Latest news

2024

15.08.2024 - New Swiss-US Data Privacy Framework

The Federal Data Protection and Information Commissioner takes note of the new Data Privacy Framework between Switzerland and the USA.

07.08.2024 - Somali data protection authority pays visit to FDPIC in Bern

The FDPIC welcomed his Somali counterpart for talks.

09.07.2024 - Explanations on data processing in clubs and associations supplemented and expanded

The existing explanations on data processing in clubs and associations have been comprehensively supplemented with frequently asked questions and important innovations under the new Data Protection Act.

21.06.2024 - Meta: No change to the terms of use for Switzerland for the time being

Meta will not use the data of Facebook and Instagram users in Switzerland to train its AI either.

18.06.2024 - New factsheet on planning and justifying online access

Online access to personal data can cause serious prejudice to the fundamental rights of the data subjects concerned. Federal authorities must therefore plan such access in good time in accordance with the FADP and justify it to their political overseers.

04.06.2024 - Bilateral meeting

The Federal Data Protection and Information Commissioner, Adrian Lobsiger, met with his Austrian counterpart in Bern today for an exchange of views.

27.03.2024 - FDPIC's statement on exchange of police data

Data Protection Commissioner welcomes public debate on the inter-cantonal agreement on the exchange of data between police corps and the planned involvement of the federal government.

26.01.2024 - Data Protection Day 2024: Digital transformation – Do we still have control over our data?

To mark International Data Protection Day, experts will be discussing the topic of ‘Data protection and vulnerability’ at the University of Lausanne on 26 January.

23.01.2024 - Guide to Technical and Organisational Data Protection Measures (TOM) available in English

The guide on technical and organisational data protection measures (TOM) has been revised and is also available in English.

15.01.2024 - EU adequacy decision regarding Switzerland

The European Commission confirmed the adequacy of the Swiss data protection level.

2023

12.12.2023 - Phishing attack on hotels

Cybercriminals have stolen hotels’ access data to booking platforms such as booking.com and are trying to defraud hotel guests.

29.11.2023 - Freedom of Information Act: The FDPIC publishes his recommendations on takeover of Credit Suisse by UBS

The FDPIC recommends the deferral of access until the PInC has completed its work if the disclosure could significantly harm the free opinion-forming and decision-making process of the PInC.

24.11.2023 - Freedom of Information Act: FDPIC publishes six recommendations on contracts for COVID vaccines

In his six recommendations, the FDPIC concludes that access should be granted to a large extend.

22.11.2023 - European Case Handling Workshop in Bern

The FDPIC hosted the European Case Handling Workshop in Bern from 8 to 9 November 2023, under the aegis of the Conference of European Data Protection Authorities.

09.11.2023 - Current data protection legislation is directly applicable to AI

AI is penetrating economic and social life. The FDPIC points out that the FADP is directly applicable to AI-supported data processing.

06.10.2023 - Oracle: No concerns for people living in Switzerland

The FDPIC has terminated its investigations and decided not to bring formal proceedings.

08.09.2023 - Switzerland ratifies the Convention 108+

As the only legally binding international instrument for the protection of personal data, Convention 108 plays a crucial role in promoting the right to privacy worldwide.

30.08.2023 - Factsheet on data protection impact assessment

Under the new Data Protection Act, there is an obligation for federal bodies and private individuals to prepare a DPIA if the planned data processing entails a high risk for the personality or fundamental rights of the data subjects.

24.08.2023 - Joint statement on data scraping and data protection

The FDPIC, acting with nine other national data protection authorities, has published a joint statement to social media platform operators on the protection of personal data against data scraping.

18.07.2023 - Factsheet on FDPIC investigations of violations of data protection regulations

The factsheet is designed to provide a brief overview of the investigation. It summarises the in-depth interpretations of the FDPIC on Articles 49-53 FADP.

13.07.2023 - Third reporting portal online

In view of the entry into force of the revised Data Protection Act, the FDPIC is completing its reporting portals with the online registration of Data Protection Officers.

10.07.2023 - EU-US Data Protection Framework: Adequacy decision of the EU

Switzerland is also engaged in discussions on a Swiss-U.S. Data Privacy Framework). Under the new FADP it will be the responsibility of the Federal Council to decide on the adequacy of states.

11.05.2023 - FDPIC launches new website

The FDPIC has updated the content of its website ahead of the new Data Protection Act coming into force on 1 September 2023. At the same time, the ‘DataBreach Portal’ for reporting security vulnerabilities is available.

06.04.2023 - Using emergency legislation to exclude the Freedom of Information Act

The exclusion of citizens' rights of access guaranteed by the Freedom of Information Act by way of an emergency ordinance raises fundamental legal issues.

