-
- Art. 5a FC
- Art. 6 FC
- Art. 10 FC
- Art. 16 FC
- Art. 17 FC
- Art. 20 FC
- Art. 22 FC
- Art. 29a FC
- Art. 30 FC
- Art. 32 FC
- Art. 42 FC
- Art. 43 FC
- Art. 43a FC
- Art. 55 FC
- Art. 56 FC
- Art. 60 FC
- Art. 68 FC
- Art. 75b FC
- Art. 77 FC
- Art. 96 para. 2 lit. a FC
- Art. 110 FC
- Art. 117a FC
- Art. 118 FC
- Art. 123b FC
- Art. 136 FC
- Art. 166 FC
-
- Art. 11 CO
- Art. 12 CO
- Art. 50 CO
- Art. 51 CO
- Art. 84 CO
- Art. 143 CO
- Art. 144 CO
- Art. 145 CO
- Art. 146 CO
- Art. 147 CO
- Art. 148 CO
- Art. 149 CO
- Art. 150 CO
- Art. 701 CO
- Art. 715 CO
- Art. 715a CO
- Art. 734f CO
- Art. 785 CO
- Art. 786 CO
- Art. 787 CO
- Art. 788 CO
- Transitional provisions to the revision of the Stock Corporation Act of June 19, 2020
- Art. 808c CO
-
- Art. 2 PRA
- Art. 3 PRA
- Art. 4 PRA
- Art. 6 PRA
- Art. 10 PRA
- Art. 10a PRA
- Art. 11 PRA
- Art. 12 PRA
- Art. 13 PRA
- Art. 14 PRA
- Art. 15 PRA
- Art. 16 PRA
- Art. 17 PRA
- Art. 19 PRA
- Art. 20 PRA
- Art. 21 PRA
- Art. 22 PRA
- Art. 23 PRA
- Art. 24 PRA
- Art. 25 PRA
- Art. 26 PRA
- Art. 27 PRA
- Art. 29 PRA
- Art. 30 PRA
- Art. 31 PRA
- Art. 32 PRA
- Art. 32a PRA
- Art. 33 PRA
- Art. 34 PRA
- Art. 35 PRA
- Art. 36 PRA
- Art. 37 PRA
- Art. 38 PRA
- Art. 39 PRA
- Art. 40 PRA
- Art. 41 PRA
- Art. 42 PRA
- Art. 43 PRA
- Art. 44 PRA
- Art. 45 PRA
- Art. 46 PRA
- Art. 47 PRA
- Art. 48 PRA
- Art. 49 PRA
- Art. 50 PRA
- Art. 51 PRA
- Art. 52 PRA
- Art. 53 PRA
- Art. 54 PRA
- Art. 55 PRA
- Art. 56 PRA
- Art. 57 PRA
- Art. 58 PRA
- Art. 59a PRA
- Art. 59b PRA
- Art. 59c PRA
- Art. 62 PRA
- Art. 63 PRA
- Art. 67 PRA
- Art. 67a PRA
- Art. 67b PRA
- Art. 75 PRA
- Art. 75a PRA
- Art. 76 PRA
- Art. 76a PRA
- Art. 90 PRA
-
- Vorb. zu Art. 1 FADP
- Art. 1 FADP
- Art. 2 FADP
- Art. 3 FADP
- Art. 5 lit. f und g FADP
- Art. 6 Abs. 6 and 7 FADP
- Art. 7 FADP
- Art. 10 FADP
- Art. 11 FADP
- Art. 12 FADP
- Art. 14 FADP
- Art. 15 FADP
- Art. 19 FADP
- Art. 20 FADP
- Art. 22 FADP
- Art. 23 FADP
- Art. 25 FADP
- Art. 26 FADP
- Art. 27 FADP
- Art. 31 para. 2 lit. e FADP
- Art. 33 FADP
- Art. 34 FADP
- Art. 35 FADP
- Art. 38 FADP
- Art. 39 FADP
- Art. 40 FADP
- Art. 41 FADP
- Art. 42 FADP
- Art. 43 FADP
- Art. 44 FADP
- Art. 44a FADP
- Art. 45 FADP
- Art. 46 FADP
- Art. 47 FADP
- Art. 47a FADP
- Art. 48 FADP
- Art. 49 FADP
- Art. 50 FADP
- Art. 51 FADP
- Art. 54 FADP
- Art. 57 FADP
- Art. 58 FADP
- Art. 60 FADP
- Art. 61 FADP
- Art. 62 FADP
- Art. 63 FADP
- Art. 64 FADP
- Art. 65 FADP
- Art. 66 FADP
- Art. 67 FADP
- Art. 69 FADP
- Art. 72 FADP
- Art. 72a FADP
-
- Art. 2 CCC (Convention on Cybercrime)
- Art. 3 CCC (Convention on Cybercrime)
- Art. 4 CCC (Convention on Cybercrime)
- Art. 5 CCC (Convention on Cybercrime)
- Art. 6 CCC (Convention on Cybercrime)
- Art. 7 CCC (Convention on Cybercrime)
- Art. 8 CCC (Convention on Cybercrime)
- Art. 9 CCC (Convention on Cybercrime)
