-
- Art. 5a FC
- Art. 6 FC
- Art. 10 FC
- Art. 16 FC
- Art. 17 FC
- Art. 20 FC
- Art. 22 FC
- Art. 29a FC
- Art. 30 FC
- Art. 32 FC
- Art. 42 FC
- Art. 43 FC
- Art. 43a FC
- Art. 55 FC
- Art. 56 FC
- Art. 60 FC
- Art. 68 FC
- Art. 75b FC
- Art. 77 FC
- Art. 96 para. 2 lit. a FC
- Art. 110 FC
- Art. 117a FC
- Art. 118 FC
- Art. 123b FC
- Art. 136 FC
- Art. 166 FC
-
- Art. 11 CO
- Art. 12 CO
- Art. 50 CO
- Art. 51 CO
- Art. 84 CO
- Art. 143 CO
- Art. 144 CO
- Art. 145 CO
- Art. 146 CO
- Art. 147 CO
- Art. 148 CO
- Art. 149 CO
- Art. 150 CO
- Art. 701 CO
- Art. 715 CO
- Art. 715a CO
- Art. 734f CO
- Art. 785 CO
- Art. 786 CO
- Art. 787 CO
- Art. 788 CO
- Transitional provisions to the revision of the Stock Corporation Act of June 19, 2020
- Art. 808c CO
-
- Art. 2 PRA
- Art. 3 PRA
- Art. 4 PRA
- Art. 6 PRA
- Art. 10 PRA
- Art. 10a PRA
- Art. 11 PRA
- Art. 12 PRA
- Art. 13 PRA
- Art. 14 PRA
- Art. 15 PRA
- Art. 16 PRA
- Art. 17 PRA
- Art. 19 PRA
- Art. 20 PRA
- Art. 21 PRA
- Art. 22 PRA
- Art. 23 PRA
- Art. 24 PRA
- Art. 25 PRA
- Art. 26 PRA
- Art. 27 PRA
- Art. 29 PRA
- Art. 30 PRA
- Art. 31 PRA
- Art. 32 PRA
- Art. 32a PRA
- Art. 33 PRA
- Art. 34 PRA
- Art. 35 PRA
- Art. 36 PRA
- Art. 37 PRA
- Art. 38 PRA
- Art. 39 PRA
- Art. 40 PRA
- Art. 41 PRA
- Art. 42 PRA
- Art. 43 PRA
- Art. 44 PRA
- Art. 45 PRA
- Art. 46 PRA
- Art. 47 PRA
- Art. 48 PRA
- Art. 49 PRA
- Art. 50 PRA
- Art. 51 PRA
- Art. 52 PRA
- Art. 53 PRA
- Art. 54 PRA
- Art. 55 PRA
- Art. 56 PRA
- Art. 57 PRA
- Art. 58 PRA
- Art. 59a PRA
- Art. 59b PRA
- Art. 59c PRA
- Art. 62 PRA
- Art. 63 PRA
- Art. 67 PRA
- Art. 67a PRA
- Art. 67b PRA
- Art. 75 PRA
- Art. 75a PRA
- Art. 76 PRA
- Art. 76a PRA
- Art. 90 PRA
-
- Vorb. zu Art. 1 FADP
- Art. 1 FADP
- Art. 2 FADP
- Art. 3 FADP
- Art. 5 lit. f und g FADP
- Art. 6 Abs. 6 and 7 FADP
- Art. 7 FADP
- Art. 10 FADP
- Art. 11 FADP
- Art. 12 FADP
- Art. 14 FADP
- Art. 15 FADP
- Art. 19 FADP
- Art. 20 FADP
- Art. 22 FADP
- Art. 23 FADP
- Art. 25 FADP
- Art. 26 FADP
- Art. 27 FADP
- Art. 31 para. 2 lit. e FADP
- Art. 33 FADP
- Art. 34 FADP
- Art. 35 FADP
- Art. 38 FADP
- Art. 39 FADP
- Art. 40 FADP
- Art. 41 FADP
- Art. 42 FADP
- Art. 43 FADP
- Art. 44 FADP
- Art. 44a FADP
- Art. 45 FADP
- Art. 46 FADP
- Art. 47 FADP
- Art. 47a FADP
- Art. 48 FADP
- Art. 49 FADP
- Art. 50 FADP
- Art. 51 FADP
- Art. 54 FADP
- Art. 57 FADP
- Art. 58 FADP
- Art. 60 FADP
- Art. 61 FADP
- Art. 62 FADP
- Art. 63 FADP
- Art. 64 FADP
- Art. 65 FADP
- Art. 66 FADP
- Art. 67 FADP
- Art. 69 FADP
- Art. 72 FADP
- Art. 72a FADP
-
- Art. 2 CCC (Convention on Cybercrime)
- Art. 3 CCC (Convention on Cybercrime)
- Art. 4 CCC (Convention on Cybercrime)
- Art. 5 CCC (Convention on Cybercrime)
- Art. 6 CCC (Convention on Cybercrime)
- Art. 7 CCC (Convention on Cybercrime)
- Art. 8 CCC (Convention on Cybercrime)
- Art. 9 CCC (Convention on Cybercrime)
