-
- Art. 5a FC
- Art. 6 FC
- Art. 10 FC
- Art. 16 FC
- Art. 17 FC
- Art. 20 FC
- Art. 22 FC
- Art. 29a FC
- Art. 30 FC
- Art. 32 FC
- Art. 42 FC
- Art. 43 FC
- Art. 43a FC
- Art. 55 FC
- Art. 56 FC
- Art. 60 FC
- Art. 68 FC
- Art. 75b FC
- Art. 77 FC
- Art. 96 para. 2 lit. a FC
- Art. 110 FC
- Art. 117a FC
- Art. 118 FC
- Art. 123b FC
- Art. 136 FC
- Art. 166 FC
-
- Art. 11 CO
- Art. 12 CO
- Art. 50 CO
- Art. 51 CO
- Art. 84 CO
- Art. 143 CO
- Art. 144 CO
- Art. 145 CO
- Art. 146 CO
- Art. 147 CO
- Art. 148 CO
- Art. 149 CO
- Art. 150 CO
- Art. 701 CO
- Art. 715 CO
- Art. 715a CO
- Art. 734f CO
- Art. 785 CO
- Art. 786 CO
- Art. 787 CO
- Art. 788 CO
- Transitional provisions to the revision of the Stock Corporation Act of June 19, 2020
- Art. 808c CO
-
- Art. 2 PRA
- Art. 3 PRA
- Art. 4 PRA
- Art. 6 PRA
- Art. 10 PRA
- Art. 10a PRA
- Art. 11 PRA
- Art. 12 PRA
- Art. 13 PRA
- Art. 14 PRA
- Art. 15 PRA
- Art. 16 PRA
- Art. 17 PRA
- Art. 19 PRA
- Art. 20 PRA
- Art. 21 PRA
- Art. 22 PRA
- Art. 23 PRA
- Art. 24 PRA
- Art. 25 PRA
- Art. 26 PRA
- Art. 27 PRA
- Art. 29 PRA
- Art. 30 PRA
- Art. 31 PRA
- Art. 32 PRA
- Art. 32a PRA
- Art. 33 PRA
- Art. 34 PRA
- Art. 35 PRA
- Art. 36 PRA
- Art. 37 PRA
- Art. 38 PRA
- Art. 39 PRA
- Art. 40 PRA
- Art. 41 PRA
- Art. 42 PRA
- Art. 43 PRA
- Art. 44 PRA
- Art. 45 PRA
- Art. 46 PRA
- Art. 47 PRA
- Art. 48 PRA
- Art. 49 PRA
- Art. 50 PRA
- Art. 51 PRA
- Art. 52 PRA
- Art. 53 PRA
- Art. 54 PRA
- Art. 55 PRA
- Art. 56 PRA
- Art. 57 PRA
- Art. 58 PRA
- Art. 59a PRA
- Art. 59b PRA
- Art. 59c PRA
- Art. 62 PRA
- Art. 63 PRA
- Art. 67 PRA
- Art. 67a PRA
- Art. 67b PRA
- Art. 75 PRA
- Art. 75a PRA
- Art. 76 PRA
- Art. 76a PRA
- Art. 90 PRA
-
- Vorb. zu Art. 1 FADP
- Art. 1 FADP
- Art. 2 FADP
- Art. 3 FADP
- Art. 5 lit. f und g FADP
- Art. 6 Abs. 6 and 7 FADP
- Art. 7 FADP
- Art. 10 FADP
- Art. 11 FADP
- Art. 12 FADP
- Art. 14 FADP
- Art. 15 FADP
- Art. 19 FADP
- Art. 20 FADP
- Art. 22 FADP
- Art. 23 FADP
- Art. 25 FADP
- Art. 26 FADP
- Art. 27 FADP
- Art. 31 para. 2 lit. e FADP
- Art. 33 FADP
- Art. 34 FADP
- Art. 35 FADP
- Art. 38 FADP
- Art. 39 FADP
- Art. 40 FADP
- Art. 41 FADP
- Art. 42 FADP
- Art. 43 FADP
- Art. 44 FADP
- Art. 44a FADP
- Art. 45 FADP
- Art. 46 FADP
- Art. 47 FADP
- Art. 47a FADP
- Art. 48 FADP
- Art. 49 FADP
- Art. 50 FADP
- Art. 51 FADP
- Art. 54 FADP
- Art. 57 FADP
- Art. 58 FADP
- Art. 60 FADP
- Art. 61 FADP
- Art. 62 FADP
- Art. 63 FADP
- Art. 64 FADP
- Art. 65 FADP
- Art. 66 FADP
- Art. 67 FADP
- Art. 69 FADP
- Art. 72 FADP
- Art. 72a FADP
-
- Art. 2 CCC (Convention on Cybercrime)
- Art. 3 CCC (Convention on Cybercrime)
- Art. 4 CCC (Convention on Cybercrime)
- Art. 5 CCC (Convention on Cybercrime)
- Art. 6 CCC (Convention on Cybercrime)
- Art. 7 CCC (Convention on Cybercrime)
- Art. 8 CCC (Convention on Cybercrime)
- Art. 9 CCC (Convention on Cybercrime)
- Art. 11 CCC (Convention on Cybercrime)
- Art. 12 CCC (Convention on Cybercrime)
- Art. 25 CCC (Convention on Cybercrime)
- Art. 29 CCC (Convention on Cybercrime)
- Art. 32 CCC (Convention on Cybercrime)
- Art. 33 CCC (Convention on Cybercrime)
- Art. 34 CCC (Convention on Cybercrime)
FEDERAL CONSTITUTION
CODE OF OBLIGATIONS
FEDERAL LAW ON PRIVATE INTERNATIONAL LAW
LUGANO CONVENTION
CODE OF CRIMINAL PROCEDURE
CIVIL PROCEDURE CODE
