«Privacy Protection» or «Data Protection» is the key issue of the digital world; not only because of the data protection hype surrounding the Internet community Facebook. However, privacy is not an invention of the digital age, but was already regulated in the first Swiss Civil Code (CC) of 1907 in CC 27 ff. under the title of the protection of the legal personality. With the advent of information technology (IT) in the 1980s, it became increasingly easy to collect and process data. As a result, the risk of personality violations according to the CC increased enormously and the legislator felt compelled to regulate personality protection in detail in the area of data processing. With regular delays in technological matters, the first Federal Act on Data Protection (FADP) came into force on 1 July 1993. At the turn of the millennium, the developments of the Internet and digitalisation then took off. This repeatedly brought data processing to a new dimension. The FADP had to be adapted to this development. After several years of work, the revised Data Protection Act came into force on 1 September 2023.
Under the legal data protection regulations, only data that pertains to an identified or identifiable person is covered, known as personal data. According to the revised FADP, «person» now refers exclusively to a natural person (Art. 5 lit. a FADP). The data of legal entities continue to be protected under Art. 28 of the Swiss Civil Code (CC) (general personality rights), as well as through trade secrets, particularly according to Art. 162 of the Swiss Criminal Code (CrC) and Art. 6 of the Swiss Federal Act on Unfair Competition (UCA). A subset of personal data includes the «sensitive» personal data according to Art. 5 lit. c FADP. This data includes, among other things, information about religious, ideological, and political beliefs, as well as health and intimacy; under the revised FADP, it now also includes genetic and biometric data. Special protection is reflected in specific further regulations regarding the collection and processing of this data.
The basis of data protection law is formed by its principles, which are set out in Art. 6 ff. FADP and, which will not change significantly even with the revised FADP. Although the subject may seem complicated, in practice it is actually simply a matter of applying data protection principles to the data lifecycle. The data lifecycle begins with the collection of data, continues through all data processing, and ends with its destruction or deletion. Of the following principles, proportionality and appropriateness are particularly important in digital practice.