-
- Art. 5a FC
- Art. 6 FC
- Art. 10 FC
- Art. 16 FC
- Art. 17 FC
- Art. 20 FC
- Art. 22 FC
- Art. 29a FC
- Art. 30 FC
- Art. 32 FC
- Art. 42 FC
- Art. 43 FC
- Art. 43a FC
- Art. 55 FC
- Art. 56 FC
- Art. 60 FC
- Art. 68 FC
- Art. 75b FC
- Art. 77 FC
- Art. 96 para. 2 lit. a FC
- Art. 110 FC
- Art. 117a FC
- Art. 118 FC
- Art. 123b FC
- Art. 136 FC
- Art. 166 FC
-
- Art. 11 CO
- Art. 12 CO
- Art. 50 CO
- Art. 51 CO
- Art. 84 CO
- Art. 143 CO
- Art. 144 CO
- Art. 145 CO
- Art. 146 CO
- Art. 147 CO
- Art. 148 CO
- Art. 149 CO
- Art. 150 CO
- Art. 701 CO
- Art. 715 CO
- Art. 715a CO
- Art. 734f CO
- Art. 785 CO
- Art. 786 CO
- Art. 787 CO
- Art. 788 CO
- Transitional provisions to the revision of the Stock Corporation Act of June 19, 2020
- Art. 808c CO
-
- Art. 2 PRA
- Art. 3 PRA
- Art. 4 PRA
- Art. 6 PRA
- Art. 10 PRA
- Art. 10a PRA
- Art. 11 PRA
- Art. 12 PRA
- Art. 13 PRA
- Art. 14 PRA
- Art. 15 PRA
- Art. 16 PRA
- Art. 17 PRA
- Art. 19 PRA
- Art. 20 PRA
- Art. 21 PRA
- Art. 22 PRA
- Art. 23 PRA
- Art. 24 PRA
- Art. 25 PRA
- Art. 26 PRA
- Art. 27 PRA
- Art. 29 PRA
- Art. 30 PRA
- Art. 31 PRA
- Art. 32 PRA
- Art. 32a PRA
- Art. 33 PRA
- Art. 34 PRA
- Art. 35 PRA
- Art. 36 PRA
- Art. 37 PRA
- Art. 38 PRA
- Art. 39 PRA
- Art. 40 PRA
- Art. 41 PRA
- Art. 42 PRA
- Art. 43 PRA
- Art. 44 PRA
- Art. 45 PRA
- Art. 46 PRA
- Art. 47 PRA
- Art. 48 PRA
- Art. 49 PRA
- Art. 50 PRA
- Art. 51 PRA
- Art. 52 PRA
- Art. 53 PRA
- Art. 54 PRA
- Art. 55 PRA
- Art. 56 PRA
- Art. 57 PRA
- Art. 58 PRA
- Art. 59a PRA
- Art. 59b PRA
- Art. 59c PRA
- Art. 62 PRA
- Art. 63 PRA
- Art. 67 PRA
- Art. 67a PRA
- Art. 67b PRA
- Art. 75 PRA
- Art. 75a PRA
- Art. 76 PRA
- Art. 76a PRA
- Art. 90 PRA
-
- Vorb. zu Art. 1 FADP
- Art. 1 FADP
- Art. 2 FADP
- Art. 3 FADP
- Art. 5 lit. f und g FADP
- Art. 6 Abs. 6 and 7 FADP
- Art. 7 FADP
- Art. 10 FADP
- Art. 11 FADP
- Art. 12 FADP
- Art. 14 FADP
- Art. 15 FADP
- Art. 19 FADP
- Art. 20 FADP
- Art. 22 FADP
- Art. 23 FADP
- Art. 25 FADP
- Art. 26 FADP
- Art. 27 FADP
- Art. 31 para. 2 lit. e FADP
- Art. 33 FADP
- Art. 34 FADP
- Art. 35 FADP
- Art. 38 FADP
- Art. 39 FADP
- Art. 40 FADP
- Art. 41 FADP
- Art. 42 FADP
- Art. 43 FADP
- Art. 44 FADP
- Art. 44a FADP
- Art. 45 FADP
- Art. 46 FADP
- Art. 47 FADP
- Art. 47a FADP
- Art. 48 FADP
- Art. 49 FADP
- Art. 50 FADP
- Art. 51 FADP
- Art. 54 FADP
- Art. 57 FADP
- Art. 58 FADP
- Art. 60 FADP
- Art. 61 FADP
- Art. 62 FADP
- Art. 63 FADP
- Art. 64 FADP
- Art. 65 FADP
- Art. 66 FADP
- Art. 67 FADP
- Art. 69 FADP
- Art. 72 FADP
- Art. 72a FADP
-
- Art. 2 CCC (Convention on Cybercrime)
- Art. 3 CCC (Convention on Cybercrime)
- Art. 4 CCC (Convention on Cybercrime)
- Art. 5 CCC (Convention on Cybercrime)