FEDERAL ACT ON POLITICAL RIGHTS
CIVIL CODE
FEDERAL ACT ON CARTELS AND OTHER RESTRAINTS OF COMPETITION
FEDERAL ACT ON INTERNATIONAL MUTUAL ASSISTANCE IN CRIMINAL MATTERS
DEBT ENFORCEMENT AND BANKRUPTCY ACT
FEDERAL ACT ON DATA PROTECTION
SWISS CRIMINAL CODE
CYBERCRIME CONVENTION
- In a nutshell
- I. General
- II. Competence of the Federal Council to conclude international treaties
- Bibliography
- Materials
In a nutshell
In view of increasingly international data flows, effective data protection must also regulate cross-border issues. This may require agreements with other states or international organizations. To facilitate the conclusion of such agreements, Art. 67 FADP grants the Federal Council authority to conclude international treaties without parliamentary approval for two specific subject areas, namely for the purpose of cooperation between data protection authorities and the mutual recognition of an adequate level of data protection. The delegation norm is to be interpreted narrowly.
I. General
A. Purpose of Art. 67 FADP
1 In the age of ubiquitous electronic networking, the cross-border processing of personal data has become part of everyday life. For a long time, therefore, data protection has also had an international dimension and, to that extent, has also become an object of foreign policy.
2 Switzerland has concluded numerous bilateral and multilateral agreements in the area of data protection. A distinction can be made between general agreements, which standardize or constitutionalize data protection across all areas of law, and subject-specific agreements, which establish regulations for individual areas of cooperation. The first category currently includes only the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS 108), the modernized version of which (ETS 108+) Switzerland will soon ratify. Subject-specific data protection regulations can be found in numerous agreements in the areas of police cooperation and mutual legal assistance in criminal matters, visa issuance, migration management and readmission of foreign nationals, cooperation in asylum matters, and the exchange of air passenger data.
3 An important player in data protection is the European Union. Its data protection law has a significant influence on Swiss law. Apart from indirect influences and the extraterritorial effect of the General Data Protection Regulation (GDPR), which will not be discussed in depth here, there are also several agreements between Switzerland and the EU with data protection content. Of greatest practical relevance is the Schengen Association, under which Switzerland adopts certain legal acts of the EU, in this case namely Directive 2016/680 on data protection in the areas of police and justice, which must be implemented by the federal government and the cantons.
4 Compared to the general regulation on the conclusion of international treaties in Switzerland (below n. 10 ff.), Art. 67 DPA facilitates the conclusion of international treaties by conferring on the Federal Council the competence to conclude treaties independently without the approval of the Federal Assembly in two specific subject areas, namely for the purpose of cooperation between data protection authorities as well as the mutual recognition of an adequate level of data protection.
