. 50 PRA
- Art. 51 PRA
- Art. 52 PRA
- Art. 53 PRA
- Art. 54 PRA
- Art. 55 PRA
- Art. 56 PRA
- Art. 57 PRA
- Art. 58 PRA
- Art. 59a PRA
- Art. 59b PRA
- Art. 59c PRA
- Art. 62 PRA
- Art. 63 PRA
- Art. 67 PRA
- Art. 67a PRA
- Art. 67b PRA
- Art. 75 PRA
- Art. 75a PRA
- Art. 76 PRA
- Art. 76a PRA
- Art. 90 PRA
-
- Vorb. zu Art. 1 FADP
- Art. 1 FADP
- Art. 2 FADP
- Art. 3 FADP
- Art. 5 lit. f und g FADP
- Art. 6 Abs. 6 and 7 FADP
- Art. 7 FADP
- Art. 10 FADP
- Art. 11 FADP
- Art. 12 FADP
- Art. 14 FADP
- Art. 15 FADP
- Art. 19 FADP
- Art. 20 FADP
- Art. 22 FADP
- Art. 23 FADP
- Art. 25 FADP
- Art. 26 FADP
- Art. 27 FADP
- Art. 31 para. 2 lit. e FADP
- Art. 33 FADP
- Art. 34 FADP
- Art. 35 FADP
- Art. 38 FADP
- Art. 39 FADP
- Art. 40 FADP
- Art. 41 FADP
- Art. 42 FADP
- Art. 43 FADP
- Art. 44 FADP
- Art. 44a FADP
- Art. 45 FADP
- Art. 46 FADP
- Art. 47 FADP
- Art. 47a FADP
- Art. 48 FADP
- Art. 49 FADP
- Art. 50 FADP
- Art. 51 FADP
- Art. 54 FADP
- Art. 57 FADP
- Art. 58 FADP
- Art. 60 FADP
- Art. 61 FADP
- Art. 62 FADP
- Art. 63 FADP
- Art. 64 FADP
- Art. 65 FADP
- Art. 66 FADP
- Art. 67 FADP
- Art. 69 FADP
- Art. 72 FADP
- Art. 72a FADP
-
- Art. 2 CCC (Convention on Cybercrime)
- Art. 3 CCC (Convention on Cybercrime)
- Art. 4 CCC (Convention on Cybercrime)
- Art. 5 CCC (Convention on Cybercrime)
- Art. 6 CCC (Convention on Cybercrime)
- Art. 7 CCC (Convention on Cybercrime)
- Art. 8 CCC (Convention on Cybercrime)
- Art. 9 CCC (Convention on Cybercrime)
- Art. 11 CCC (Convention on Cybercrime)
- Art. 12 CCC (Convention on Cybercrime)
- Art. 25 CCC (Convention on Cybercrime)
- Art. 29 CCC (Convention on Cybercrime)
- Art. 32 CCC (Convention on Cybercrime)
- Art. 33 CCC (Convention on Cybercrime)
- Art. 34 CCC (Convention on Cybercrime)
FEDERAL CONSTITUTION
CODE OF OBLIGATIONS
FEDERAL LAW ON PRIVATE INTERNATIONAL LAW
LUGANO CONVENTION
CODE OF CRIMINAL PROCEDURE
CIVIL PROCEDURE CODE
FEDERAL ACT ON POLITICAL RIGHTS
CIVIL CODE
FEDERAL ACT ON CARTELS AND OTHER RESTRAINTS OF COMPETITION
FEDERAL ACT ON INTERNATIONAL MUTUAL ASSISTANCE IN CRIMINAL MATTERS
DEBT ENFORCEMENT AND BANKRUPTCY ACT
FEDERAL ACT ON DATA PROTECTION
SWISS CRIMINAL CODE
CYBERCRIME CONVENTION
In a nutshell
Art. 20 FADP contains a number of exemptions from the obligation to provide information: on the one hand, exemptions where the obligation to provide information does not apply at all, e.g. if the data subject already has the relevant information or the processing is carried out in fulfillment of a legal obligation. On the other hand, the provision contains restrictions where the duty to inform continues to exist, but the information can be restricted, postponed or suspended in individual cases, e.g. if information would frustrate the purpose of the processing or overriding interests conflict with information. Art. 20 FADP serves as a corrective to a comprehensive duty to inform and ensures that the duty to inform does not become an excessive burden for data controllers and remains limited to cases where it is necessary for the protection of data subjects.