04.04.2023 - Einsatz von ChatGPT und vergleichbaren KI-gestützten Anwendungen

Nach dem Verbot von ChatGPT in Italien rät der EDÖB Nutzerinnen und Nutzern zu einem bewussten Umgang mit KI-gestützten Anwendungen und erinnert Unternehmen an ihre Pflichten.

07.03.2023 - Federal Administration introduces public cloud-based application Microsoft 365

The Microsoft Office 2021 applications that are currently still run locally throughout the Federal Administration are to be replaced by the public cloud-based Microsoft 365 application.

27.01.2023 - Data Protection Day 2023

Elections and votes at all federal levels in Switzerland now take place in a digitalised world. Those involved in forming political opinion use the potential of digitalisation to specifically target their campaigns at voters. In this, voters’ rights to privacy and self-determination may come under considerable threat.

Press releases

The latest media releases of the Federal Data Protection and Information Commissioner (FDPIC)

2022

14.12.2022 - Cyber attack on Infopro AG

Status of the FDPIC's ongoing preliminary investigation and list of questions for Winbiz SA

25.11.2022 - Nutzerdaten von WhatsApp abgegriffen

Gemäss News-Meldungen werden rund 550 Mio. Nutzerdaten des Messengerdienstes WhatsApp im Darknet zum Kauf angeboten, davon betroffen seien 1.5 Mio. Schweizer Nutzerinnen und Nutzer.

18.11.2022 - Zur Fussball-WM nach Katar - EDÖB empfiehlt Reisenden Zweit-Smartphone

Katar verlangt von den Gästen der Fussball-WM für die Einreise die Installation der beiden Apps «Ehteraz» und «Hayya to Qatar 2022». Nach Einschätzung des EDÖB weisen beide Applikationen erhebliche datenschutzrechtliche Risiken auf.

17.11.2022 - Registering a data file - reporting inventories (DataReg)

When the new Data Protection Act (FADP) comes into force on 1 September 2023, the procedure for registering data files with the FDPIC will undergo a change. From this date onwards, only federal bodies will have to report their data processing activities to the FDPIC.

07.10.2022 - European Union-U.S. Data Privacy Framework

The FDPIC has taken note of the factsheet released by the US regarding the «Data Privacy Framework (DPF)» and is analysing it.

27.09.2022 - OOracle: Tracking technologies encroach on internet users' privacy rights

In a lawsuit filed in the US on 19 August 2022 against Oracle America Inc., plaintiffs raise serious allegations of unlawful tracking of internet users.

08.07.2022 - Credential stuffing: report and guidelines

In its latest report, the Global Privacy Assembly identifies credential stuffing as a growing threat to personal data. The related guidelines provide users with information on security measures that can be taken to protect against this threat.

13.06.2022 - Outsourcing of personal data processing by Suva to a Microsoft cloud service

In view of certain differences of legal opinion, the FDPIC is advising Suva to reconsider the decision to outsource its personal data processing to a cloud service operated by the US company Microsoft.

31.03.2022 - Hackerangriffe auf Arztpraxen in der Romandie

Gestern wurde bekannt, dass Hacker mehreren Arztpraxen in der Romandie Patientendossiers entwendet und eine grosse Menge medizinischer Daten im Darknet publiziert haben.

2021

23.12.2021 - Update Mitto AG

In the preliminary investigation now opened, the FDPIC has contacted Mitto AG and the mobile phone operators in Switzerland.

15.11.2021 - Mitgliederdaten der Schützenvereine an Kreditkartenanbieter

Anfang Mai hat der Schweizer Schiesssportverband (SSV) über 50'000 lizenzierten Schützinnen und Schützen einen neuen Mitgliederausweis mit Kreditkartenfunktion verschickt.

08.11.2021 - Versand von Impfdaten durch die Stiftung «meineimpfungen»

Die Stiftung meineimpfungen hat am Freitag, 04.11.2021 damit begonnen, den Nutzerinnen und Nutzern der Plattform deren Impfdaten als Anhang einer unverschlüsselten E-Mail zukommen zu lassen.

08.09.2021 - EDÖB empfiehlt die Verwendung des Covid-Zertifikats Light

Der EDÖB hat die Entwicklung des Covid-Zertifikats begleitet und darauf hingewirkt, dass dieses Zertifikat datenschutzkonform ausgestaltet wurde. Er begrüsst, dass der Nachweis jetzt ausschliesslich durch das Covid-Zertifikat erbracht werden muss und nicht auf beliebig andere Nachweise abgestellt wird.