B. History of origins
5 Art. 67 DPA replaces Art. 36 para. 5 aDSG, which was considered too vague under the existing principles of delegation of authority, namely the prohibition of blank delegations. Art. 36 para. 5 aDSG provided that the Federal Council may conclude international treaties on data protection if they comply with the principles of the FADP.
6 The remaining paragraphs of Art. 36 aDSG, which authorized the Federal Council to issue implementing provisions both of a general nature and relating to specific subject areas, are not continued in the new FADP.
7 In the legislative process, Art. 67 DPA was uncontroversial. The suggestion that the Federal Council's authority to conclude treaties should be limited to the effect that it may not conclude any treaties under international law on the enforcement in Switzerland of sanctions imposed by foreign supervisory authorities, which was put forward in some cases during the consultation process, was not heard either in the dispatch or in the parliamentary deliberations. Compared to the preliminary draft and the draft of the Federal Council, Art. 67 (with the exception of the numbering) did not undergo any changes in the parliamentary deliberations and, according to the Council minutes, was not discussed.
II. Competence of the Federal Council to conclude international treaties
8 An international treaty is an agreement concluded in writing between two or more subjects of international law within the meaning of Article 38(1)(a) of the ICJ Statute and Article 2(1)(a) of the Vienna Convention on the Law of Treaties.
9 While Art. 67 DPA uses the term "international treaty", à Art. 16 para. 2 lit. a DPA speaks of "international treaty". Despite the different terminology, the same is meant.
10 In principle, the Federal Council and the Federal Assembly are jointly responsible for concluding international treaties in Switzerland. While the Federal Council, within the scope of its foreign policy competences, negotiates and signs international treaties (Art. 184 para. 1 and 2 BV), the Parliament approves the treaties by means of a federal decree (Art. 166 para. 2 sentence 1 BV) before the Federal Council can ratify them (Art. 184 para. 2 BV). This is explained by the fact that international treaties, just like federal laws, contain law-making provisions and thus require at least subsequent democratic legitimation. In certain cases, the optional or obligatory referendum on international treaties is provided for in addition to parliamentary approval. If an international treaty is subject to a referendum, if it concerns essential interests of the cantons, or if it is of great political, financial, economic, ecological, social or cultural significance, a consultation must be carried out in advance.
11 Parliament may, however, dispense with this competence by means of delegation. Accordingly, the approval requirement does not apply to treaties whose conclusion has been delegated to the Federal Council by Parliament by means of a federal law or an international treaty approved by it. The idea behind this is to relieve the Federal Assembly from approving treaties that are "not worthy of parliamentary approval" and to concern it only with issues that require greater democratic legitimacy.
12 This independent treaty-making competence is elaborated in more detail in Art. 7a RVOG, which lists three constellations in which the Federal Council may ratify a treaty without prior parliamentary approval.
First, on the basis of an authorization in a specific federal law (Art. 7a para. 1 RVOG). Art. 67 DPA is such an authorization. Here, parallel principles as in the area of legislative delegations to the Federal Council are authoritative: the essential legal policy evaluations must be made with sufficient definiteness in the parliamentary law. So-called "blank delegations" are not compatible with the principle of legality, because they could have the effect of removing an unforeseeable number of international treaties of varying content from the requirement for approval.
Second, an authorization in an international treaty approved by the Federal Assembly (Art. 7a para. 1 RVOG). Essentially parallel principles of delegation apply to this as to delegations of competence in a federal act.
Thirdly, the Federal Council may ratify so-called treaties of limited scope without prior parliamentary approval (Art. 7a para. 2 RVOG). This is a subsidiary general clause because it applies to all treaties of limited scope, regardless of the area in question. According to Art. 7a para. 3 RVOG, contracts of limited scope include contracts that do not create new obligations or do not entail a waiver of existing rights (Art. 7a para. 3 lit. a RVOG), contracts that merely serve to execute contracts that have been approved by the Federal Assembly and merely flesh out the rights, obligations or organizational principles already stipulated in the basic contract (lit. b), and contracts that are addressed to the authorities and regulate administrative-technical issues (lit. c). This list is exemplary: whether a contract actually has a limited scope is to be determined by interpretation. The law also specifies which contracts are in principle not considered to be of limited scope (Art. 7a para. 4 RVOG). This is the case, in particular, if the treaty is subject to the optional referendum on the state treaty pursuant to Art. 141 para. 1 lit. d of the Federal Constitution (lit. a), contains provisions which fall within cantonal competences (lit. b), or involves high expenditure (lit. c). Further criteria are whether a treaty interferes with the legally protected interests of private individuals, requires a change in the law, or whether it fits "smoothly" into the general domestic and foreign policy environment as well as the economic environment.
