-
- Art. 5a FC
- Art. 6 FC
- Art. 10 FC
- Art. 16 FC
- Art. 17 FC
- Art. 20 FC
- Art. 22 FC
- Art. 29a FC
- Art. 30 FC
- Art. 32 FC
- Art. 42 FC
- Art. 43 FC
- Art. 43a FC
- Art. 55 FC
- Art. 56 FC
- Art. 60 FC
- Art. 68 FC
- Art. 75b FC
- Art. 77 FC
- Art. 96 para. 2 lit. a FC
- Art. 110 FC
- Art. 117a FC
- Art. 118 FC
- Art. 123b FC
- Art. 136 FC
- Art. 166 FC
-
- Art. 11 CO
- Art. 12 CO
- Art. 50 CO
- Art. 51 CO
- Art. 84 CO
- Art. 143 CO
- Art. 144 CO
- Art. 145 CO
- Art. 146 CO
- Art. 147 CO
- Art. 148 CO
- Art. 149 CO
- Art. 150 CO
- Art. 701 CO
- Art. 715 CO
- Art. 715a CO
- Art. 734f CO
- Art. 785 CO
- Art. 786 CO
- Art. 787 CO
- Art. 788 CO
- Transitional provisions to the revision of the Stock Corporation Act of June 19, 2020
- Art. 808c CO
-
- Art. 2 PRA
- Art. 3 PRA
- Art. 4 PRA
- Art. 6 PRA
- Art. 10 PRA
- Art. 10a PRA
- Art. 11 PRA
- Art. 12 PRA
- Art. 13 PRA
- Art. 14 PRA
- Art. 15 PRA
- Art. 16 PRA
- Art. 17 PRA
- Art. 19 PRA
- Art. 20 PRA
- Art. 21 PRA
- Art. 22 PRA
- Art. 23 PRA
- Art. 24 PRA
- Art. 25 PRA
- Art. 26 PRA
- Art. 27 PRA
- Art. 29 PRA
- Art. 30 PRA
- Art. 31 PRA
- Art. 32 PRA
- Art. 32a PRA
- Art. 33 PRA
- Art. 34 PRA
- Art. 35 PRA
- Art. 36 PRA
- Art. 37 PRA
- Art. 38 PRA
- Art. 39 PRA
- Art. 40 PRA
- Art. 41 PRA
- Art. 42 PRA
- Art. 43 PRA
- Art. 44 PRA
- Art. 45 PRA
- Art. 46 PRA
- Art. 47 PRA
- Art. 48 PRA
- Art. 49 PRA
- Art. 50 PRA
- Art. 51 PRA
- Art. 52 PRA
- Art. 53 PRA
- Art. 54 PRA
- Art. 55 PRA
- Art. 56 PRA
- Art. 57 PRA
- Art. 58 PRA
- Art. 59a PRA
- Art. 59b PRA
- Art. 59c PRA
- Art. 62 PRA
- Art. 63 PRA
- Art. 67 PRA
- Art. 67a PRA
- Art. 67b PRA
- Art. 75 PRA
- Art. 75a PRA
- Art. 76 PRA
- Art. 76a PRA
- Art. 90 PRA
-
- Vorb. zu Art. 1 FADP
- Art. 1 FADP
- Art. 2 FADP
- Art. 3 FADP
- Art. 5 lit. f und g FADP
- Art. 6 Abs. 6 and 7 FADP
- Art. 7 FADP
- Art. 10 FADP
- Art. 11 FADP
- Art. 12 FADP
- Art. 14 FADP
- Art. 15 FADP
- Art. 19 FADP
- Art. 20 FADP
- Art. 22 FADP
- Art. 23 FADP
- Art. 25 FADP
- Art. 26 FADP
- Art. 27 FADP
- Art. 31 para. 2 lit. e FADP
- Art. 33 FADP
- Art. 34 FADP
- Art. 35 FADP
- Art. 38 FADP
- Art. 39 FADP
- Art. 40 FADP
- Art. 41 FADP
- Art. 42 FADP
- Art. 43 FADP
- Art. 44 FADP
- Art. 44a FADP
- Art. 45 FADP
- Art. 46 FADP
- Art. 47 FADP
- Art. 47a FADP
- Art. 48 FADP
- Art. 49 FADP
- Art. 50 FADP
- Art. 51 FADP
- Art. 54 FADP
- Art. 57 FADP
- Art. 58 FADP
- Art. 60 FADP
- Art. 61 FADP
- Art. 62 FADP
- Art. 63 FADP
- Art. 64 FADP
- Art. 65 FADP
- Art. 66 FADP
- Art. 67 FADP
- Art. 69 FADP
- Art. 72 FADP
- Art. 72a FADP
-
- Art. 2 CCC (Convention on Cybercrime)
- Art. 3 CCC (Convention on Cybercrime)
- Art. 4 CCC (Convention on Cybercrime)
- Art. 5 CCC (Convention on Cybercrime)
- Art. 6 CCC (Convention on Cybercrime)
- Art. 7 CCC (Convention on Cybercrime)
- Art. 8 CCC (Convention on Cybercrime)
- Art. 9 CCC (Convention on Cybercrime)
- Art. 11 CCC (Convention on Cybercrime)
- Art. 12 CCC (Convention on Cybercrime)
- Art. 25 CCC (Convention on Cybercrime)
- Art. 29 CCC (Convention on Cybercrime)
- Art. 32 CCC (Convention on Cybercrime)
- Art. 33 CCC (Convention on Cybercrime)
- Art. 34 CCC (Convention on Cybercrime)
FEDERAL CONSTITUTION
CODE OF OBLIGATIONS
FEDERAL LAW ON PRIVATE INTERNATIONAL LAW
LUGANO CONVENTION
CODE OF CRIMINAL PROCEDURE
CIVIL PROCEDURE CODE
FEDERAL ACT ON POLITICAL RIGHTS
CIVIL CODE
FEDERAL ACT ON CARTELS AND OTHER RESTRAINTS OF COMPETITION
FEDERAL ACT ON INTERNATIONAL MUTUAL ASSISTANCE IN CRIMINAL MATTERS
DEBT ENFORCEMENT AND BANKRUPTCY ACT
FEDERAL ACT ON DATA PROTECTION
SWISS CRIMINAL CODE
CYBERCRIME CONVENTION
- In a nutshell
- I. General
- II. No vacuum of responsibility
- III. Shared responsibility
- IV. Control procedure
- V. Regulatory regime
- VI. Liability issues
- Bibliography
In a nutshell
Since the processing of personal data is increasingly not only carried out jointly by several federal agencies, but also jointly with cantonal or municipal agencies or even private individuals, there is a need for clear regulations on responsibilities. Art. 33 FADP empowers the Federal Council to define responsibilities in these constellations.