- Art. 11 CCC (Convention on Cybercrime)
- Art. 12 CCC (Convention on Cybercrime)
- Art. 25 CCC (Convention on Cybercrime)
- Art. 29 CCC (Convention on Cybercrime)
- Art. 32 CCC (Convention on Cybercrime)
- Art. 33 CCC (Convention on Cybercrime)
- Art. 34 CCC (Convention on Cybercrime)
FEDERAL CONSTITUTION
CODE OF OBLIGATIONS
FEDERAL LAW ON PRIVATE INTERNATIONAL LAW
LUGANO CONVENTION
CODE OF CRIMINAL PROCEDURE
CIVIL PROCEDURE CODE
FEDERAL ACT ON POLITICAL RIGHTS
CIVIL CODE
FEDERAL ACT ON CARTELS AND OTHER RESTRAINTS OF COMPETITION
FEDERAL ACT ON INTERNATIONAL MUTUAL ASSISTANCE IN CRIMINAL MATTERS
DEBT ENFORCEMENT AND BANKRUPTCY ACT
FEDERAL ACT ON DATA PROTECTION
SWISS CRIMINAL CODE
CYBERCRIME CONVENTION
- In a nutshell
- I. General
- II. para. 1: Annual publication of the activity report
- III. Para. 2: Publication of findings and rulings of general interest
- Bibliography
- Materials
In a nutshell
The provision on the FDPIC's public relations work is one of the most important but less well-known provisions of the Data Protection Act. As early as the 1980s, international experience showed that successful implementation of the data protection provisions requires a dialogue between the supervisory authority and the other federal authorities or the civilian population (e.g., when it is a question of pointing out a need for legislative action or exerting pressure on certain data controllers who do not comply with the legal provisions).
Art. 57 para. 1 FADP obliges the FDPIC to inform the Federal Assembly - the electoral body of the FDPIC according to Art. 43 para. 1 FADP - about its activities once a year. The Federal Council is informed in writing about the activities of the FDPIC. The second paragraph is intended to enable the FDPIC to carry out his information mandate independently of the supervised federal authorities. The provision is worded very openly. Thus, the FDPIC has numerous possibilities to carry out his legal information mandate.
I. General
A. Normative purpose and background
1 Article 57 FADP is not one of the most well-known provisions of the FADP. Nevertheless, this legal provision on the FDPIC's public awareness activities plays a crucial role in ensuring that data protection law requirements can be implemented in practice. Indeed, awareness of data protection law in both the private and public sectors is primarily raised through the public relations work of the FDPIC (and the cantonal and municipal data protection commissioners). Successfully raising public awareness of data protection requires a dialogue between the supervisory authority and the public. Data protection considerations or measures should therefore not remain purely internal to the data-processing agencies, either in the private or public sector, but should be brought to the attention of the public in a very conscious and proactive manner.