13 In purely quantitative terms, the vast majority (over 90%) of treaties entered into by Switzerland are concluded independently by the Federal Council. The Federal Council submits an annual report to the Federal Assembly on the treaties it has concluded independently (Art. 48a para. 2 RVOG). In this form, there is subsequent parliamentary control.
14 The Federal Council may also delegate the competence to conclude international treaties to a department. If the treaty is of limited scope within the meaning of Art. 7a para. 2 RVOG, it may further delegate this competence to a group or to a federal office (Art. 48a para. 1 RVOG).
15 The predecessor provision, Art. 36 para. 5 aDSG, stipulated that the Federal Council may independently conclude international treaties "provided that they comply with the principles of the law." This was interpreted in the doctrine in such a way that the international treaties had to comply with the general data protection principles, namely the principles of legality, good faith, recognizability, proportionality, purpose limitation, data accuracy, data security, protection of the rights of the data subjects, as well as the prohibition of data disclosure abroad in the event of a risk of serious personality violations. Although this requirement has not been incorporated into the new provision, it still arises for Art. 67 DPA from the nature of the delegation and ultimately from the principle of separation of powers: in the absence of an explicit provision, the Federal Council is not authorized to conclude agreements that contradict the general provisions of the law without the approval of Parliament. Since the data protection principles derive directly from the Constitution (Arts. 5, 13, 36 BV) and the international law requirements of the data protection convention (Art. 5 ETS 108+), even parliamentary approval would not change the fact that international treaties contradicting the data protection principles may not be concluded in principle.
A. International Cooperation between Data Protection Authorities (lit. a)
16 According to Art. 67 lit. a FADP, the Federal Council may conclude international treaties regulating international cooperation between data protection authorities. Questions of delimitation arise with regard to the term "cooperation" (a) as well as the circle of authorities involved (b).
1. Cooperation
17 The increasingly cross-border nature of data processing makes international cooperation between data protection authorities essential. Cooperation is therefore one of the cornerstones of the modernized Council of Europe Convention ETS 108+, which in Chapter V obliges the contracting states to cooperate and provide mutual assistance (cf. Art. 16 para. 1 ETS 108+). Similarly, in its modernized data protection law, the European Union places great emphasis on institutionalized cooperation between national data protection authorities (cf. Art. 60 et seq. GDPR as well as the - for Switzerland in the area of police and law enforcement binding - Art. 50 et seq. DIRECTIVE 2016/680).
18Cooperation between data protection authorities can take various forms. Art. 17 of the ETS 108+ Convention lists the following forms of cooperation as examples: Providing mutual assistance, namely in the form of exchange of information, coordinating investigations or operations or carrying out joint measures, and providing each other with information and documentation on national law and administrative practice.
19The ETS 108+ Convention obliges the Parties to form a network of supervisory authorities to organize their cooperation (Art. 17 para. 3). Further details of the cooperation, in particular with regard to the forms and procedures as well as the languages to be used, are to be determined directly between the Contracting Parties concerned (Art. 21 para. 3). The conclusion of international treaties is necessary for the regulation of these issues. Art. 67 lit. a FADP enables the Federal Council to conclude such treaties in a simplified manner and thus also implements this obligation under Convention ETS 108+.
20In terms of domestic law, it is one of the statutory duties of the FDPIC to cooperate with foreign authorities responsible for data protection (à Art. 58 para. 1 lit. b FADP). In practice, the FDPIC cooperates in particular with individual national and supranational data protection authorities, especially the data protection authorities of the Schengen member states and the European Data Protection Committee (EDSA). It is also involved in international bodies such as the Council of Europe, the European and International Conferences of Data Protection Commissioners, the French-speaking Association of Data Protection Authorities, and the OECD.
21The FDPIC also has the authority to provide administrative assistance to foreign data protection authorities, provided that the requirements of à Art. 55 FADP are met. For this purpose, too, an international treaty may be necessary, which the Federal Council can facilitate pursuant to Art. 67 lit. a.