I. General
A. History
1 The predecessor provision in Art. 16 aDSG was split up with the data protection revision. Art. 16 para. 1 aDSG, which governed general responsibility, was transferred to Art. 5 lit. j. Art. 16 para. 2 aDSG, which regulated the responsibility in the case of several data processors involved, was transferred to Art. 33 FADP.
B. Purpose of the Norm
2 Art. 5 lit. j FADP defines who is to be subsumed under the term "data controller" (see OK-Hofmann on Art. 5 lit. j FADP): the connecting factor is the decision-making authority over the purpose and means of the data processing operations. Which federal body has this decision-making authority is determined by the respective special laws that serve as the legal basis for the data processing.
3 Since the processing of personal data is increasingly not only carried out jointly by several federal agencies, but data processing operations that cross the federal levels are also part of everyday life and even private persons can access common information stocks, there is a need for clear regulation of responsibilities. Otherwise, there is a risk that many agencies will process the personal data in question, but no one will feel responsible.
II. No vacuum of responsibility
4 Art. 33 FADP empowers the Federal Council to regulate the responsibilities for compliance with data protection law as well as the associated controls if several federal bodies, or federal bodies and cantonal or private third parties are jointly involved in data processing operations. This regulation does not take place in the DPA, but in the respective special legislation or in the associated implementing ordinances. Thus, Art. 33 FADP explicitly states that the Federal Council shall regulate the control procedures and responsibility in the case of joint processing of personal data.
III. Shared responsibility
5 Three constellations are conceivable for the joint processing of personal data:
A special law or the Federal Council may, in an ordinance, assign sole responsibility for joint data processing to a federal body (Art. 5 lit. j FADP).
From a special law or an ordinance, a relationship of superiority or subordination can be identified for joint data processing, which is reflected in a primary and a secondary responsibility. An example of this is commissioned data processing (Art. 5 lit. k FADP).
A parallel responsibility for joint data processing may arise from a special law or an ordinance (Art. 33 FADP), which must be differentiated by a clear division of labor in the special law or ordinance.
IV. Control procedure
6The concept of the control procedure is to be understood as supervision of the data processing operations. In the first constellation of sole responsibility, as well as in the case of clear primary and secondary responsibility, there is unilateral supervision of the sole responsible party or the primary responsible party vis-à-vis those involved in joint data processing. In the second constellation of parallel responsibility for joint data processing, reciprocal control procedures must naturally be established. The details regarding the scope, the manner as well as the regularity of the control procedures shall be regulated in the special law or ordinance.
V. Regulatory regime
7 In the case of joint data processing by federal bodies with cantonal bodies and private persons, different regulatory regimes shall apply. For federal bodies, the special provisions on data processing pursuant to Art. 33 ff. FADP, for private persons the special provisions in Art. 30 ff. FADP apply, and cantonal law applies to cantonal bodies. Even if joint data processing is involved, a clear distinction must always be made as to which actor is bound by which obligations.
VI. Liability issues
8 The liability of federal bodies, cantonal bodies and private persons is governed by different standards: For federal bodies according to the Liability Act (VGG), for cantonal bodies according to the cantonal liability laws and for private persons according to civil law. The extent to which a responsible party can be liable externally for the entire damage caused by the joint data processing (cf. joint and several liability) is unclear. It is also unclear to what extent breaches of duty by third parties can be imputed to a data controller on the basis of the obligation to control.
The author provides her personal assessment in this commentary.
Bibliography
Mund Claudia, Kommentierung zu Art. 33 DSG, in: Baeriswyl Bruno/Pärli Kurt/Blonski Dominika (Hrsg.), Datenschutzgesetz, Stämpflis Handkommentar, 2. Aufl., Bern 2023.
Rudin Beat, Kommentierung zu Art. 5 DSG, in: Baeriswyl Bruno/Pärli Kurt/Blonski Dominika (Hrsg.), Datenschutzgesetz, Stämpflis Handkommentar, 2. Aufl., Bern 2023.
Ballenberger Sara, Kommentierung zu Art. 16 DSG, in: Maurer-Lambrou Urs/Blechta Gabor-Paul (Hrsg.), Datenschutzgesetz / Öffentlichkeitsgesetz, Basler Kommentar, 3. Aufl., Basel 2014