- Art. 11 CCC (Convention on Cybercrime)
- Art. 12 CCC (Convention on Cybercrime)
- Art. 25 CCC (Convention on Cybercrime)
- Art. 29 CCC (Convention on Cybercrime)
- Art. 32 CCC (Convention on Cybercrime)
- Art. 33 CCC (Convention on Cybercrime)
- Art. 34 CCC (Convention on Cybercrime)
FEDERAL CONSTITUTION
CODE OF OBLIGATIONS
FEDERAL LAW ON PRIVATE INTERNATIONAL LAW
LUGANO CONVENTION
CODE OF CRIMINAL PROCEDURE
CIVIL PROCEDURE CODE
FEDERAL ACT ON POLITICAL RIGHTS
CIVIL CODE
FEDERAL ACT ON CARTELS AND OTHER RESTRAINTS OF COMPETITION
FEDERAL ACT ON INTERNATIONAL MUTUAL ASSISTANCE IN CRIMINAL MATTERS
DEBT ENFORCEMENT AND BANKRUPTCY ACT
FEDERAL ACT ON DATA PROTECTION
SWISS CRIMINAL CODE
CYBERCRIME CONVENTION
- In a nutshell
- I. General
- II. Para. 1: Specific tasks of the FDPIC
- III. Para. 2: Extended mandate to provide advice
- IV. Para. 3: International legal assistance
- Bibliography
- Materials
In a nutshell
The list of tasks set out in Art. 58 FADP supplements the tasks of the FDPIC already provided for in Art. 57 FADP. For example, this provision stipulates that the FDPIC raises awareness among the public about data protection, comments on draft federal decrees, or publishes recommendations of good practice. However, the list of tasks in Art. 58 FADP is not exhaustive. Other, non-specifically defined tasks may thus be assumed by the FDPIC, provided that they are consistent with the fundamental objectives of the FADP.
I. General
A. Purpose of the norm and background
1 According to the wording of the ingress ("In addition, the FDPIC shall in particular perform the following tasks"), Art. 58 FADP is to be understood as a supplement or catch-all provision to Art. 57 FADP. Art. 58 FADP specifies the scope of the FDPIC's advisory and information activities pursuant to Art. 57 FADP, which the FDPIC largely determines himself due to his legally enshrined independence.
2 The list of tasks of the FDPIC is also not exhaustive under the revised law ("in particular"). Thus, there is still some leeway for additional tasks under the new law, as long as they do not contradict the purpose of the FADP. In this context, it should also be noted that further tasks of the FDPIC are set forth in other parts of the FADP, e.g. in Art. 11 FADP (opinions on codes of conduct), Art. 12 para. 4 FADP (notification of lists of processing activities), Art. 16 para. 2 FADP (data disclosure abroad), Art. 23 FADP (consultation of the FDPIC in the context of data protection impact assessments) or Art. 24 FADP (notification of data security breaches). Yet other tasks of the FDPIC are laid down in various special laws, such as Art. 84b KVG (ensuring data protection by insurers) or Art. 63 para. 3 in conjunction with. Art. 64 NDG (examination by the FDPIC as to whether the FIS has lawfully processed the personal data of the person making the request).