22In relation to the aforementioned statutory competences of the FDPIC, Art. 67 lit. a FADP provides the legal basis in cases where international cooperation goes beyond purely informal cooperation (e.g., the exchange of best practices) and must therefore be placed on a formal footing. The conclusion of an international treaty is particularly necessary if mutual rights and obligations are to be established on a permanent basis and if personal data or otherwise protected data (such as trade secrets) are to be exchanged with other states. For the transfer of personal data, the requirements of à Art. 16 FADP must also be observed.
23So far, no such cooperation agreements have been concluded in the area of data protection. As a model for a cooperation agreement, the dispatch also mentions an agreement from another legal area, namely the agreement of 17 May 2013 between the Swiss Confederation and the European Union on cooperation in the application of their competition law. The contents of this agreement provide a preview of possible contents of future cooperation agreements in the area of data protection: for example, in it, the parties undertake that their competition authorities may inform each other of enforcement measures that they consider may affect important interests of the other party (Art. 3), that they may coordinate enforcement measures with respect to related transactions (Art. 4), or that they may request each other to initiate enforcement measures (Art. 6).
24Also within the scope of Art. 67 lit. a FADP are agreements that delimit the responsibilities of the various data protection authorities. Such an agreement would have practical relevance with respect to the delimitation of responsibilities between Swiss and European data protection authorities, since the GDPR also applies to controllers or processors not established in the EU, which means that the responsibilities of the supervisory authorities of the EU member states extend to controllers in Switzerland, but they cannot take any enforcement action in Switzerland. A parliamentary motion calling for the conclusion of a corresponding coordination agreement with the EU was already adopted by the Councils in 2017, but has not yet been implemented, which is probably mainly due to the fact that no new agreements can currently be concluded with the EU before the institutional issues have been clarified. In any case, the Federal Council could conclude a corresponding coordination agreement based on Art. 67 DPA without the approval of Parliament.
2. Data protection authorities
25The authorization of the facilitated conclusion of cooperation agreements under international law pursuant to Art. 67 DPA relates exclusively to cooperation between "data protection authorities." Both the ETS 108 Convention (Art. 1 Additional Protocol of 2001 or Art. 12bis ETS 108+) and the EU Directive 2016/180 (Art. 41 RL 2016/680), which is binding on Switzerland, oblige the contracting states to establish one or more independent data protection supervisory authorities.
26Inversely, this means that the enabling basis of Art. 67 lit. a DPA does not extend to contracts on data protection-related cooperation between other authorities, such as the exchange of personal data between judicial, police or migration authorities. Such contracts require parliamentary approval unless authorized in another federal law.
27 The competence to conclude the cooperation agreement is reserved to the Federal Council. According to the wording of the law, even if the FDPIC is the party directly affected by such contracts, it has no competence to conclude them independently. Although the Federal Council would have the possibility to subdelegate its competence to conclude international treaties independently to the FDPIC (cf. Art. 48a para. 1 RVOG and above, n. 14), it has not done so to date. In this respect, the FDPIC is dependent for its activities on the Federal Council concluding corresponding contracts, which is in a certain tension with its institutional independence (à Art. 43 para. 4 FADP).
B. Mutual recognition of an adequate level of protection (lit. b)
28The second purpose for which the Federal Council may conclude state treaties without prior approval of Parliament is the mutual recognition of an adequate level of protection pursuant to Art. 67 lit. b FADP.
29This provision is to be understood in connection with à Art. 16 FADP, which regulates the conditions for the disclosure of personal data abroad. One of these possibilities is the existence of an international treaty: according to Art. 16 para. 2 lit. a, disclosure abroad is possible if an international treaty ensures appropriate data protection.
30The modernized data protection convention of the Council of Europe also recognizes the possibility of ensuring the existence of an adequate level of protection in a third country by means of an international agreement (cf. Art. 12 para. 3 lit. b ETS 108+). Similarly, EU law provides for corresponding regulations (cf. Art. 46 para. 2 lit. a GDPR and Art. 37 para. 2 lit. a of Directive 2016/680, which is binding on Switzerland).
31An international treaty within the meaning of Art. 16(2)(a) DPA may be a general data protection convention such as the ETS 108+ Convention, or any other sectoral agreement in a specific area that regulates the transfer of personal data between the contracting parties. It should be noted that an international treaty is only covered by the authorization in Art. 67 lit. b DPA if it is limited to the purpose of mutual recognition of an adequate level of protection; if it goes beyond that, the Federal Council may not conclude the treaty independently or needs a different basis for authorization.