- Art. 6 CCC (Convention on Cybercrime)
- Art. 7 CCC (Convention on Cybercrime)
- Art. 8 CCC (Convention on Cybercrime)
- Art. 9 CCC (Convention on Cybercrime)
- Art. 11 CCC (Convention on Cybercrime)
- Art. 12 CCC (Convention on Cybercrime)
- Art. 25 CCC (Convention on Cybercrime)
- Art. 29 CCC (Convention on Cybercrime)
- Art. 32 CCC (Convention on Cybercrime)
- Art. 33 CCC (Convention on Cybercrime)
- Art. 34 CCC (Convention on Cybercrime)
FEDERAL CONSTITUTION
CODE OF OBLIGATIONS
FEDERAL LAW ON PRIVATE INTERNATIONAL LAW
LUGANO CONVENTION
CODE OF CRIMINAL PROCEDURE
CIVIL PROCEDURE CODE
FEDERAL ACT ON POLITICAL RIGHTS
CIVIL CODE
FEDERAL ACT ON CARTELS AND OTHER RESTRAINTS OF COMPETITION
FEDERAL ACT ON INTERNATIONAL MUTUAL ASSISTANCE IN CRIMINAL MATTERS
DEBT ENFORCEMENT AND BANKRUPTCY ACT
FEDERAL ACT ON DATA PROTECTION
SWISS CRIMINAL CODE
CYBERCRIME CONVENTION
- In a nutshell
- I. General
- II. Profiling (lit. f)
- III. High-Risk Profiling (lit. g)
- IV. Legal consequences
- V. Practice Notes
- Bibliography
- Materials
In a nutshell
The profiling term in the new FADP replaces the previous term personality profile. The provisions on profiling were extensively discussed in the parliamentary deliberations and were one of the reasons for the long legislative process. Profiling is defined as automated data processing for the purpose of evaluating personal aspects. Such profiling is very common in practice, especially in the area of offer personalization, and has no special legal consequences for private data controllers. In addition to normal profiling, the new FADP also recognizes a qualified form of "high risk" profiling. The FADP thus deviates from the DSGVO, which only recognizes qualified profiling in connection with automated individual decisions. High-risk profiling exists if an assessment of essential aspects of the personality is possible by linking data. The classification as high-risk profiling is highly case-dependent and triggers primarily the obligation to conduct a data protection impact assessment, but does not lead to a general consent requirement.
I. General
A. Preliminary Remark
1 Profiling as an automated assessment of personal aspects is a widely used procedure today, which is of great practical importance especially as a basis for the very widespread offer personalization in the end customer business. Digital services such as streaming services, online stores and social media platforms in particular usually have so much "content" that they could not be used meaningfully without personalization. Today, customers take it for granted that such digital offerings will provide targeted guidance, e.g., on the basis of previous usage behavior.