3 For further information on the purpose of the norm and its background, please refer to the general information on Art. 57 FADP.
B. History of origins
4 As part of the revision, Art. 31 aDSG was adapted to EU law and to the requirements of the Council of Europe. For this reason, the list of tasks of the FDPIC was slightly adapted or supplemented.
5 Art. 31 para. 1 lit. d aDSG (adequate protection of data protection legislation abroad), Art. 31 para. 1 lit. e aDSG (examination of guarantees for data transfers to non-equivalent states) and Art. 31 para. 1 lit. f aDSG (certification procedure) were not included in the revised Art. 58 FADP. Now, it is no longer the FDPIC but the Federal Council or the FOJ that clarifies whether the legislation of a state in question guarantees adequate protection (Art. 16 para. 1 FADP). The list of states, territories, specific sectors in a state and international organizations with adequate data protection according to the Federal Council are now included in Appendix 1 of the FADP. The examination of the guarantees for a data transfer to a non-equivalent state is now regulated in detail in Art. 16 para. 2 FADP and is also adopted in principle by the FDPIC under the new law. Certification is now regulated in Art. 13 FADP. Under current law, the FDPIC can no longer examine certification procedures itself (Art. 31 para. 1 lit. f aDSG). A supervisory procedure within the meaning of Art. 49 ff. FADP are reserved in this context.
6 For further information on the history of the development of the advisory and information activities of supervisory authorities under data protection law, please refer to the comments on Art. 57 FADP.
C. Comparative law
7 In European law, the tasks of the respective data protection authorities are set out in Art. 57 DSGVO, without prejudice to other tasks set out in individual places in the DSGVO.
8 Art. 58 DSGVO sets out the specific powers by which the supervisory authorities can achieve the objectives set out in Art. 57 DSGVO.
9 In terms of the level of detail, Art. 57 and 58 DSGVO clearly go beyond the "sister regulations" in Art. 57 and 58 FADP. This attention to detail in European data protection law aims to improve legal certainty and the protection of fundamental rights, after the predecessor provision (Art. 28 Directive 95/46/EC) only provided a rough framework that had been filled out very differently by national provisions under the old law. Apart from the formal differences (level of detail and structure), no fundamental differences in content between the European provisions and the Swiss provisions can be discerned. This finding is not surprising: the old list of tasks in Art. 31 aDSG was supplemented with the express aim of implementing the European law requirements pursuant to Art. 46 para. 1 lit. d and e Directive (EU) 2016/680 and the requirements of Art. 12bis no. 2 lit. e E-SEV.
II. Para. 1: Specific tasks of the FDPIC
A. Lit. a: Information mandate
10 Art. 58 para. 1 lit. a FADP was added to the FADP as part of the revision. This new provision is intended to clarify the FDPIC's information mandate set forth in Art. 57 FADP.
11 This new provision expressly provides that the FDPIC shall exercise his advisory and informational mandate not only vis-à-vis public bodies, but also vis-à-vis private persons. This linguistic clarification, which corresponds to the practice of the FDPIC under the old law, is to be welcomed.
12 In view of both the wording of the law and the message, the FDPIC has a wide margin of discretion as to how he wishes to implement this information mandate in practice. In principle, it is free to decide which decision-makers from the administration, politics, science and business it informs, trains or advises. However, the discretion of the FDPIC is not without limits: The independence of the FDPIC must always be preserved, even when implementing the information mandate as defined in Art. 58 para. 1 lit. a FADP. In practice, it may lead to problematic constellations if the FDPIC himself or members of his management maintain too close personal contact with certain decision-makers and this contact or exchange creates the appearance of bias on the part of the FDPIC for third parties or influences the FDPIC in a possible downstream supervisory procedure.