32The possibility of recognizing an adequate level of protection by means of an international treaty is relevant if the legislation of the state or international body concerned does not provide adequate protection within the meaning of Art. 16(1) FADP and there is therefore no corresponding declaratory decision by the Federal Council. By means of an agreement, the states involved can agree on an international treaty data protection system that compensates for the deficiencies in the national legal system so that mutual recognition of an adequate level of protection becomes possible.
33The most important example of application is the agreements with the United States, whose level of data protection is not considered adequate within the meaning of Art. 16(1) FADP, among other things because of the far-reaching access rights of both the U.S. President and the domestic intelligence service to data held by U.S. companies and the limited legal protection available to non-U.S. nationals. At the same time, however, the agreements with the United States illustrate the limits of international treaty agreements on data protection standards, namely the difficulty in realpolitik of modifying the distribution of domestic competences by means of international law: The U.S.-Swiss Safe Harbor Framework (which was modeled on the EU-US Safe Harbor, which had to be replaced due to the ECJ ruling in the Schrems case), which was still cited as an example in the explanatory report on the preliminary draft of the DPA (but no longer in the dispatch), was no longer recognized by the FDPIC as a basis for data transfers to the United States following the Schrems ruling. After the subsequent EU-US Privacy Shield was also deemed insufficient by the ECJ in the Schrems II case, the Swiss-US Privacy Shield remains formally in force, but is also deemed insufficient by the FDPIC. The EU and the USA announced in March 2022 that they had agreed on a Trans-Atlantic Data Privacy Framework; however, Switzerland would first have to agree on a parallel agreement with the USA. It remains to be seen whether the Trans-Atlantic Data Privacy Framework will really overcome the aforementioned realpolitik difficulties.
34Mutual recognition of an adequate level of data protection is also possible in sectoral agreements. For example, in the context of double taxation agreements with countries that do not have adequate data protection, the contracting parties can state that data protection in connection with the granting of administrative assistance in tax matters is considered adequate, at least with regard to tax-relevant data, on the basis of the state treaty assurances given. The same applies to the transfer of personal data in the context of cooperation between police, customs, law enforcement or migration authorities, where Switzerland has concluded numerous agreements. As already mentioned, the enabling basis of Art. 67 lit. b FADP is limited to the question of mutual recognition of an equivalent level of protection. Consequently, cooperation agreements, which in practice usually regulate further, more far-reaching issues, require prior approval by Parliament - unless another federal law provides an enabling basis.
C. State treaties for other purposes
35The basis for authorization in Art. 67 FADP is limited to the two purposes of lit. a and b. The delegation norm must be interpreted narrowly. The delegation norm must be interpreted narrowly.
36For other purposes in the area of data protection, the Federal Council may also conclude treaties under international law, but the competence is then not based on this article but on the general provisions (see above n. 10 ff.). This means that if the treaty is of limited scope, or if there is an enabling provision in a federal law other than the DPA, the Federal Council may also ratify it without parliamentary approval. In all other cases, parliamentary approval is required prior to ratification.
37In my opinion, treaties that involve the transfer of personal data to foreign authorities are not of limited scope, since they interfere with the legally protected interests of private individuals. These include the numerous cooperation agreements in the areas of police, justice, mutual legal assistance, migration and taxation that Switzerland has concluded with other states and which contain provisions on the exchange of data. State treaties or exchanges of notes for the implementation of the further development of the Schengen acquis (insofar as they regulate more than mere technical details) as well as agreements with other states on access to passenger name records (PNR) also fall under this category. Since Art. 67 does not provide any authorization for such agreements, a delegation in a sectoral federal law or parliamentary approval is always required. Correctly, the Federal Council also obtained the prior approval of the Federal Assembly before ratifying the ETS 108+ Convention as well as the adoption of Directive 2016/680. Both legal acts are instruments of great scope within the meaning of the exemplary list in Art. 7a para. 4 RVOG.
38 It should be noted that the basis for authorization in Art. 67 FADP empowers the Federal Council to conclude agreements of limited as well as broader scope within the framework of the stated purposes. In my opinion, the legal opinion expressed in the doctrine on the old delegation norm in Art. 36 Para. 5 aDSG, according to which this only covers contracts of limited scope, fails to take into account the relationship between the various bases of authorization in Art. 7a RVOG. A sectoral delegation in a federal law constitutes a lex specialis and enables a fortiori both the conclusion of treaties of limited scope and those of broader scope.