2 The public awareness activities of the FDPIC pursue several concrete goals. On the one hand, it contributes to strengthening the effectiveness of the FDPIC's supervisory activities (Art. 49 to 53 FADP) - as part of its supervisory activities, the FDPIC can sanction unlawful data processing. Based on Art. 57 FADP, it can publish its findings and thus put pressure on the offending data controller as well as encourage other data controllers not directly affected by the investigation to adapt their practices. On the other hand, the FDPIC's public relations work can decisively relieve the FDPIC in his advisory role (Art. 58 FADP). The publication of easily understandable aids, such as guidelines, sample letters or FAQs, contributes decisively to reducing the effort required for personal consultation and to preventing potential data protection violations.
3 Furthermore, based on its public relations work, the FDPIC can give an account of its activities to the electoral body (Federal Assembly pursuant to Art. 43 para. 1 FADP) and thus provide the Federal Assembly with an overview of its official conduct.
4 Public relations work within the meaning of Art. 57 FADP then offers the FDPIC the opportunity to publish information about problematic developments and to point out any need for legislative action that it deems necessary.
5 In the present case, it should be noted that the individual enforcement of rights via the civil courts provided for by the legislator (Art. 32 para. 2 FADP) plays a subordinate or (almost) no role in practice. In view of lengthy and costly proceedings with an uncertain outcome, it is extremely rare for those affected to initiate proceedings before the competent court. This is all the more true as more and more data processing is carried out by private individuals abroad. Thus, a promising proceeding before a Swiss civil court becomes (almost) impossible. As a result, fundamental questions of data protection are rarely addressed in case law, and the few court decisions have only limited significance beyond the individual case. The FDPIC therefore plays an important role in law enforcement thanks to its public relations work.
B. History of origins
Ad para. 1:
6 A provision very similar to the current para. 1 was already contained in Art. 30 aDSG. Based on international experience, which had already shown in the 1980s that awareness of data protection law is strengthened, among other things, by the public relations work of the data protection authorities, this provision had been incorporated into Swiss law in 1988 and entered into force in 1992.
7 Art. 30a FADP did not give rise to any debates in Parliament - the article corresponded to the Federal Council's draft of 1988. This also applies to Art. 57 FADP. In the context of the revision, the provision was only clarified insofar as the FDPIC now has to report annually (and no longer periodically). This clarification corresponds to the practice under the old law.
8 The FDPIC reports to the Federal Assembly and thus provides the electoral body with an overview of the performance of his duties. As under the old law, the Federal Council receives only the written activity report.
9 Furthermore, the expression "as well as when necessary" has been deleted. From now on, the FDPIC will report once a year. Neither the evaluation of the consultation nor the dispatch address this deletion. In practice, the possibility to inform the public also when necessary (i.e. at any time and not only once a year) has not played a major role. Moreover, it should be pointed out in this context that the FDPIC may, if necessary, inform the public about its activities on the basis of Art. 57 para. 2 FADP.
Ad para. 2:
10 Art. 57 para. 2 FADP was shortened in the revision compared to para. 2 under the old FADP. In line with the increased independence of the FDPIC already requested in December 2011, the FDPIC can now decide for itself what it informs the public about. The publication of personal data subject to official secrecy no longer depends on the consent of the authority concerned, and an explicit distinction between personal and factual data in the context of the FDPIC's information mandate is no longer provided for.
11 The second paragraph also states that the FDPIC "informs" and not merely "may inform" about findings in the general interest. This linguistic clarification is to be welcomed, but changes little in practice. The "may" provision under the old law already established a binding information mandate.