I. General
A. Norm Purpose
1 Art. 20 FADP standardizes a number of reliefs from the information obligation. The provision is intended to ensure that the information obligation applies where it is necessary for transparent data processing and the protection of data subjects, while it does not apply in cases where it would be superfluous or disproportionate. It is an expression of the legislative effort to find a balance of interests and to create targeted facilitations. Compared to the DSGVO, the list of exceptions in Art. 20 FADP is quite extensive.
B. History of origins
2 Art. 20 FADP bundles the exceptions and limitations spread over various articles in the old law (Art. 9, Art. 14 para. 4 and 5, Art. 18a and Art. 18b aDSG) and moderately supplements them. Art. 20 FADP remained undisputed in principle in the parliamentary deliberations, although the exception in the case of disproportionate effort was considered too far-reaching by parts of parliament. The group privilege pursuant to Art. 20 para. 4 FADP was added during the parliamentary deliberations.
C. System
3 The provision distinguishes between exceptions, where the obligation to provide information does not apply at all, and restrictions, where the obligation to provide information continues to apply in principle, but the controller can restrict, postpone or suspend the provision of information in individual cases. Art. 20 FADP applies to both private data controllers and federal bodies, but differentiates between private and federal bodies in the individual exceptions and restrictions.
4 The exceptions and limitations contained in Art. 20 FADP are exhaustive. A breach of the duty to inform cannot be justified under Art. 31 FADP either, since the duty to inform under Art. 19 FADP is of a public law nature and not a concretization of the processing principles under Art. 6 FADP.
D. Notes on interpretation
5 Some of the exceptions to Art. 20 FADP are quite broad and include cases in which the data processing is identifiable (legal basis, para. 1 lit. b) or the confidentiality of the personal data processed is guaranteed (legal duty of confidentiality, para. 1 lit. c), but the data subject's need for information, which is protected by the duty to inform, remains unfulfilled. It is therefore appropriate to interpret the facts rather narrowly and to bring them in line with the purpose of the duty to inform.
II. Exceptions (para. 1 and 2)
A. General
6 Art. 20 FADP specifies in para. 1 and 2 a total of six situations in which the controller is completely exempt from the obligation to inform data subjects. In these situations, the data subject also does not have to be informed about the applicability of the exemption itself. The only remedy is to exercise the right of access, although the data subject often has no reason to request access to his or her data if he or she is unaware of the data processing, and the right of access is itself subject to similar limitations (Art. 26 FADP).
B. Prior knowledge of the information (para. 1 lit. a)
7 The obligation to provide information does not apply if the data subject already has the relevant information. Data subjects do not have to be informed about things they already know, which stands to reason. A comparable exception to the duty to inform is also found in the DSGVO. In the old FADP, the exception was still somewhat narrower and referred to the information process rather than the existence of the information itself (Art. 14 para. 4 and Art. 18a para. 3 aDSG: "if the data subject has already been informed").
8 The exception initially means that data subjects do not have to be informed again in subsequent data procurements if they have already been informed on the occasion of an earlier procurement. The prerequisite is that the procurements are factually related and not too far apart in time. This applies, for example, to individual orders in an online store if information was already provided when the account was created, or to follow-up medical treatment if information was already provided in connection with the initial treatment.
9 Another application of the exception is when the data subject has consented to data processing, since valid consent under Art. 6 para. 6 FADP requires sufficient information by definition. The information required by Art. 19 FADP can therefore also be provided by means of a declaration of consent.
10 According to the dispatch, the exception should also cover situations in which the data subject sends his/her personal data to the controller without the latter's intervention. This is quite far-reaching, since the knowledge of the data subject is limited to the fact of procurement. However, there is a legitimate information interest in further circumstances of the data processing, in the example of a job application mentioned by the dispatch, for example, in whether (and how long) the application documents are also kept for future jobs, to whom they may be passed on and where they are stored.
11 Finally, the exception also includes cases in which it is clear that the data subject has waived the right to the information pursuant to Art. 19 FADP or has no interest in receiving the information. However, this must be limited to clear cases and is in any case not to be assumed already if the data subject has made his or her personal data publicly available (e.g., on a social media profile).