2 Profiling is thus an everyday process that is often in the interest of customers. However, since profiling involves an evaluation that is usually automated on the basis of correlations and probabilities, the process is considered to be risky and therefore in need of regulation. Profiling always means a generalized personality assessment based on certain characteristics, which may not do justice to the specific person concerned ("pigeonholing"). The heightened sensitivity of profiling is particularly evident when it comes to applications outside of the end-customer business, e.g., use by authorities in the security and law enforcement sectors.
B. History of origins
3 The new term "profiling" introduced by the revision replaces the "personality profile" of the previous FADP. While personality profile describes a static state, the new term profiling refers to the assessment process as such. The concept of personality profile was a Swiss peculiarity and with its replacement by the term profiling, there is an alignment with European law (although personality profile has been reborn mutatis mutandis in the form of "high-risk profiling"). The new terminology is also intended to reflect technological progress, e.g., in the areas of Big Data and artificial intelligence, and the associated expanded possibilities for data processing.
4 Profiling was one of the main points of discussion in the legislative process. Differences on profiling were a major factor in the delayed passage of the revised law. There was particularly extensive debate about whether and to what extent profiling should require consent. In the preliminary draft of the FADP, profiling without the explicit consent of the data subject was still listed among personality violations. However, this consent requirement was dropped in the further legislative process. The right to object to profiling, which was put up for discussion, also failed to gain acceptance in parliament. Details of the definition and, in particular, the concept of "high-risk profiling," which was only created during the parliamentary deliberations and remained controversial until the end, were also the subject of discussion.
C. Systematics and Delimitation
5 Art. 5 FADP distinguishes between two forms of profiling: on the one hand, in lit. f, "normal" profiling as automated data processing for the purpose of evaluating personal aspects, and on the other hand, in lit. g, qualified "high-risk" profiling based on normal profiling. While the definition of normal profiling was adopted unchanged from the DSGVO into Swiss law, qualified profiling with high risk is an original creation of the Swiss legislator. With the gradation, the legislator wanted to take into account the fact that the various applications of profiling differ, sometimes considerably, in terms of scope and effects.
6 Profiling must be distinguished from automated individual decision-making pursuant to Art. 21 FADP. Profiling is the evaluation process that may underlie an automated individual decision, but is logically upstream of it. Profiling only leads to an automated individual decision if the evaluation manifests itself in a concrete external effect and this external effect is in the form of a legal consequence or a similarly drastic impairment.
II. Profiling (lit. f)
A. General
7 The change in terminology from personality profiling to profiling was intended to bring about an alignment with European law, and the legislator has consequently adopted the legal definition of Art. 4 No. 4 DSGVO almost verbatim into Swiss law. Essentially, it comprises four elements: firstly, an evaluation process which, secondly, is automated and, thirdly, produces statements about personal aspects which, fourthly, relate to a natural person. These elements are illustrated below using the example of personalized reading recommendations in bookstores.
B. Assessment Process
8 The focus of the concept of profiling is on the element of assessment. At its core, profiling is an evaluation process in which new knowledge about a person is derived through analysis or prediction. "Prediction" in this context expresses the fact that profiling usually aims at a future-oriented consideration, e.g., in order to make a prediction about which books customers might put in their shopping carts in the case of the book trade. "Analysis," the second form of evaluation mentioned in the legal definition, in contrast, represents an assessment of past or present aspects, although analysis does not usually stand alone, but in turn forms the basis for forward-looking statements.
9 A valuation always involves a normative classification and is therefore subjective to a certain extent. If there is no subjective scope for judgment and it is only a question of the objective determination of a fact, there is no valuation. The mere calculation of the location by a navigation system, for example, contains no more an element of evaluation than the mere retrieval, filtering or sorting of data in a database. If a bookseller sorts her customers on the basis of characteristics such as age or place of residence and forms corresponding customer groups, this is therefore not profiling. Even if she extracts buyers of a certain author from her customer database in order to draw their attention to a new publication by the same author, the bookseller is merely filtering and not profiling. If, on the other hand, the bookseller assigns e.g. buyers of George Orwell's "1984" to the customer segment "dystopian literature", this is a valuation and thus profiling.