C. Comparative law
Ad para. 1:
12 The regular preparation of an activity report was already provided for in Art. 28 para. 5 Directive 95/46/EC and has been regulated in Art. 59 DSGVO since 25 May 2018. In terms of content, this provision differs from Art. 57 para. 1 FADP in that the corresponding European law rule specifies a possible content of the activity report (list of reported types of breaches and types of measures taken under Art. 58 para. 2 DSGVO).
13 Art. 15 para. 7 ETS 108 states that each European supervisory authority shall regularly prepare and subsequently publish an activity report. According to the explanatory report, an activity report must be published once a year. This report must contain, in particular, information on the measures taken to enforce national data protection legislation. Except for the fact that the revised FADP does not specify any content, the Swiss legislator has adopted both the Council of Europe and EU requirements. It goes without saying, however, that measures taken to enforce data protection provisions are mentioned in the FDPIC's activity report even without a corresponding legal requirement.
Ad para. 2:
14 Art. 15 para. 2 lit. e ETS 108 sets out the framework for the awareness-raising tasks of the supervisory authorities. According to the explanatory report, the supervisory authorities must proactively make visible the measures they take, their tasks and their competences. For this purpose, they may publish regular activity reports (cf. Art. 15 para. 7 ETS 108), opinions or general recommendations. They can also raise public awareness through other, freely selectable communication channels. According to the explanatory report, public relations work also includes informing individuals and data controllers about their respective rights and obligations in appropriate, i.e. easily understandable, language (especially if the data processing concerns children or other particularly vulnerable individuals).
II. para. 1: Annual publication of the activity report
A. Annual publication
15 In the context of the revision, Art. 30 aDSG was slightly clarified: the publication must take place "annually". This specification was requested in the consultation, but changes little in practice. The law still does not contain any specifications regarding the time of publication. Under the old law, it was customary for the report to cover the period between April 1 and March 31 of the following year and to be published at the end of June. A press conference is held on the occasion of each publication. The FDPIC presents the report in person, often accompanied by another member of the management, and takes questions from members of the media. There is nothing to indicate that this practice will not be maintained under the new law.
16 The report is not submitted to the Federal Council or the Federal Assembly for any adjustments, either before or after publication. In other words, the report is published in the same way as it is submitted to the Federal Assembly and the Federal Council (cf. the specifications in Art. 37 FADP in this regard). Among other things, the FDPIC also exercises supervision over the data processing carried out by the federal bodies. It is therefore conceivable that, depending on the results of the investigation, federal bodies audited under supervisory law could demand certain adjustments to the activity report. Against this background, the publication of the unchanged activity report is to be welcomed and contributes to strengthening the independence of the FDPIC.
17 A presentation of the activity report before the commission responsible for preparing the election of the FDPIC or in the councils is not envisaged, even if this is occasionally demanded in the doctrine.
B. Activity report
18 The activity report is the centerpiece of the FDPIC's public relations work (see Art. 57 para. 2 and Art. 58 FADP for other ways to raise public awareness).
19 Unlike European law - i.e., Art. 59 DSGVO and Art. 15 para. 7 ETS 108 - neither the FADP nor the DPO impose substantive requirements in Switzerland. The FDPIC is thus in principle free to decide on the content of the activity report. Pursuant to Art. 58 para. 1 lit. f FADP, the Data Protection Commissioner also performs the duties assigned to him by the Public Information Act of 17 December 2004 (FoIA, SR 152.3). According to Art. 19 FoIA, the Public Information Officer must regularly report to the Federal Council and publish this report. Since the FoIA entered into force on July 1, 2006, the FDPIC has published an activity report that tracks both his activities as data protection commissioner and his duties as public information commissioner.