13 Within the framework of its information mandate, the FDPIC participates, for example, in the annual data protection law conference of the University of Fribourg, publishes guidelines, sample letters and FAQs concerning data processing carried out by federal bodies or private individuals, advises private individuals both by telephone and in writing, or regularly exchanges information with the Association for Corporate Data Protection (VUD). It can also organize information events or further training for those responsible in the public sector. Under the heading of "training", cooperation with the various law faculties would also be conceivable. At present, data protection law is not a compulsory course at any Swiss university. As things stand today, future lawyers are not at all or only insufficiently prepared for the challenges in legal practice with regard to the cross-sectional subject of "data protection".
14 The FDPIC can now charge fees for advising private individuals on data protection issues pursuant to Art. 58 para. 1 FADP on the basis of Art. 59 para. 1 e FADP in conjunction with Art. 44 DPA. Art. 44 FADP. These fees are calculated on the basis of time spent, with an hourly rate of CHF 150.00 to 250.00.
15 With a view to efficient, Switzerland-wide implementation of this legally standardized information mandate, it is also crucial under the new law that the FDPIC and his or her deputy do not come from the same language region. In principle, the FDPIC and his or her deputy should therefore continue to be responsible for the implementation of the information mandate in their respective regions of origin (e.g., handling interview requests).
16 The more often the FDPIC fulfills its information mandate through various channels, the more likely it is that a broad public will be informed about the current challenges in data protection law. However, the actual implementation of the information mandate depends on the available human resources, which remain modest.
B. Lit. b: Support for cantonal and international authorities
17 Art. 58 para. 1 FADP lit. b is derived from Art. 31 para. 1 lit. a and lit. c aDSG. According to the explicit wording of the law, the support of cantonal and international authorities is not a special case of the FDPIC's advisory activities. The FDPIC may "only" support the cantonal authorities and not "advise" them. Due to the division of competences between the Confederation and the cantons, the FDPIC is not entitled to advise cantonal bodies to the extent that the cantonal data protection authorities are competent to do so. Under the old law, the wording of the law ("bodies of the cantons") excluded the FDPIC from also supporting municipalities. Now, due to the slightly adapted wording of the law ("Swiss authorities"), it is conceivable that the FDPIC may also support municipal bodies. However, due to the division of competences in the area of data protection, it should remain the case in practice that the municipal bodies must contact the competent cantonal data protection authority in the event of questions or ambiguities.
18 Under the old law, it was also unclear from the wording of the law whether the relevant provision applied only to public bodies or also covered data protection bodies of private companies. In view of the current wording of Art. 58 para. 1 lit. b FADP, it is clear that the scope of this provision is limited to public bodies.
19 It follows from the foregoing that the consultations of the FDPIC must be limited to areas for which the cantons are not competent (consultations of private persons and of federal bodies, cf. Art. 58 para. 1 lit. a FADP) as well as to clarifications regarding delimitations of competence between the Confederation and the cantons. Actual cooperation in specific individual cases does not take place due to the division of competences between the Confederation and the cantons. In this sense, the wording chosen ("cooperates with Swiss authorities") is misleading.
20 The assistance provided by the FDPIC within the meaning of Art. 58 para. 1 lit. b FADP is still not bound to any form and remains free of charge under the new law.
21 In view of the increasingly transnational problems, assistance from foreign authorities is becoming more and more important. In view of Art. 58 para. 1 lit. b FADP, the FDPIC not only exchanges information with representatives of the cantonal authorities, but also has a seat in various international organizations and, in this context, supports foreign or international authorities in implementing globally effective data protection.
22 Due to its statutory independence, the FDPIC must always be able to decide for itself whether and to what extent it wishes to support another authority. A binding mandate to provide assistance would not be compatible with the independence of the FDPIC .
23 With regard to the limits of this assistance offered by the FDPIC, it should also be noted that Art. 58 para. 1 lit. b FADP is neither a basis for a federal competence in the area of data protection nor a basis for an exchange of information with other authorities (neither national nor international). This provision should only allow for a professional exchange between authorities and thus allow the other public bodies to benefit from the legal and technical knowledge of the FDPIC.