39The Federal Council decides whether a treaty of limited scope exists or whether it falls under the delegation of Art. 67 lit. a and b. The Federal Council has the power to decide on the scope of the treaty. In order to check that it does not exceed its powers, Art. 48a para. 2 RVOG requires the Federal Council to report annually to the Federal Assembly on the contracts concluded, amended and terminated by it, by the departments, by the groupings or by the offices. If the Federal Assembly does not agree with the division made by the Federal Council, it may request by way of motion that the Federal Council submit the contract for subsequent approval.
Bibliography
Cattaneo Gianni, Kommentierung zu Art. 67 DSG, in: Métille Sylvain/Meier Philippe (Hrsg,), Loi sur la protection des données LPD.
Dauag Apollo, Kommentierung zu Art. 67 DSG, in: Baeriswyl Bruno/Pärli Kurt/Blonski Dominika (Hrsg.), Datenschutzgesetz, Stämpflis Handkommentar, 2. Aufl., Bern 2022.
EDÖB, 29. Tätigkeitsbericht 2021/22, Bern 2022, abrufbar unter https://www.edoeb.admin.ch/edoeb/de/home/deredoeb/taetigkeitsberichte.html , besucht am 11.4.2023 (zit. 29. Tätigkeitsbericht).
EDÖB, Stellungnahme zur Übermittlung von Personendaten in die USA und weitere Staaten ohne angemessenes Datenschutzniveau, 8.9.2020, abrufbar unter https://www.edoeb.admin.ch/edoeb/de/home/kurzmeldungen/nsb_mm.msg-id-80318.html , besucht am 13.4.2023 (zit. Datenübermittlung).
Epiney Astrid, Kommentierung zu Art. 166 BV, in: Waldmann Bernhard/Belser Eva Maria/Epiney Astrid (Hrsg.), Basler Kommentar, Bundesverfassung, Basel 2015.
Epiney Astrid/Frei Nula, Die völker- und europarechtliche Einbettung des DSG, in: Bieri Adrian/Powell Julian (Hrsg.), Orell Füssli Kommentar Datenschutzgesetz, Zürich 2023, S. 33-57 (zit. DSG).
Epiney Astrid/Frei Nula, Zur Übernahme weiterentwickelten EU-Rechts durch den Bundesrat. Selbständige Vertragsschlusskompetenzen im Rahmen der Bilateralen Abkommen, am Beispiel der Liberalisierung des internationalen Schienenpersonenverkehrs, in: Jusletter 12.8.2019 (zit. Vertragsschlusskompetenzen).
Fey Marco, Kommentierung zu Art. 67 aDSG, in: Baeriswyl Bruno/Pärli Kurt (Hrsg.), Datenschutzgesetz, Stämpflis Handkommentar, Bern 2015.
Fischer Philipp, Kommentierung zu Art. 16 DSG, in: Métille Sylvain/Meier Philippe (Hrsg,), Loi sur la protection des données LPD.
Frei Nula, Die Revision des Datenschutzgesetzes aus europarechtlicher Sicht, in: Jusletter 17.9.2018 (zit. Revision DSG).
Frei Nula, Die Datenschutz-Grundverordnung und die Schweiz, in: Epiney Astrid/Rovelli Sophia (Hrsg.), Datenschutz und Gesundheitsrecht, Zürich 2019 (zit. DSGVO).
Jauslin Carl/Spenlé Christoph, Kommentierung zu Art. 67 DSG, in: Bieri Adrian/Powell Julian (Hrsg.), Orell Füssli Kommentar Datenschutzgesetz, Zürich 2023.
Kerboas Cécile/Lennman Catherine, Kommentierung zu Art. 55 DSG, in: Métille Sylvain/Meier Philippe (Hrsg,), Loi sur la protection des données LPD.
Kunz Christian, Kommentierung zu Art. 16 DSG, in: Bieri Adrian/Powell Julian (Hrsg.), Orell Füssli Kommentar Datenschutzgesetz, Zürich 2023.
Métille Sylvain/Ackermann Annelise, RGPD : application territoriale et extraterritoriale, in: Epiney Astrid/Rovelli Sophia (Hrsg.), Datenschutzgrundverordnung (DSGVO): Tragweite und erste Erfahrungen, Zürich 2020.