20 The activity report follows a similar structure year after year, although the weighting of the individual topics may vary: Current Challenges, Data Protection (Digitization and Fundamental Rights; Justice, Police, Security; Tax and Finance; Commerce and Economy; Health; Labor; Insurance; Transportation; International), Public Principle (General; Access Requests; Arbitration Procedures; Legislative Procedures), the FDPIC (Tasks and Resources; Communication; Statistics; Organization of the FDPIC). Moreover, the FDPIC sets several thematic priorities per activity report. For example, it devoted its first focus in the 2020/2021 activity report to the revised FADP and its second focus to the Privacy Shield and the challenges associated with it.
21 Like all federal authorities, the FDPIC must observe the applicable legal provisions in the performance of its statutory duties, namely those relating to the protection of industrial and commercial secrets. In addition, it is subject to official secrecy under Article 22 of the Federal Personnel Act (BPG, SR 172.220.1). Consequently, it must ensure the confidential treatment of personal data to which it gains access in the exercise of its supervisory duties, namely when it publishes its activity report.
22 Due to the very brief nature of the articles in the activity report (under the old law, approximately one column per supervisory investigation), it is difficult to imagine - in contrast to the publication of rulings - that fabrication or business secrets are revealed in the activity report.
23 In practice, the FDPIC anonymizes the names of private individuals against whom supervisory proceedings have been initiated but not yet concluded. As soon as the proceedings have been concluded, the legal entity concerned is named in the subsequent activity report. The naming of the offending companies may not always be pleasant for the parties concerned, but it does not fall under the manufacturing or business secrecy. In addition, the naming of the guilty party is covered by the purpose of Art. 57 para. 1 FADP, since one of the purposes of the FDPIC's public relations work is to exert pressure on the guilty party and to encourage other data protection officers who are not directly affected by the investigation to adapt their practices.
24 The situation is different in the case of official secrets, which can also be disclosed on one line. However, in these cases, the public interest in informing the public about unlawful data processing by federal authorities - also in view of the historical responsibility of the FDPIC after the Fiche scandal - is likely to prevail (cf. comments below regarding Art. 57 para. 2 FADP).
25 The law also makes no stipulations regarding the form of the activity report. Design and circulation are therefore determined independently by the FDPIC. The activity report expressly does not appear in the design internal to the federal administration. The independence of the FDPIC is thus also formally expressed.
26 Due to the objective of the reporting, the activity report must be a publicly accessible document. The FDPIC publishes the report as a free e-paper on its website; the printed report can be ordered for CHF 17.00 from the Federal Office for Buildings and Logistics.
27 Since 2017/2018, the report has also been published in Italian and English. Between 1993 and 2017, the report was published in German and French only. The lack of an Italian translation was a clear violation of Article 10 of the Federal Law on the National Languages and Communication between the Language Communities (SR 441.1). Even if this federal law does not require publication in English, it is to be welcomed that the activity report has also been published in English for several years. This newly available translation simplifies the personal consultation of the FDPIC, since English-speaking persons are increasingly asking the FDPIC for his legal advice. A reference to the English-language version of the activity report helps to make these foreign-language consultations more efficient.
28 The addressees of the activity report are the Federal Assembly as the electoral body of the FDPIC, the Federal Councillors as heads of the individual departments, all of whom carry out countless data processing operations, and the general public (media professionals, legal advisors, technicians, and the general civilian population). In other words, Art. 57 para. 1 FADP applies to all activities of the FDPIC. These very heterogeneous addressees represent a challenge that should not be underestimated when writing the activity report.
29 In this context, it should be noted for the sake of completeness that the data protection challenges that arise in the private or public sector are often of a similar nature. For this reason, it may be instructive to read the activity reports of the cantonal data protection officers, who are required by cantonal law to publish activity reports.
III. Para. 2: Publication of findings and rulings of general interest
A. Determination
30 "Determination" is not a clearly defined legal term; it comprehensively circumscribes the legally binding information mandate of the FDPIC.
31 Facts of general interest relevant to data protection law may be brought to the attention of the FDPIC through the media, via the hotline or contact form, or in exchanges with other federal or cantonal authorities. The extent to which the FDPIC wishes to react to an identified piece of information is at his discretion, in particular with regard to timing and information channel.
