18 October 2002 - At the beginning of October, the company HBC informed the SDPC that it was to introduce a paternity test on the Swiss market in collaboration with specialist laboratories in the USA. At the same time, the SDPC received numerous enquiries from members of the public relating to the legality of such a paternity test. The SDPC has investigated the legal position and has requested that the company involved take the action required to ensure that no breach of the privacy of persons affected by the test occurs.
In a recommendation published on its website, the SDPC states that the present procedure does not comply with data protection regulations and represents a serious danger to the personal rights of the child and spouse.
Due to the far-reaching consequences (e.g. psychological stress) or complications a paternity test may have for all those involved, the SDPC has requested that both the spouse and the child be informed in advance. The person carrying out the test is thus subject to a special duty of notification.
In view of the particular sensitivity of this subject, written consent must also be obtained in every case for the conduct of a paternity test. However, in order that this consent also has legal validity, a guarantee must also be given that such consent is given voluntarily. Reference must therefore be made to the voluntary nature of the consent on the consent form.
In addition, the responsibility for investigating whether lawful consent has been given may not be passed on to the person instructing the test, as is the case with the current clause. Without effective checks on the consent clause, the conduct of secret tests is a simple matter, and such tests seriously infringe the personal rights of the child involved and of the unsuspecting spouse. As a result, the SDPC is demanding that the company introduces an effective review procedure with regard to the legal validity of consents that are given.
The SDPC is therefore requesting that the sale of the paternity tests be postponed until the data protection requirements are fulfilled. The company has been notified by the SDPC that it has 10 days within which to accept the demands of the SDPC. In the event that the demands are rejected, the SDPC will refer the matter to the Federal Data Protection Commission.