07.09.2021 - Schlussbericht des EDÖB in der Sachverhaltsabklärung zu meineimpfungen.ch

In der Sachverhaltsabklärung betreffend die Plattform meineimpfungen.ch hat der EDÖB der Stiftung meineimpfungen Ende Juli 2021 seinen Schlussbericht zugestellt. Darin hat er drei Empfehlungen formuliert.

27.08.2021 - The transfer of personal data to a country with an inadequate level of data protection based on recognised standard contractual clauses and model contracts

In its statement of 27 August 2021, the FDPIC recognises the standard contractual clauses for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (pursuant to Implementing Decision 2021/914/EU) as the basis for personal data transfers to a country without an adequate level of data protection, provided that the necessary adaptations and amendments are made for use under Swiss data protection law.

04.08.2021 - FDPIC comments on the transfer of data to the United States Securities and Exchange Commission

The FDPIC has issued the following memorandum to the US Securities and Exchange Commission (SEC) on the question of the lawfulness of the transfer of data from Swiss asset managers to the US supervisory authority

19.07.2021 - EDÖB empfiehlt die Verwendung des datenschutzfreundlichen Covid-Zertifikats Light

19.07.2021 - Mit der neusten Version der «COVID Certificate»-App, kann auf einfache Weise ein datenschutzfreundliches Zertifikat Light generiert werden.

13.07.2021 - Neues DSG: Rekrutierung von 5 weiteren Stellen ab Juli 2022

Nach dem der Bundesrat dem EDÖB mit Blick auf das im 2. Semester 2022 vorgesehene Inkrafttreten des neuen Bundesgesetzes über den Datenschutz (DSG) im Jahr 2019 die Schaffung von drei, vom EDÖB inzwischen rekrutierten Stellen genehmigte, hat er nun fünf weitere Stellen bewilligt.

22.06.2021 - Entwicklungen im Verfahren «SocialPass»

Nachdem die gemeinsame Rechtsvertretung der Betreiber von SocialPass das Mandat beendet hat, droht sich das hängige Aufsichtsverfahren zeitlich erneut zu verzögern.

04.06.2021 - Covid certificate dispels major data protection concerns

By offering the option of providing certificates in paper form, and creating an additional minimal data QR code for use in Switzerland, the Federal Council has dispelled key concerns raised by the Federal Data Protection and Information Commissioner (FDPIC).

13.04.2021 - Begleitung des BAG-Projekts für ein datenschutzkonformes Covid-19-Impfzertifikat

Der EDÖB wirkt in einer vom BAG eingesetzte Projektgruppe im Hinblick auf die Umsetzung eines Covid-19-Zertifikats auf datenschutzkonforme Ausgestaltung des Nachweises hin. Die Forderungen des EDÖB decken sich im Wesentlichen auch mit der Stellungnahme des Europäischen Datenschutzausschusses und des Europäischen Datenschutzbeauftragten zum Verordnungsentwurf zum «Grünen Pass» der EU.

13.04.2021 - Datenabflüsse bei Sozialen Netzwerken

LinkedIn ist Opfer eines massiven Abflusses von Personendaten geworden. Wie die Website Cybernews berichtet, stehen die Daten von 500 Millionen Nutzern des professionellen sozialen Netzwerks auf einem spezialisierten Forum zum Verkauf.

05.03.2021 - Das neue Datenschutzgesetz aus Sicht des EDÖB

Bis zum Inkrafttreten des neuen DSG werden Privatwirtschaft und Bundesbehörden ihre Bearbeitung von Personendaten an die neuen Bestimmungen anpassen müssen. Der Beauftragte hat hierzu die aus seiner Sicht wesentlichsten Neuerungen festgehalten und publiziert.

22.01.2021 - Datenschutzrechtliche Anforderungen für die Erhebung von Gesundheitsdaten durch Private im Zusammenhang mit der Pandemiebekämpfung

Bei der Bekämpfung der Covid-Pandemie kommen zunehmend digitale Applikationen zum Einsatz, die auf Smartphones installiert werden, auf denen sich meist umfangreiche Spuren der digitalen Lebensführung ihrer Besitzer befinden. So die vom Bund lancierte SwissCovid App oder sogenannte «Tracing Apps», welche von Privaten angeboten werden und das Contact Tracing in den Kantonen erleichtern sollen.

2020

25.09.2020 - Breakthrough for up-to-date data protection

In its final vote, the Parliament adopted today the total revision of the Federal Act on Data Protection (FADP).