C. Automation
10 Profiling pursuant to Art. 5 lit. f FADP only covers the automated processing of personal data. Processing is automated if it is carried out with the aid of computer-assisted techniques. There is no automation if the assessment is based exclusively on a human train of thought, i.e. only takes place "in the mind of a human being".
11 If, for example, a bookseller knows the preferences of her customers and makes individual recommendations to them based on these preferences (e.g., if she recommends Margaret Atwood's "The Handsmaid's Tale" to a reader of "1984"), this is not profiling within the meaning of the law because there is no automation. The fact that the bookseller makes notes on each customer in an electronic database does not change this. If, on the other hand, the bookseller has the recommendations calculated by an algorithm, this is an automated process and therefore constitutes profiling. In this case, the automation is not already cancelled out by the fact that the bookseller defines the criteria herself to a certain extent (e.g. assigns authors or books to certain genres), as long as the evaluation is computer-aided and is not limited to simple "if-then" queries.
12 The concrete technical design of the profiling process is not decisive. The concept of profiling is technology-neutral and the qualification as profiling is independent of the technical processes used. In practice, recommendation systems for digital offerings in particular are often based on so-called "collaborative filtering", in which the preferences and behavior of other users are taken into account in addition to the user's own user history and content information. For example, in an online bookstore, if user A and B like similar books and user A has positively rated a particular book that user B has not yet purchased, then the system could recommend that book to user B. However, the use of such correlation-based methods is not conceptually essential.
D. Personal aspects
13 For profiling to exist, the assessment must lead to new knowledge about personal aspects of natural persons. Art. 5 lit. f FADP contains a list of personal aspects, the assessment of which may constitute profiling: Work performance (e.g., compliance with quality standards or achievement of productivity goals), economic situation (e.g., income situation or savings behavior), health (e.g., dietary habits or risk propensity for certain diseases), personal preferences (e.g. investment preferences, favorite genres, or preferred travel destinations), interests (e.g., hobbies or leisure activities), reliability (e.g., creditworthiness or personality types), behavior (e.g., social interactions or purchasing behavior), location or change of location (e.g., movement patterns, walking routes, or mobility behavior).
14 The enumeration in Art. 5 lit. f is very comprehensive, but not exhaustive ("in particular"), and depending on the context, other aspects may also be relevant. The element of the personality aspect therefore has hardly any limiting effect. What is required is that the aspect has a certain complexity and is therefore amenable to evaluation in the sense of a subjective assessment. Aspects which do not allow for discretion and can therefore be determined purely objectively do not fall within the scope of profiling (e.g. the determination of body weight). However, as a future-related datum, the same aspects may require assessment (e.g., predicted future body weight). In addition, purely objectively ascertainable aspects may serve as a data basis for the evaluation of other, discretionary aspects (e.g., body weight as an indicator of certain disease risks).
E. Personal reference
15 Profiling in the legal sense finally requires that the statements made refer to individual persons. If, on the other hand, the statements only refer to groups of persons from which no individual persons can be determined, there is no profiling, even if the processing is based on personal data as "input". If, for example, a bookseller merely analyzes which authors and genres are most popular in the various age groups for the purpose of optimizing the product range, without making any statements about individual customers, she is not conducting profiling. The same applies to the analysis of website usage for the purpose of improving user-friendliness, where no personal evaluation is carried out.
16 There is also no profiling if the processing is based only on anonymous or aggregated data, i.e. the "input data" itself has no personal reference at all. This is not processing of personal data and data protection law is not applicable (Art. 2 para. 1 FADP). However, if the purpose of the processing is precisely to de-anonymize the data, which are in themselves anonymous, and to (re)allocate them to individual persons, this is again a processing of personal data subject to data protection law. In this case, profiling may be involved, the purpose of which is precisely to de-anonymize data by establishing connections.