32 The legally fuzzy term "determination" offers the advantage of reacting to a (possible) FADP violation more flexibly and quickly than by issuing an order. In addition, this fuzzy term offers the possibility of informing the public about a matter relevant to data protection even if the requirements for initiating an investigation under Art. 49 FADP are not met.
33 Whether and how often findings will be published in the future remains to be seen. As with all legally fuzzy terms, the interpretation of this term depends on the respective FDPIC.
B. Decree
34 The FDPIC can now issue rulings (cf. Art. 49 to 51 FADP). During the consultation process, some participants from the business community requested that the FDPIC not publish its rulings, but only the facts about which an investigation was opened. These participants were of the opinion that this was the only way to guarantee the privacy rights of the persons concerned. Individual participants, on the other hand, were of the opinion that all FDPIC rulings should be published. The rule laid down in the law thus represents a compromise and enables the FDPIC to weigh any business or official secrets against the general interest in clarifying an unlawful fact in individual cases. The general interest is likely to be interpreted broadly in principle in light of the goals of the FDPIC's public relations work.
C. General interest
35 Neither the revised FADP, nor the revised DPA, nor the 2017 Dispatch define "general interest." The previous dispatch on the old FADP did not define the term either. Only one example was given by the Federal Council at that time: the publication of a recommendation on an information system of nationwide importance was in the general interest. In the doctrine, further, more current examples are mentioned: the data processing in question represents a special risk situation for the fundamental rights and the personal rights of the persons concerned, it concerns the general implementation of the FADP, it has a precedent character or it is widely discussed in public. Furthermore, according to Rosenthal/Jöhri, the publication of identified grievances (without further specification) may be in the public interest. Due to today's digital market, the publication of a FADP violation by a market leader is also likely to be in the public interest. In any case, the term is to be interpreted broadly also under revised law. The FDPIC may otherwise only be able to perform its public relations work inadequately.
36 As a rule, information of general interest will have a certain urgency and will deviate from the usual reporting. If there is no urgency, this information may be published in the next activity report.
37 Which information is of general interest and consequently should be published depends, among other things, on the prioritization of pending business made on the basis of available human resources. Even if it is true that the Federal Assembly has created additional posts with the entry into force of the new FADP, the FDPIC remains chronically understaffed. Thus, it is possible that findings that would be in the general interest will continue to be published late or not at all.
D. Publication
38 As was already the case under the old law, the time of publication can be freely chosen. The question of the time of publication is not always equally important. However, if the publication of a finding is used as a means of pressure, a publication that is strategic with regard to time is crucial.
39 The FADP does not provide any formal requirements for the FDPIC's public relations activities. The communication channel is thus freely selectable also under the new law. In the past, the FDPIC has published model letters, model contracts, guidelines, fact sheets and FAQs on its website. It also drafts internal administrative opinions. In addition, the FDPIC gives speeches on current topics, publishes written articles in specialized journals, and gives interviews to the media. The communications department operates a Twitter account (@derBeauftragte) and regularly writes media releases. Various employees have collaborated on the creation of a teaching aid for young people. Broader campaigns would also be conceivable. Regardless of the communication channel chosen, the FDPIC must always follow the principles of a professional communication policy with a view to effectively raising public awareness.
40 Published findings do not have the legal scope of decrees or laws. They are not legally binding. In the event of a dispute, the court seized decides independently, even if the data subject has previously turned to the FDPIC in its advisory capacity or relied on a published finding. However, the fact that the private individual followed the advice of the FDPIC may play an important role in the examination of fault in reparative actions.