Rosenthal David/Jöhri Yvonne, Handkommentar zum Datenschutzgesetz sowie weiteren, ausgewählten Bestimmungen, Zürich 2008.
Rudin Beat/Husi-Stämpfli Sandra, Kommentierung zu Art. 36 DSG, in: Maurer-Lambrou Urs/Blechta Gabor-Paul (Hrsg.), Basler Kommentar, Datenschutzgesetz/Öffentlichkeitsgesetz, 3. Aufl., Basel 2014.
Schmid Evelyne, Kommentierung zu Art. 166 BV, in: Martenet Vincent/Dubey Jacques (Hrsg.), Commentaire romand Constitution fédérale, Basel 2021.
Thürer Daniel, Kommentierung zu Art. 166 BV, in: Ehrenzeller Bernhard/Schindler Benjamin/Schweizer Rainer J./Vallender Klaus A. (Hrsg.), Bundesverfassung St. Galler Kommentar, 4. Aufl., Zürich 2023.
Tschannen Pierre, Staatsrecht der Schweizerischen Eidgenossenschaft, 4. Aufl., Bern 2016.
Materials
Botschaft zum Bundesgesetz über die Kompetenz zum Abschluss völkerrechtlicher Verträge von beschränkter Tragweite und über die vorläufige Anwendung völkerrechtlicher Verträge (Änderung des Regierungs- und Verwaltungsorganisationsgesetzes und des Parlamentsgesetzes) vom 4.7.2012, BBl 2012 7465 ff., abrufbar unter https://www.fedlex.admin.ch/eli/fga/2012/1138/de, besucht am 11.4.2023 (zit. Botschaft RVOG und ParlG).
Vorentwurf zum Bundesgesetz über den Datenschutz vom 21.12.2016, abrufbar unter https://www.bj.admin.ch/dam/bj/de/data/staat/gesetzgebung/datenschutzstaerkung/vorentw-d.pdf.download.pdf/vorentw-d.pdf, besucht am 11.4.2023 (zit. VE-DSG).
Erläuternder Bericht zum Vorentwurf für das Bundesgesetz über die Totalrevision des Datenschutzgesetzes und die Änderung weiterer Erlasse zum Datenschutz vom 21.12.2016, abrufbar unter https://www.bj.admin.ch/dam/bj/de/data/staat/gesetzgebung/datenschutzstaerkung/vn-ber-d.pdf.download.pdf/vn-ber-d.pdf, besucht am 11.4.2023 (zit. Erläuternder Bericht DSG).
Bundesamt für Justiz, Zusammenfassung der Ergebnisse des Vernehmlassungsverfahrens zum Vorentwurf für das Bundesgesetz über die Totalrevision des Datenschutzgesetzes und die Änderung weiterer Erlasse zum Datenschutz vom 10.8.2017, abrufbar unter https://www.bj.admin.ch/dam/bj/de/data/staat/gesetzgebung/datenschutzstaerkung/ve-ber-d.pdf.download.pdf/ve-ber-d.pdf, besucht am 11.4.2023 (zit. Vernehmlassungsergebnisse DSG).
Botschaft zum Bundesgesetz über die Totalrevision des Bundesgesetzes über den Datenschutz und die Änderung weiterer Erlasse zum Datenschutz vom 15.9.2017, BBl 2017 6941 ff., abrufbar unter https://www.fedlex.admin.ch/eli/fga/2017/2057/de, besucht am 13.4.2023 (zit. Botschaft DSG).
Entwurf zum Bundesgesetz über die Totalrevision des Bundesgesetzes über den Datenschutz und die Änderung weiterer Erlasse zum Datenschutz vom 15.9.2017, BBl 2017 7193 ff., abrufbar unter https://www.fedlex.admin.ch/eli/fga/2017/2058/de, besucht am 11.4.2023 (zit. E-DSG).
Botschaft zur Genehmigung des Protokolls vom 10.10.2018 zur Änderung des Übereinkommens zum Schutz des Menschen bei der automatischen Verarbeitung personenbezogener Daten vom 6.12.2019, BBl 2020 565 ff., abrufbar unter https://www.fedlex.admin.ch/eli/fga/2020/60/de, besucht am 13.4.2023 (zit. Botschaft SEV 108+).