III. High-Risk Profiling (lit. g)
A. General
17 With "high-risk profiling", Art. 5 lit. g FADP introduces a qualified form of profiling based on normal profiling. The legal concept of "high-risk profiling" was first created in the legislative process and was the subject of intense debate in Parliament. Discussions included formulations that would have been based on whether profiling produces personal data worthy of special protection, or on whether profiling extends to various areas of the data subject's life. Finally, the approach of adopting the previous legal concept of the "personality profile" in terms of content, although not in name, has prevailed. High-risk profiling is essentially profiling that leads to a personality profile in accordance with the previous FADP. The personality profile was only superficially abolished with the new FADP.
18 High-risk profiling is a Swiss peculiarity. The DSGVO does not recognize such a qualified form of profiling and makes special legal consequences in the case of profiling dependent on whether the profiling is carried out in connection with an automated individual decision. Greater alignment with the DSGVO could therefore have been achieved if the criterion for "high-risk profiling" had been defined as whether the profiling has legal effects on the data subject or significantly affects him or her in a similar way. The fact that instead the previous personality profile was revived and a Swiss peculiarity was perpetuated is to be regretted. An opportunity was missed here to create greater convergence with the DSGVO.
19 For there to be "high-risk profiling" pursuant to Art. 5 lit. g FADP, two elements must be present in addition to normal profiling: first, a linkage of data and second, essential aspects of the personality to which the statements generated by profiling potentially relate. The two additional elements are both necessary and sufficient. This means, first, that the eponymous high risk is assumed to exist if the two elements mentioned are present. The high risk is not an additional conceptual element that must be examined separately in each case. Further, it means that profiling that does not meet the legal definition does not become "high risk profiling" because it poses a high risk to data subjects in the specific case for other reasons (and therefore requires, for example, the performance of a data protection impact assessment).
B. Linking of data
20 High-risk profiling first requires data linkage. Data linkage refers to the process of connecting, merging, or matching two or more separate data sets to gain a deeper or broader understanding. Such linkage of data can be accomplished in a variety of ways, such as by merging data from different sources that relate to the same individual or by linking data based on common characteristics, criteria, or variables.
21 Linking of data replaces the former legal expression "compilation of data" and thus expresses that profiling is not about a mere collection of data, but about a targeted linking of different data sets. A mere collection of data, possibly also for the preparation of a profiling, does not yet constitute such a linkage. Unlike the previous personality profile, a static collection of data is not sufficient.
C. Assessment of essential aspects of personality
22 While findings about any aspects of personality are sufficient for normal profiling, they must relate to essential aspects of personality for high-risk profiling. It is not required that such essential personality traits actually be assessed. It is sufficient if statements about essential aspects of the personality are basically possible ("permitted") on the basis of the processed data and the manner of the processing procedure. It is then not relevant that Art. 5 lit. g FADP uses the term "assessment" instead of "evaluate". The two terms are to be understood synonymously.
23 According to the will of the legislator, the "Moneyhouse" case law of the Federal Administrative Court on personality profiles should continue to be the guideline for determining when an evaluation of essential aspects of the personality exists. Thus, the decisive factor is whether the linked information is condensed into a comprehensive picture of the person concerned. Essential criteria here are the amount and type of data used, the context of their use, and the temporal dimension, i.e. whether personal data are collected over a longer period of time and thus provide a quasi biographical picture by showing a development of the person concerned. In this context, even trivial data taken on its own can, through systematic linking, provide an overall picture of the person, if necessary, and convey potentially sensitive information about his or her identity, activities or preferences.
D. The need for a case-by-case approach
24 As with personality profiling to date, high-risk profiling remains elusive overall. The two conceptual elements of data linkage and the assessment of essential personality aspects provide a basic framework, but are unable to give the concept clear contours and require classification on a case-by-case basis. The fact that it ultimately comes down to a case-by-case consideration has also been recognized by the Federal Administrative Court in its case law on personality profiles. In a sense, "you know it when you see it."