41 The publication of findings, however, also knows limits set forth in Art. 36 para. 6 FADP (substantial public interests, interest of the data subject that is obviously worthy of protection, statutory secrecy obligations or special data protection provisions). Like all federal authorities, the FDPIC must comply with the applicable legal provisions, namely those relating to the protection of manufacturing and trade secrets and those protecting the confidential and private spheres (defamation [Art. 173 SCC], libel [Art. 174 SCC], insult [Art. 177 SCC]) as well as the prohibition of coercion (Art. 181 SCC). In addition, he is subject to official secrecy pursuant to Art. 22 BPG. Consequently, the FDPIC must ensure the confidential treatment of personal data to which he gains access in the exercise of his supervisory duties. There is nothing to suggest that the FDPIC will change his practice of contacting the responsible persons concerned before a planned publication and asking whether any business or official secrets should be blacked out before publication. However, this contact should not be confused with obtaining consent.
42 In addition, the principle of anonymization of personal data applies. For this reason, personal data that is to be published is always anonymized before the planned publication. Names of senior administrative staff acting in the exercise of their administrative duties or the names of private persons in charge do not enjoy any special protection in this context.
43 There is an important exception to the principle of anonymization. If the FDPIC is of the opinion that the publication of the unredacted finding or decision is in the public interest, he may now waive anonymization himself (under the old law, the FDPIC was allowed to publish personal data subject to official secrecy only with the consent of the authority concerned). This development is to be welcomed, as it clearly reinforces the independence of the FDPIC. With increasing public awareness of data protection issues, this revision of the law is not surprising. In summary, it can therefore be assumed that the principle of anonymization will be interpreted rather narrowly and that not all publications will be anonymized as a matter of principle.
44 With regard to anonymization, it should also be noted that effective anonymization of personal data is becoming increasingly difficult in view of technological advances. Moreover, anonymization may not be effective, especially if the publication of the finding is to be used as a means of exerting pressure.
45 Criminal law provisions, such as defamation, libel, insult, coercion or abuse of authority, are of course reserved. The FDPIC does not enjoy any immunity under criminal law and must observe these criminal law provisions in the context of its public relations work.
46 Finally, it should be noted in this context that the FADP applies only to disclosures or publications of personal data (cf. Art. 1 FADP or Art. 36 FADP). However, it is conceivable that the FDPIC will come across factual data within the meaning of Art. 5 lit. a a contrario in the course of its supervisory activities. The disclosure of factual data is not subject to the FADP, but these data may be protected by official secrecy and their disclosure may therefore be subject to the provisions of the FPG (e.g. strategies, plans or measures in the cybersecurity area). In these cases, the explanations regarding the disclosure of personal data (Art. 36 et seq. FADP) probably apply by analogy. The FADP does not contain a provision on the release from official secrecy of factual data. It must therefore be assumed that the FDPIC can also release himself from official secrecy in such constellations. Whether this actually corresponds to the legislative will is questionable, especially in view of the politically tense situation in Europe.
Bibliography
Baeriswyl Bruno, Datenschutzgesetzgebung in der Schweiz – Standortbestimmung und Ausblick, in: Kieser Ueli/Pärli Kurt (Hrsg.), Datenschutz im Arbeits-, Versicherungs- und Sozialbereich: Aktuelle Herausforderungen, St. Gallen 2012, S. 10 ff. (zit. Baeriswyl, Standortbestimmung).
Baeriswyl Bruno, Kommentierung zu Art. 30 aDSG, in: Baeriswyl Bruno/Pärli Kurt (Hrsg.), Stämpflis Handkommentar, Datenschutzgesetz, 1. Aufl., Bern 2015 (zit. SHK-Baeriswyl, Art. 30 aDSG).
Baeriswyl Bruno, Kommentierung zu Art. 57 DSG, in: Baeriswyl Bruno/Pärli Kurt/Blonski Dominika (Hrsg.), Datenschutzgesetz, Stämpflis Handkommentar, 2. Aufl., Bern 2023 (zit. SHK-Baeriswyl, Art. 57 DSG).