24 Since the foundation of "privatim", the exchange with the cantonal authorities has been organized by representatives of this association or by certain working groups. In practice, it has repeatedly been shown that exchanges between federal and cantonal representatives are enriching in areas where their respective competences overlap, in particular during the Covid 19 pandemic, which raised various data protection issues in the health sector not only at the cantonal level but also at the national (and international) level. Recently, the FDPIC and "privatim" jointly revised their guide "Elections and Voting" with a view to the 2023 federal elections: Elections and Voting take place at all federal levels and are subject to similar challenges at all federal levels.
C. Lit. c: Awareness-raising mandate
25 Art. 58 para. 1 lit. c FADP specifies the awareness-raising mandate of the FDPIC set forth in Art. 57 FADP.
26 The sensitization of people in need of protection was newly included in the FADP in accordance with European law (Art. 57 para. 1 lit. b DSGVO). However, the term "vulnerable people" is not defined in either Art. 58 FADP or Art. 5 FADP (terms). The message lists minors and the elderly as people in need of protection. Due to the choice of words ("in particular"), this list is not exhaustive. Sick persons and refugees, for example, may also be considered to be people in need of special protection within the meaning of Art. 58 para. 1 lit. c FADP, especially if one considers that in these constellations, personal data requiring special protection within the meaning of Art. 5 lit. c no. 1, 2 and 5 FADP are often processed. For example, the FDPIC intervenes year after year regarding the processing of personal data in the health sector.
27 The FDPIC has already made efforts under the old law to sensitize young people to data protection. For example, it has designed seven lessons for pupils at secondary level I and II, each of which is devoted to a specific topic that is relevant to young people in their everyday lives. He has also published tips for new parents on his website. The interactive service for raising awareness of data protection and transparency in organizations "Think Data", which is supported by the FDPIC, is also explicitly aimed at female and male students, among others. However, the sensitization of children and young people also knows its limits. According to Art. 62 para. 1 FC, education is the responsibility of the cantons. It is therefore primarily up to the cantonal directors of education to raise awareness of data protection during compulsory schooling.
28 With regard to the sensitization of older people, there is currently no known specific cooperation with an organization active in this area or a project aimed specifically at this social group. Cooperation with "pro senectute" or other associations or interest groups would be conceivable or desirable on the basis of Art. 58 para. 1 lit. c FADP.
29 The awarding of prizes and awards along the lines of, for example, the Rodotà Award of the Council of Europe or the Big Brother Awards of the Chaos Computer Club Switzerland would be one way of raising awareness among the civilian population in a somewhat different way.
30 When implementing the FDPIC's awareness-raising mandate, however, it must always be borne in mind that - as, for example, in the context of combating climate change - it is a matter of sensitizing the general public to a danger whose consequences will only become noticeable or tangible at a later point in time. This makes awareness-raising work significantly more difficult.
D. Lit. d: Advisory mandate
31 The FDPIC's advisory mandate was expressly included in the FADP as part of the revision. Thus, the law also reflects a change observed in practice: contrary to what the 1988 legislator had envisaged, the focus of the FDPIC's activities is not on supervision, but on advising private individuals:
32 Individual legal enforcement via the civil courts (Art. 32 para. 2 FADP), as envisaged by the legislator, plays a subordinate or (almost) no role in practice. In view of lengthy and costly proceedings with an uncertain outcome, it is extremely rare for those affected to initiate proceedings before the competent court. This is all the more true as more and more data processing is carried out by private individuals based abroad and leads to a violation of privacy in Switzerland. Promising proceedings before a Swiss civil court thus become (almost) impossible or more difficult. Consequently, fundamental questions of data protection are hardly an issue in case law, and the few court decisions have only limited significance beyond the individual case. The FDPIC, with its advisory mandate, therefore has an important role to play in law enforcement.