25 High-risk profiling would be assumed in the example of the book trade, for example, if data on reading behavior were combined with food purchasing behavior and possibly other transaction data, as well as with data from fitness tracking apps, for example, in order to draw conclusions about health status and to provide data subjects with advertising for corresponding health offers or even to calculate individual insurance premiums. It would also qualify as high-risk profiling if reading behavior were linked with data on surfing behavior and geolocation data in order to obtain information on ideological views or religious beliefs. High-risk profiling would also be assumed if reading behavior were linked with credit card data and information from professional networking platforms in order to derive findings on assets and the ability to pay and, based on this, to decide which products and services are offered to the data subjects, how and at what prices.
IV. Legal consequences
A. Normal Profiling
26 Normal profiling, i.e., profiling without "high risk," is generally relevant under the FADP only for federal bodies (although private parties entrusted with public duties are also considered federal bodies). First, there is only a sufficient legal basis for profiling by a federal body if the profiling is provided for in a law in the formal sense (Art. 34 para. 2 lit. b FADP). If there is no such basis in a law in the formal sense and the profiling is based on consent, this consent is, on the other hand, only valid if it is explicit, i.e. if it refers to the profiling as such (Art. 6 para. 7 lit. c FADP).
27 In contrast, normal profiling has no special legal consequences for private data controllers and the usual rules apply. In particular, profiling must be made sufficiently transparent and data subjects must be informed about the categories of data created by means of profiling (e.g., preference data) (Art. 19 para. 3 FADP). However, profiling itself does not have to be specifically mentioned or described in the privacy statement. Only if essential decisions are fully automated on the basis of profiling are there special information and disclosure obligations for this (Art. 21 and Art. 25 para. 2 lit. f FADP).
28 Like any other data processing, profiling may also require the performance of a data protection impact assessment if it is associated with high risks for the data subjects. Whether there are high risks must be determined in each individual case on the basis of the specific circumstances and may also be the case if profiling does not qualify as "high risk" profiling pursuant to Art. 5 lit. g FADP due to the lack of existing conceptual elements.
29 Also in the case of profiling, consent is only required if there is a violation of the processing principles and there is no other justification for the data processing. Profiling is no different from "normal" data processing in this respect. The much-discussed consent requirement for profiling, which was still included in the preliminary draft, did not survive the legislative process.
30 The DSGVO also hardly provides for specific legal consequences in the case of profiling, or only if profiling is carried out in connection with an automated individual decision. Without reference to automated decision-making, profiling is only mentioned in Art. 21 para. 1 and 2 DSGVO, but only by way of example, since profiling would be covered by the right of objection like any other type of processing even without specific mention. It should also be noted that within the scope of application of the DSGVO, any data processing and thus also any profiling must be based on a legal basis. However, the available legal bases are not limited and all possible legal bases of Art. 6 para. 1 DSGVO are also available for profiling.
B. High-risk profiling
31 The intensity with which debates on high-risk profiling have been conducted contrasts with the low legal relevance of this legal figure. The new FADP provides for only three legal consequences attached to high-risk profiling.
32 First, any high-risk profiling must be subject to a mandatory data protection impact assessment, which systematically evaluates the risks to data subjects and, if necessary, defines remedial measures. It is true that Art. 22 para. 2 FADP does not explicitly mention high-risk profiling as a trigger for the obligation to conduct a data protection impact assessment. However, high-risk profiling is by definition a high risk for data subjects, and according to Art. 22 para. 1 FADP, a data protection impact assessment is mandatory for any processing with such a high risk. However, the "high risk" refers only to the initial risk that triggers the performance of a data protection impact assessment. As part of this assessment, the controller may conclude that the actual risk in the specific case is either not high or, after taking planned remedial measures into account, is no longer to be classified as high. In such a constellation, profiling remains "high-risk profiling" according to the legal definition, but must subsequently be treated as data processing without high risk.
