08.01 Data Protection

08 Data Protection

«Privacy Protection» or «Data Protection» is the key issue of the digital world; not only because of the data protection hype surrounding the Internet community Facebook. However, privacy is not an invention of the digital age, but was already regulated in the first Swiss Civil Code (CC) of 1907 in CC 27 ff. under the title of the protection of the legal personality. With the advent of information technology (IT) in the 1980s, it became increasingly easy to collect and process data. As a result, the risk of personality violations according to the CC increased enormously and the legislator felt compelled to regulate personality protection in detail in the area of data processing. With regular delays in technological matters, the first Federal Act on Data Protection (FADP) came into force on 1 July 1993. At the turn of the millennium, the developments of the Internet and digitalisation then took off. This repeatedly brought data processing to a new dimension. The FADP had to be adapted to this development. After several years of work, Parliament approved the revised FADP on 25 September 2020 (unofficial English translation by Walder Wyss Ltd.). The revised Act is subject to an optional referendum with a 100-day referendum period. The Federal Council will then decide on the date of entry into force.

Only data relating to an identified or identifiable person, so-called personal data (FADP 3), are subject to statutory data protection. A «person» is understood to be both a natural person and a legal entity (with the revised FADP only a natural person!).

The basis of data protection law is formed by its principles, which are set out in FADP 4 ff. (and which will not change significantly even with the revised FADP). Although the subject matter may seem complicated, in practice it is actually simply a matter of applying data protection principles to the data lifecycle. The data lifecycle begins with the collection of data, continues through all data processing and ends with its destruction or deletion. Of the following principles, proportionality and appropriateness are particularly important in digital practice.

08 Data Protection