C. Processing required by law (para. 1 lit. b)
12 The duty to inform also does not apply if the data processing is provided for by law. The reasoning is that in these cases, the legislator has already defined the cornerstones of the data processing, weighing the various interests, and informing data subjects would therefore not provide any significant additional protection. The DSGVO contains a similar exception, but limited to the case of indirect procurement and subject to the condition that the legislative norm explicitly regulates the data processing and provides for appropriate measures to protect the legitimate interests of data subjects.
13 To fall under the exception, either the data processing itself must be prescribed by law or the data processing must be indispensable for the fulfillment of a legal obligation. With respect to private data controllers, a sufficiently precise basis in a law in the substantive sense is sufficient. For federal bodies, the standard of Art. 34 FADP applies and a law in the formal sense is required if it concerns the processing of particularly sensitive personal data, profiling is carried out, or if it concerns a serious encroachment on fundamental rights.
14 Data processing required by law is numerous in the legal system and the exception therefore has great practical significance. Examples include: Keeping the share register as well as convening and conducting the general meeting of shareholders in the case of public limited companies; identification obligations and determining the beneficial owner for the purpose of combating money laundering; notification obligations of the health authorities in connection with communicable diseases; payment of wages and preparation of certificates by the employer in the employment relationship; accounting obligations under tax and social security law.
15 The exception can also be claimed if the data controller has brought about the legal obligation itself, e.g. identification obligations under money laundering law by initiating the business relationship or processing indicated by employment law by concluding the employment contract.
16 If the data processing goes beyond the statutory obligation (e.g. if data collected for the purpose of combating a pandemic is also to be used for marketing purposes), the exception does not apply and information must be provided. Data processing that only takes place at a general level within a legally defined framework but is carried out voluntarily is also not exempt from the duty to inform. In the employee area, information is therefore regularly required, e.g. in the form of an employee data protection declaration. Even if the framework set by Art. 328b OR is not exceeded, data processing in the employee area usually goes beyond what is effectively prescribed by law.
17 In the case of federal bodies, the processing of personal data on the basis of Art. 34 FADP is in most cases based on a legal foundation. However, the corresponding legal provisions are often quite general and are often not able to guarantee the transparency aimed at by the information obligation on their own. In the correct view, para. 1 lit. b therefore only exempts federal bodies from the obligation to provide information if the data processing is expressly provided for by law and described with sufficient precision. As an example of data processing precisely described in the law, Art. 69f and 69g RTVA in conjunction with Art. 67 and 67a RTVA can be used. Art. 67 and 67a RTVV can be cited. On the other hand, to exempt federal bodies from the obligation to provide information for any processing based on the law on the basis of para. 1 lit. b would place an excessive burden on the transparency of federal data processing and make the applicability of Art. 19 FADP to federal bodies per se and the restrictions provided for specifically for federal bodies in Art. 20 para. 3 FADP largely obsolete.
D. Statutory duties of confidentiality (para. 1 lit. c)
18 Natural persons who are subject to a statutory duty of confidentiality are exempt from the obligation to provide information. This applies in particular to the professional groups mentioned in Art. 321 SCC, such as clergy, lawyers, pharmacists and doctors. The exception applies only (but still) to the area of activity protected by secrecy, but not to any other activities of a person belonging to these professional groups. Thus, if the lawyer or general practitioner processes personal data for customer acquisition (invitations to events or sending customer information) or for the provision of her website, for example, she is subject to the duty of disclosure for these activities.
19 The exception does not apply to the legal entity with which the person subject to the duty of confidentiality is employed or for which he/she works. A legal entity or a medical center must therefore also provide information about data processing in the secrecy-protected area of activity (e.g. about legal services in the monopoly area or about health services). The exception does not apply to federal bodies either.
20 According to the dispatch, the exception under para. 1 lit. c regulates a possible conflict of norms between the duty of confidentiality and the duty to inform, but this is not convincing: even in the secrecy-protected area of activity, the provision of the information required under Art. 19 FADP would not disclose any personal data and thus would not reveal any secrets. For example, a lawyer could easily inform in a general manner that the personal data contained in a legal document will be transmitted to the opposing party and the competent court. Similarly, a physician could inform about the disclosure of personal data to the health insurance company for billing purposes. Professional secrecy would not be affected in such cases. Should a conflict nevertheless exist in an individual case, it could also be resolved by means of one of the restrictions provided for in para. 3 (e.g. in the case of overriding interests).