33 Second, consent granted in connection with profiling must be explicit pursuant to Art. 6 para. 7 lit. b FADP if private controllers carry out high-risk profiling and they base this profiling on consent in the first place. Art. 6 para. 7 lit. b FADP sets forth requirements for the granting of valid consent, but does not establish a general consent requirement for high-risk profiling. Like normal profiling, high-risk profiling requires consent only if a processing principle is violated and no other justification exists.
34 Third, and finally, the overriding interest in credit checks falls out of consideration if the check is based on high-risk profiling (Art. 31 para. 2 lit. c no. 1 FADP).
35 As explained, the DSGVO does not recognize high-risk profiling, but provides for some specific legal consequences if the profiling is related to a fully automated decision that has legal effects on the data subject or similarly significantly affects him or her. Among other things, in such qualified constellations, the DSGVO also requires that a data protection impact assessment is mandatory (Art. 35 para. 3 lit. a DSGVO). Since decisions of such great significance are rarely made in corporate practice, the threshold for the mandatory performance of a data protection impact assessment in the case of profiling is rather higher under the DSGVO than under the Swiss FADP. The DSGVO contains sporadic additional legal consequences for profiling that is carried out in combination with an automated individual decision, including an extended obligation to provide information and disclosure, which also includes information on the logic involved and the effects for the data subjects.
V. Practice Notes
36 In corporate practice, the identification of high-risk profiling is particularly significant, since in the case of private controllers, special legal consequences are only attached to such profiling operations, first and foremost the obligation to conduct a data protection impact assessment. However, as seen, whether or not the threshold for high-risk profiling has been reached is highly dependent on the specific circumstances of the profiling in the individual case. It is therefore not easy to operationalize the concept of high-risk profiling and to define general criteria. In addition, profiling activities that do not qualify as "high-risk profiling" according to the legal definition may also entail a high risk in individual cases and may therefore require a data protection impact assessment.
37 There is much to be said for not applying too detailed criteria when checking whether a data protection impact assessment must be carried out (so-called threshold analysis). It is more effective to generally integrate the assessment of personal aspects as a risk factor in the review and project approval processes and, in a second step, to check on the basis of the specific circumstances whether there is either high-risk profiling according to the legal definition or profiling that entails a high risk for data subjects for other reasons. From a practical point of view, it is always advisable to conduct a data protection impact assessment if profiling reaches a certain intensity or if data from different sources are linked for this purpose.
38 Profiling also has implications for the design and implementation of data protection control processes. Profiling is particularly relevant for the implementation of information processes: both the personal data used in profiling ("input") and the new data and findings created with the help of profiling ("output") should be part of the information provided to data subjects in a suitable and comprehensible manner. The categories of data processed or newly created in connection with profiling, as well as the processing purposes pursued with profiling, must then be described in the privacy statement. Profiling itself, on the other hand, does not have to be specifically mentioned in the privacy statement. However, an explanation of profiling may be advisable as a confidence-building measure in the interest of transparency. Data processing in connection with profiling must be documented with the required information in the processing directory pursuant to Art. 12 FADP.
39 Finally, it is good practice to provide possibilities for data subjects to object to profiling. In practice, such opt-out options can be implemented, for example, through technical functionalities with which data subjects can independently switch off or prevent data processing or services that are connected with profiling - e.g., the receipt of personalized direct marketing measures. Such opt-out options operationalize the general right of objection of Art. 30 para. 2 lit. b FADP and also take into account the idea of "privacy by design". Such opt-out options also increasingly meet the expectations of customers to be able to influence the processing of their data in a relevant way.
Bibliography
Artikel-29-Datenschutzgruppe, Leitlinien zur automatisierten Entscheidungsfindung im Einzelfall einschliesslich Profiling für die Zwecke der Verordnung 2016/679, angenommen am 3.10.2017 und zuletzt überarbeitet und angenommen am 6.2.2018, abrufbar unter https://www.dsb.gv.at/dam/jcr:768b9c7f-f0f6-45d7-b2aa-d113d121ea69/Leitlinien%20zu%20automatisierten%20Entscheidungen%20im%20Einzelfall%20einschlie%C3%9Flich%20Profiling%20f%C3%BCr%20die%20Zwecke%20der%20Verordnung%202016-679.pdf, besucht am 25.5.2023.