33 The FDPIC is free as to the form. It fulfills its advisory mandate both orally (hotline) and in writing (contact form, sample letters or sample complaints, guidelines, FAQ, media releases, Twitter).
34 Unlike consultations with "private persons on data protection issues" under Art. 58 para. 1 lit. a FADP, "information on how a private person can exercise his or her rights" under Art. 58 para. 1 lit. d FADP in conjunction with. Art. 59 para. 1 lit. e a contrario FADP free of charge. It goes without saying that the demarcation between the scope of application of lit. a and that of lit. d FADP is likely to be difficult in practice. In the interest of legal equality, it is to be hoped that the FDPIC will make generous use of the exception provided for in Art. 59 para. 3 FADP (waiver of the charging of fees) in this context.
35 In the course of its consultations, the FDPIC learns firsthand in which areas or in which companies there may be data protection problems. Implementing the advisory mandate as broadly as possible thus contributes, among other things, to the FDPIC being able to efficiently implement its supervisory mandate pursuant to Art. 49 et seq. FADP can be implemented efficiently.
E. Lit. e: Consultation of the FDPIC in the federal legislative process
36 Consultation of the FDPIC in the federal legislative process is a special case of the FDPIC's advisory mandate.
37 According to the new wording of the law, the Commissioner must be consulted on all bills concerning federal decrees and measures that affect data processing (and not only on bills that affect data protection to a significant extent). This linguistic clarification reflects the practice under the old law and is to be welcomed in terms of legal certainty.
38 In Art. 38 para. 2 FADP, this obligation of all federal bodies has been further specified: The federal bodies shall submit to the FDPIC all draft legislation concerning the processing of personal data, data protection and access to official documents.
39 The (unofficial) internal deadline for comments in the context of office consultations is three weeks. In practice, however, not every federal office adheres to this unofficial arrangement. In certain cases, the very short deadline for comments may lead to a reduction in the quality of the FDPIC's opinion. It is to be hoped that after the end of the Corona pandemic, this deadline will be respected again to a greater extent. A return to the "courant normal" would allow the FDPIC to prepare his opinions carefully and - where he deems it necessary - to seek dialogue with the competent federal office and to find a solution that is feasible for all agencies involved.
40 If the FDPIC has been ignored in the legislative procedure and considers that there is a public interest in this information, he may address the public directly on the basis of Art. 57 para. 2 FADP (in conjunction with Art. 39 lit. i FADP).
41 The term "measures" is a fuzzy concept. This linguistic vagueness enables the FDPIC to have a seat in various bodies or working groups. The FDPIC can therefore be involved in the first phase of a new data protection project on the basis of Art. 58 para. 1 lit. e FADP. For example, the FDPIC was consulted at an early stage in the context of the cloud strategy of the federal administration. Or, for example, SECO also sought the advice of the FDPIC when revising the guidelines on Art. 26 ArGV 3, which were published in February 2023. However, it should be pointed out in this context that consultation with the FDPIC at the beginning of a new project does not exclude the possibility that the FDPIC, in the context of its supervisory activities within the meaning of Art. 49 et seq. of the FADP, may subsequently review the project in question. FADP, the FDPIC may subsequently review the project in question. In other words, the consultation of the FDPIC should not be confused with a kind of "certification procedure".
F. Lit. f: Tasks according to FoIA
42 The mention of the tasks of the FDPIC according to the FoIA is purely declaratory. The tasks of the FDPIC with regard to the principle of public access derive directly from Art. 18 FoIA (management of the conciliation procedure, public relations, consultation in the legislative procedure) and Art. 19 FoIA (evaluation).
43 Coordination between the FADP and the FoIA is governed by Art. 7 para. 2 and Art. 9 of the FoIA and Art. 36 para. 3 of the FADP, respectively.
44 It is debatable whether data protection or the principle of public access is served if the same authority has to advocate efficient data protection on the one hand and grant the greatest possible access to official documents on the other. The Swiss solution also applies in some other countries, such as Germany (at the federal level) or the United Kingdom. France, on the other hand, has entrusted these two tasks to two different authorities. At the European level, the compromise in this regard is regulated in Art. 86 DSGVO.