21 The blanket exemption from the duty to provide information for persons subject to a secrecy obligation is also surprising because, although the confidentiality of the personal data processed is guaranteed if a statutory secrecy obligation applies, the need for information protected by the duty to provide information does not automatically cease to apply. For example, it remains open for which purposes the person subject to the duty of confidentiality processes the personal data, e.g. whether the doctor or the lawyer also carries out profiling and uses the collected data for marketing purposes.
22 The DSGVO contains a comparable exception in the event that the personal data collected is subject to professional secrecy. It is at the same time broader and narrower than the exception of the FADP: The exception of the DSGVO is not limited to private persons, but applies to them only in the case of indirect procurement.
E. Media Privilege (para. 1 lit. d).
23 Another exception concerns the research activities of media with regard to the publication of a journalistic work and the protection of sources. Under the same conditions under which information can be refused, information can also be waived: Art. 20 para. 1 lit. d FADP refers to Art. 27 FADP. The exception protects the information and control function of the media. If persons who are the subject of investigative research had to be informed and sources of information had to be disclosed, journalistic work would be rendered impossible and the media would not be able to fulfill the democratic function assigned to them.
24 The exception to para. 1 lit. d is only available in the case of processing of personal data with a view to publication in the editorial section of a periodically published medium (e.g. a newspaper or an online magazine). The exception cannot be invoked for so-called "advertorials" and other publications with a predominantly advertising character, nor for research activities with regard to a documentary film or another non-periodical medium. If necessary, however, another ground for exception or restriction may be invoked for such research activities, e.g., Art. 20 para. 3 lit. b FADP (frustration of purpose).
F. Impossibility of information (para. 2 lit. a)
25 If personal data are not obtained directly from the data subject, i.e. indirectly, the obligation to provide information does not apply even if it is impossible to provide the information. In cases of direct procurement, the exception is not available, which is logical. Logically, it is not possible to obtain the data directly from the data subject, but it is impossible to provide the information.
26 Impossibility to carry out the information exists, for example, if the data subject cannot be identified at all. In the example of the photo of a stranger cited in the message, however, this cannot be assumed without further ado in view of today's technological possibilities. The exception also has little practical relevance in other respects: If it is not possible to identify the data subject, the data concerned are usually not personally identifiable, and the question of the duty to inform does not even arise.
G. Disproportionate effort (para. 2 lit. b)
27 Finally, the duty to inform does not apply if personal data are obtained indirectly and informing the data subjects would require a disproportionate effort. Again, the exception cannot be claimed in the case of direct procurement. Anyone who collects personal data directly from the data subject must be expected to inform him or her about the collection.
28 The extent to which the effort is still proportionate must be determined on a case-by-case basis and is based on the effort required of the controller in relation to the information interest of the data subjects. The decisive factor is not the specific information interest of individual persons, but a generalized information interest. The more sensitive the data processed, the more extensive the processing, the more critical the modalities of the processing, the greater the criticality of the purpose of the processing and the more novel the technologies used for the processing, the greater the effort that can be expected of the data controller.
29 The dispatch cites the processing of personal data for archiving purposes as an example of disproportionate effort. In the case of a large number of persons, the information would involve a great deal of effort, while the information interest of the data subjects in such cases would regularly be limited. The analogous exemption provision in the DSGVO lists processing for scientific or historical research purposes and for statistical purposes as further examples. The information of data subjects may also be disproportionate if very large amounts of data are used for the training of Large Language Models and similar AI models, e.g., if the AI is trained with the "entire Internet". In practice, it is advisable to document in each case the considerations on the basis of which information of data subjects is no longer deemed to be proportionate.
30 The facts of para. 2 lit. b are conceived as an exception, but a restriction would have been more appropriate. If information is disproportionate, e.g. because of the large number of persons affected, a complete omission of the information does not seem appropriate. A milder (and obvious) remedy in such cases would be to provide a privacy statement on the website of the company concerned, waiving individual notification.