Huber René, Kommentierung zu Art. 30 aDSG, in: Maurer-Lambrou Urs/Blechta Gabor-Paul (Hrsg.), Basler Kommentar, Datenschutzgesetz/Öffentlichkeitsgesetz, 3. Aufl., Basel 2014 (zit. BSK-Huber, Art. 30 aDSG).
Jöhri Yvonne, §8 Aufgabe und Bedeutung der öffentlichen Datenschutzbeauftragten, in: Passadelis Nicolas/Rosenthal David/Thür Hanspeter (Hrsg.), Datenschutzrecht: Beraten in Privatwirtschaft und öffentlicher Verwaltung, Handbücher für die Anwaltspraxis, Basel 2015, S. 245 ff. (zit. Jöhri).
Meier Philippe, Protection des données: fondements, principes généraux et droit privé, Berne 2011 (zit. Meier, Protection).
Meier Philippe, Le défi de Big Data dans les relations entre privés: avec quelques réflexions de lege ferenda, in: Epiney Astrid (Hrsg.), Big Data und Datenschutzrecht, Zürich 2016, S. 47 ff. (zit. Meier, Big Data).
Rosenthal David/Jöhri Yvonne, Handkommentar zum Datenschutzgesetz sowie weiteren, ausgewählten Bestimmungen, Zürich 2008 (zit. Rosenthal/Jöhri).
Waldmann Bernhard/Oeschger Marcus, §15 Aufsicht, in: Belser Eva Maria/Epiney Astrid/Waldmann Bernhard, Datenschutzrecht, Grundlagen und öffentliches Recht, Bern 2011 (zit. Waldmann/Oeschger).
Walter Jean-Philippe, L’indépendance des autorités de protection des données, in: Epiney Astrid/Hänni Julia/Brülisauer Flavia (Hrsg.), Die Unabhängigkeit der Aufsichtsbehörden und weitere aktuelle Fragen des Datenschutzrechts/L’indépendance des autorités de surveillance et autres questions actuelles en droit de la protection des données, Zurich/Bâle/Genève 2012, S. 71 ff. (zit. Walter).
Ziebarth Wolfgang, Kommentierung zu Art. 59 DSGVO, in: Sydow Gernot (Hrsg.), Nomos Handkommentar, Europäische Datenschutzgrundverordnung, 2. Aufl., Baden-Baden 2018 (zit. NHK-Ziebarth, Art. 59 DSGVO).
Materials
Botschaft zum Bundesgesetz über den Datenschutz (DSG) vom 23.3.1988 (zit. BBl 1988 II S. 413 ff.).
14. Tätigkeitsbericht des EDÖB 2006/2007 vom 31.3.2007 (zit. EDÖB, 14. Tätigkeitsbericht 2006/2007).
Bericht des Bundesrates über die Evaluation des Bundesgesetzes über den Datenschutz vom 9.12.2011 (zit. BBl 2012 S. 335 ff.).
Vorentwurf für das Bundesgesetz über die Totalrevision des Datenschutzgesetzes und die Änderung weiterer Erlasse zum Datenschutz, Zusammenfassung der Ergebnisse des Vernehmlassungsverfahrens vom 10.8.2017 (zit. Zusammenfassung Vernehmlassungsverfahren).
Botschaft zum Bundesgesetz über die Totalrevision des Bundesgesetzes über den Datenschutz und die Änderung weiterer Erlasse zum Datenschutz vom 15.9.72017 (zit. BBl 2017 S. 6941 ff.).
Rapport explicatif relatif à la Convention modernisée pour la protection des personnes à l’égard du traitement des données à caractère personnel du 18.5.2018 (zit. Rapport explicatif Convention 108+).
28. Tätigkeitsbericht des EDÖB 2020/2021 vom 31.3.2021 (zit. EDÖB, 28. Tätigkeitsbericht 2020/2021).
29. Tätigkeitsbericht des EDÖB 2021/2022 vom 31.3.2022 (zit. EDÖB, 29. Tätigkeitsbericht 2021/2022).