G. Lit. g: Recommendations of Good Practice
45 Art. 58 para. 1 lit. g FADP was newly introduced into the FADP as part of the revision. However, the FDPIC already performed this task intensively as part of its advisory activities under the old law by publishing numerous guides, sample letters and FAQs on its website.
46 The publication of the recommendations of good practice is, like the consultation of the FDPIC in the context of the legislative procedure at the federal level (Art. 58 para. 1 lit. e FADP), a special case of the advisory activity of the FDPIC. Also with regard to the recommendations of good practice, it must be pointed out that an implementation of the recommendations does not exclude any supervisory procedure. In other words, the recommendations are not legally binding. The FDPIC cannot take legislative action on the basis of Art. 58 para. 1 lit. g FADP. Any court called upon to decide whether or not a FADP violation has occurred in an individual case is independent of any recommendations made by the FDPIC. However, the fact that a private individual has followed the recommendations of the FDPIC may play an important role in the examination of fault in the context of reparative actions.
47 Regarding the notion of vulnerable individuals, reference can be made to the preceding comments on Art. 58 para. 1 lit. c FADP.
III. Para. 2: Extended mandate to provide advice
48 In terms of content, Art. 58 para. 2 FADP corresponds to Art. 31 para. 2 aDSG.
49 Certain data processing operations are excluded from the scope of the FADP pursuant to Art. 2 para. 2, 3 and 4 FADP and Art. 4 para. 2 FADP. Art. 58 para. 2 FADP allows the FDPIC, if desired, to comment on issues that are excluded from the scope of the FADP according to the text of the law. The linguistic clarification in the second sentence clarifies that the federal bodies that may be affected can grant the FDPIC access to their files. In other words, official secrecy is lifted in these cases.
50 Art. 58 para. 2 FADP is a so-called "optional provision". Unlike for the tasks specified in para. 1, there is no entitlement for the advisory tasks mentioned in para. 2.
51 The list set out in Art. 58 para. 1 FADP is not exhaustive. It is therefore permissible for the FDPIC to also advise on data processing that does not fall within the scope of the FADP (cf. Art. 2 para. 2 lit. a FADP). This possibility is an expression of the fact that Art. 13 FC has comprehensive validity and does not only apply in those areas in which the FADP is applicable.
52 Due to the continued scarcity of resources at the FDPIC, Article 58 para. 2 FADP, like its predecessor provision, will probably rarely be applied.
53 For the sake of completeness, it must also be pointed out in this context that in areas where the FADP is not applicable, any supervisory activity of the FDPIC is excluded, e.g. in pending civil proceedings.
IV. Para. 3: International legal assistance
54 Art. 58 para. 3 FADP was newly inserted into the FADP as part of the revision. The purpose of this provision is to simplify the transmission of official documents to private data protection officers who are domiciled abroad but are required to designate a representation in Switzerland pursuant to Art. 14 FADP.
Bibliography
Baeriswyl Bruno, Datenschutzgesetzgebung in der Schweiz – Standortbestimmung und Ausblick, in: Kieser Ueli/Pärli Kurt (Hrsg.), Datenschutz im Arbeits-, Versicherungs- und Sozialbereich: Aktuelle Herausforderungen, St. Gallen 2012, S. 10 ff. (zit. Baeriswyl, Standortbestimmung).
Baeriswyl Bruno, Kommentierung zu Art. 31 aDSG, in: Baeriswyl Bruno/Pärli Kurt (Hrsg.), Stämpflis Handkommentar, Datenschutzgesetz, 1. Aufl., Bern 2015 (zit. SHK-Baeriswyl, Art. 31 aDSG).
Belser Eva Maria, § 5 Die Kompetenzverteilung zwischen Bund und Kantonen, in: Belser Eva Maria/Epiney Astrid/Waldmann Bernhard (Hrsg.), Datenschutzrecht, Grundlagen und öffentliches Recht, Bern 2011, S. 4 ff. (zit. Belser).