Buchner Benedikt, Kommentierung zu Art. 4 Nr. 4 DSGVO, in: Kühling Jürgen/Buchner Benedikt (Hrsg.), Datenschutz-Grundverordnung, 3. Aufl., München 2020.
Bühlmann Lukas/Schüepp Michael, Begriff und Rechtsfolgen des Profilings im nDSG und der DSGVO, in: Jusletter 12.9.2022.
Ernst Stefan, Kommentierung zu Art. 4 DSGVO, in: Paal Boris P./Pauly Daniel A. (Hrsg.), Datenschutz-Grundverordnung – Bundesdatenschutzgesetz, 3. Aufl., München 2021.
Glatthaar Matthias, Keine Angst vor Profiling, in: Jusletter IT 30.9.2021.
Glatthaar Matthias/Schröder Annika, Kommentierung zu Art. 22 DSG, in: Blechta Gabor-Paul/Vasella David (Hrsg.), Basler Kommentar zum Datenschutzgesetz/Öffentlichkeitsgesetz, 4. Aufl., Basel 2023.
Jacot-Guillarmod Emilie, Le profilage à risque élevé de la nLPD : réflexions autour d’un monstre de Frankenstein, swissprivacy.ch, 24.8.2021, abrufbar unter https://swissprivacy.law/86/, besucht am 25.5.2023.
Klabunde Achim, Kommentierung zu Art. 4 DSGVO, in: Ehmann Eugen/Selmayr Martin (Hrsg.), Datenschutz-Grundverordnung, 2. Aufl., München 2018.
Lorentz Nora, Profiling – Persönlichkeitsschutz durch Datenschutz? Eine Standortbestimmung nach Inkrafttreten der DSGVO, Tübingen 2020.
Rosenthal David, Das neue Datenschutzgesetz, in: Jusletter 16.11.2020 (zit. Datenschutzgesetz).
Rosenthal David, Der Entwurf für ein neues Datenschutzgesetz, in: Jusletter 27.11.2017 (zit. Entwurf).
Roth Simon, Das Profiling im neuen Datenschutzrecht, SZW 2021, S. 34 ff.
Rudin Beat, Kommentierung zu Art. 5, in: Baeriswyl Bruno/Pärli Kurt/Blonski Dominika (Hrsg.), Stämpflis Handkommentar zum DSG, 2. Aufl., Bern 2023.
Scholz Philip, Kommentierung zu Art. 4 Nr. 4 DSGVO, in: Simitis Spiros/Hornung Gerrit/Spiecker gen. Döhmann Indra (Hrsg.), Datenschutzrecht – DSGVO mit BDSG, 1. Aufl., Frankfurt a.M. 2019.
Vasella David, Neues DSG: kein grundsätzliches Einwilligungserfordernis beim Profiling, auch nicht bei hohem Risiko, datenrecht.ch, 25.9.2020, abrufbar unter https://datenrecht.ch/neues-dsg-kein-grundsaetzlicheseinwilligungserfordernis-beim-profiling-auch-nicht-bei-hohem-risiko/, besucht am 25.5.2023 (zit. Einwilligungserfordernis).
Vasella David, Überlegungen zum Profiling mit hohem Risiko, datenrecht.ch, 23.11.2020, abrufbar unter https://datenrecht.ch/ueberlegungen-zum-profiling-mit-hohem-risiko/, besucht am 25.5.2023 (zit. Profiling).
Materials
Botschaft zum Bundesgesetz über die Totalrevision des Bundesgesetzes über den Datenschutz und die Änderung weiterer Erlasse zum Datenschutz vom 15.7.2017, BBl 2017 S. 6941 ff., abrufbar unter https://www.fedlex.admin.ch/eli/fga/2017/2057/de, besucht am 25.5.2023 (zit. Botschaft DSG).