III. Restrictions
A. General
31 Art. 20 FADP contains in para. 3 a total of five constellations in which the information may be restricted, postponed or suspended. In contrast to the exceptions under para. 1 and 2, the obligation to provide information does not cease completely in these cases, and the information may only be restricted to the extent required by the corresponding reason in the individual case. If the reason for the restriction subsequently ceases to apply, the information must be provided subsequently. As with the exceptions, the data subject does not have to be informed about the application and scope of the restriction in the case of restrictions pursuant to para. 3, and the data subject's only recourse is to assert the right to information.
32 The possibilities for restricting information are largely based on a balancing of interests, in which the specific reason for a restriction must be set in relation to the information needs of the data subjects. In contrast, in the case of exceptions, the existence of a specific circumstance (e.g. that the data subject already has the information) usually determines whether or not the exception can be used.
B. Overriding interests of third parties (para. 3 lit. a)
33 There is a possibility to restrict the information if this is necessary due to overriding interests of third parties. The term "third party" in para. 3 lit. a is not to be understood exclusively in the plural and the overriding interest of an individual third party is also sufficient to be able to restrict the information. This possibility of restriction exists both for private responsible parties and for federal bodies.
34 The restriction can be used in cases where third parties have an interest in not providing information to the data subject and this interest outweighs the data subject's need for information. This is particularly conceivable in constellations in which the data subject would also obtain details of third parties through the information and their confidentiality interests would thereby be impaired. In practice, however, such constellations are likely to occur only rarely, since the information as such does not usually disclose any personal data.
C. Thwarting the Purpose (para. 3 lit. b)
35 It is also possible to restrict information for private data controllers and federal bodies if the purpose of the data processing is frustrated by the information. Art. 20 para. 3 lit. b FADP leaves open whether a mere impairment of the purpose of the processing is sufficient for a restriction of the information or whether a complete prevention must be given. According to the Message, the provisions of Art. 20 para. 3 FADP are to be interpreted restrictively, which is why it must be assumed that the prevention must be complete.
36 In the case of several purposes pursued with data processing, the information to the data subject must frustrate the actual main purpose, which, according to the message, must also be of considerable importance. The possibility of restricting the information is also further limited by the fact that purely economic interests generally do not fall within the scope of the restriction pursuant to para. 3 lit. b. In practice, therefore, there will be only a few cases in which private responsible parties can make use of this restriction. The scope of application is broader for federal bodies, especially in the area of criminal prosecution, although here the possibility of restriction under para. 3 lit. d no. 2 is likely to apply in most cases.
37 One example of application of the restriction is research activities in connection with investigative journalism, which do not fall under the exception of Art. 20 para. 1 lit. d FADP, e.g. because the research is carried out for a documentary and not for a periodically published medium. A suspension of the information based on para. 3 lit. b may also be justified if personal data are processed as part of the preservation of evidence for a later process and the information of the data subject would make the collection of the evidence impossible. Equally conceivable is the postponement of information when conducting behavioral studies in which the data subjects are supposed to exhibit the most natural behavior possible and information before the study is conducted would falsify the results. Similarly, in the case of justified shadowing of a person by a private investigator, its purpose would be frustrated by providing information to the person being observed.
D. Overriding interests of the data controller (para. 3 lit. c).
38 The possibility of restricting information on the basis of overriding interests of the person in charge is open only to private persons in charge. Federal bodies cannot refer to this possibility.
39 In contrast to para. 3 lit. b, economic interests such as sales promotion or product development also come into question here. Since the restriction option is directed only at private responsible parties, in many cases it will be precisely such economic interests that are at issue. However, the actual restriction of information must be preceded by a balancing of the interests of the responsible party and the information needs of the data subjects. This is a rather open-ended standard and it is therefore advisable for data controllers to document why their own interests prevail.
40 Another prerequisite for restricting the provision of information under para. 3 lit. c is that no data is disclosed to third parties. This refers to disclosures to independent responsible parties, e.g. to cooperation partners or advertising networks, but also to authorities. However, disclosures to order processors who carry out data processing on behalf of the data controller in accordance with instructions, as well as to jointly responsible parties, are not harmful. If disclosures to order processors and jointly responsible parties are also to be covered, the FADP generally refers to "recipients" instead of "third parties.