Cottier Bertil, Transparence et protection des données, Une relation amour-haine?, in: Waldmann Bernhard/Bergamin Florian (Hrsg.), 10 Jahre InfoG Freiburg, Bern 2021, S. 159 ff. (zit. Cottier).
Huber René, Kommentierung zu Art. 31 aDSG, in: Maurer-Lambrou Urs/Blechta Gabor-Paul (Hrsg.), Basler Kommentar, Datenschutzgesetz/Öffentlichkeitsgesetz, 3. Aufl., Basel 2014 (zit. BSK-Huber, Art. 31 aDSG).
Jöhri Yvonne, §8 Aufgabe und Bedeutung der öffentlichen Datenschutzbeauftragten, in: Passadelis Nicolas/Rosenthal David/Thür Hanspeter (Hrsg.), Datenschutzrecht: Beraten in Privatwirtschaft und öffentlicher Verwaltung, Handbücher für die Anwaltspraxis, Basel 2015, S. 245 ff. (zit. Jöhri).
Meier Philippe, Protection des données: fondements, principes généraux et droit privé, Berne 2011 (zit. Meier).
Rosenthal David/Jöhri Yvonne, Handkommentar zum Datenschutzgesetz sowie weiteren, ausgewählten Bestimmungen, Zürich 2008 (zit. Rosenthal/Jöhri).
Specht Louisa/Bienemann Linda, Kommentierung zu Art. 86 DSGVO, in: Sydow Gernot (Hrsg.), Nomos Handkommentar, Europäische Datenschutzgrundverordnung, 2. Aufl., Baden-Baden 2018 (zit. NHK-Specht/Bienemann, Art. 86 DSGVO).
Waldmann Bernhard/Oeschger Marcus, §15 Aufsicht, in: Belser Eva Maria/Epiney Astrid/Waldmann Bernhard, Datenschutzrecht, Grundlagen und öffentliches Recht, Bern 2011 (zit. Waldmann/Oeschger).
Ziebarth Wolfgang, Kommentierung zu Art. 57 DSGVO, in: Sydow Gernot (Hrsg.), Nomos Handkommentar, Europäische Datenschutzgrundverordnung, 2. Aufl., Baden-Baden 2018 (zit. NHK-Ziebarth, Art. 57 DSGVO).
Ziebarth Wolfgang, Kommentierung zu Art. 58 DSGVO, in: Sydow Gernot (Hrsg.), Nomos Handkommentar, Europäische Datenschutzgrundverordnung, 2. Aufl., Baden-Baden 2018 (zit. NHK-Ziebarth, Art. 58 DSGVO).
Materials
Botschaft zum Bundesgesetz über den Datenschutz (DSG) vom 23.3.1988 (zit. BBl 1988 II S. 413 ff.).
Zusammenstellung der Ergebnisse des Vernehmlassungsverfahrens zum Bundesgesetz über die Öffentlichkeit der Verwaltung (Öffentlichkeitsgesetz, BGÖ) vom März 2001 (zit. Zusammenstellung Vernehmlassungsverfahren).
Gutachten 051124 des Bundesamtes für Justiz, VPB 70.54, vom 24.11.2005 (zit. Gutachten des BJ, VPB 70.54).
Bericht des Bundesrates über die Evaluation des Bundesgesetzes über den Datenschutz vom 9.12.2011 (zit. BBl 2012 S. 335 ff.).
Botschaft zum Bundesgesetz über die Totalrevision des Bundesgesetzes über den Datenschutz und die Änderung weiterer Erlasse zum Datenschutz vom 15.9.2017 (zit. BBl 2017 S. 6941 ff.).
28. Tätigkeitsbericht des EDÖB 2020/2021 vom 31.3.2021 (zit. EDÖB, 28. Tätigkeitsbericht 2020/2021).
29. Tätigkeitsbericht des EDÖB 2021/2022 vom 31.3.2022 (zit. EDÖB, 29. Tätigkeitsbericht 2021/2022).