41 Pursuant to para. 4, data disclosures to group companies are also generally harmless, even if the recipient within the group is itself a data controller. In the case of the disclosure of personal data within the own group, for example in the HR area, the requirements for the possibility of restriction are therefore still met. This group privilege was not originally provided for in the draft law and was added during the parliamentary deliberations. Consequently, only disclosures to separate responsible parties outside the group's own group will lead to the exclusion of the restriction option of para. 3 lit. c.
42 para. 3 lit. c offers considerable scope for restricting the provision of information in practice, as an overriding interest of the data controller can be demonstrated for a large number of data processing operations. As a rule, overriding interests are to be assumed, for example, in the case of low-threshold data processing such as simple customer loyalty measures, where the circumstances and the manner of data processing are obvious and comprehensive information would therefore have no added value for data subjects.
E. Overriding public interests (para. 3 lit. d no. 1)
43 For federal bodies, it is possible to restrict information if this is necessary to protect overriding public interests. For private responsible parties, there is no possibility to base a restriction of information on para. 3 lit. d.
44 What is to be understood as a public interest is quite broad. The standard mentions, by way of example, interests in the internal or external security of Switzerland, which may be relevant in particular in the context of intelligence activities. However, public interests are also affected if, for example, compliance with obligations under international law, diplomatic purposes or the maintenance of relations with foreign countries are at stake. A federal body could therefore restrict information, for example, if the communication to the persons concerned would harm foreign policy relations with another country.
45 Here, too, the public interest must "prevail" and a balancing of interests is thus required for a federal organ to make use of the restriction option. However, a balancing exercise that contrasts the information needs of (individual) affected persons with national security interests is likely to often be in favor of the restriction option.
F. Threat to proceedings (para. 3 lit. d no. 2)
46 Finally, para. 3 lit. d no. 2 provides for a possibility of restriction if the information would lead to an investigation, inquiry or official or judicial proceedings being jeopardized. This option is also only available to federal bodies and cannot be used by private responsible parties. Private responsible parties must resort to another ground of exception or restriction in cases where proceedings would be jeopardized.
47 The possibility has a substantive proximity to the restriction of information if this would frustrate the actual purpose of the data processing. Unlike para. 3 lit. b, however, where the purpose must actually be frustrated, a threat is sufficient for the restriction option under para. 3 lit. d. The restriction of information is therefore not necessary. It is therefore not necessary that the threat actually materializes; the risk is sufficient.
Bibliography
Bieri Adrian/Powell Julian, Informationspflicht nach dem totalrevidierten Datenschutzgesetz, AJP 2020, S. 1533 ff.
Bühlmann Lukas/Lagler Marion, Informationspflichten und Auskunftsrecht nach dem neuen Datenschutzrecht, SZW 2021, S. 16 ff.
Cottier Bertil, Transparence des traitements de données personnelles opérés par les organes fédéraux: un pas en avant, deux en arrière, SZW 2021, S. 65 ff.
Ettlinger Claudius, Die Informationspflicht gemäss neuem Datenschutzgesetz, in Jusletter IT 16. Dezember 2021.
Pärli Kurt/Flück Nathalie, Kommentierung zu Art. 19 DSG, in: Baeriswyl Bruno/Pärli Kurt/Blonski Dominika (Hrsg.), Stämpflis Handkommentar zum DSG, 2. Aufl., Bern 2023.
Rosenthal David, Das neue Datenschutzgesetz, in: Jusletter 16. November 2020.
Vasella David, Zu den Anforderungen an die Erfüllung der Informationspflicht nach dem revDSG, datenrecht.ch, 28. Oktober 2022, abrufbar unter https://datenrecht.ch/zu-den-anforderungen-an-die-erfuellung-der-informationspflicht-nach-dem-revdsg, besucht am 25.5.2023 (zit. Informationspflicht).
Materials
Botschaft zum Bundesgesetz über die Totalrevision des Bundesgesetzes über den Datenschutz und die Änderung weiterer Erlasse zum Datenschutz vom 15.7.2017, BBl 2017 S. 6941 ff., abrufbar unter https://www.fedlex.admin.ch/eli/fga/2017/2057/de, besucht am 18.5.2023 (zit. Botschaft DSG).