16.07.2020 - CJEU ruling on European standard contractual clauses and the EU-US Privacy Shield

16.07.2020 - In its judgment of 16 July 2020 in Case C-311/18 Data Protection Commissioner v. Facebook Ireland Ltd and Maximilian Schrems, the Court of Justice annulled Decision 2016/1250 on the adequacy of the protection provided by the EU-US Privacy Shield.

12.06.2020 - Update Proximity Tracing App: technical security of the SwissCovid app confirmed

After reviewing the NCSC report on Risk Estimation Proximity Tracing, the FDPIC has confirmed his assessment that the Swiss proximity tracing system operated by the Federal Office of Public Health and the SwissCovid app are data protection compliant.

19.05.2020 - Coronavirus protection plans

The FDPIC supervises the implementation of the protection plans by private companies. He attaches importance to the fact that the procurement and transfer of personal data within the framework of these plans is voluntary.

13.05.2020 - Update "Proximity Tracing App"

FDPIC examines system architecture and demands proof of sufficient legal basis.

30.04.2020 - Update Proximity Tracing App

Data processing in the back end of the «Proximity Tracing-Application (PTAPP)» is proportionate from the perspective of the FDPIC.

21.04.2020 - Update Proximity Tracing App

FDPIC examines system architecture and demands proof of sufficient legal basis.

20.04.2020 - Update Libra

Libra informs on FINMA's application and intensifies work on the data protection concept.

09.04.2020 - Measures for the safe use of audio and video conferencing systems

Despite the rush with which business meetings, children’s ‘visits’ with their grandparents, or even parties have been moved online, we must not forget how important information security and data protection continue to be.

17.03.2020 - Legal data protection framework for coronavirus containment

17.03.2020 - Insofar as private individuals (in particular employers) process personal data to combat the pandemic, the principles set out in Article 4 of the Federal Act on Data Protection must be respected.

31.01.2020 - What impact does Brexit have on cross-border data flows?

Following the referendum held in the United Kingdom in June 2016, the British government announced its decision to withdraw from the European Union (Brexit). The United Kingdom will leave the EU on 31 January 2020.

2019

18.12.2019 -Second chamber concludes consultation on Data Protection Act (DPA)

The FDPIC welcomes the fact that the Council of States has debatted the totally revised DPA and has adopted most of the improvements proposed by its Commission in comparison to the National Council version.

20.11.2019 - The Data Protection Act goes to the Council of States in the winter session

The FDPIC welcomes the fact that, within the short time available up to the end of the session, the Political Institutions Committees of the Council of States (PIC-S) has succeeded in adopting a legislative text for the attention of the Plenum of the Council of States that is ready for consultation and significantly improved on the version of the National Council.

17.10.2019 - Facebook to introduce special features in Switzerland for the elections

On the eve of the federal parliamentary elections on 20 October, Facebook is set to introduce features aimed to appeal to Swiss users of its social media platform.

25.09.2019 - Complete Revision of the Federal Act on Data Protection (FADP) goes to the Commission of the Council of States

Now that the National Council has treated the complete revision of the Federal Act on Data Protection (FADP) as first chamber of parliament, the FDPIC hopes that the second chamber will be able to schedule the debate in its winter session and improve the protection of the Swiss population by aligning it with European standards.

19.09.2019 - 4th Update concerning the Libra project

At a meeting with the FDPIC in Berne, Libra Association reiterates its commitment to develop a consistent data protection standard for the system.

30.08.2019 - Draft of new Data Protection Act to be debated in the National Council

Following its discussion of the Federal Council dispatch of 15 September 2017, the National Council’s political institutions committee decided on 16 August 2019 based on the casting vote of its president to remit the draft of the totally revised Data Protection Act to the plenary session of the National Council for debate.

30.08.2019 - Postfinance: no equal treatment for customers under the current law

In a letter dated 13 June 2019 in response to an enquiry from the FDPIC, Postfinance AG confirmed that their Swiss customers will still require to register an express objection if they do not wish their identity to be authenticated by voiceprint.

23.08.2019 - 3rd Update concerning the Libra project

The Libra Association sent the first part of the requested documents to the FDPIC on time.

06./08.08.2019 - 2nd Update concerning the Libra project

The British and other data protection authorities have published a joint statement demanding more openness from Libra promoters about the project.

29.07.2019 - 1st Update concerning the Libra project

The Libra Association has replied to the FDPIC's letter of 17 July and promised a prompt response to issues raised. It plans to meet the FDPIC in the coming weeks for talks.

18.06.2019 - 26th Annual Report

Switzerland must maintain its level of data protection.

28.01.2019 - Data Protection Day 2019

3 priorities for the Confederation and cantons: elections, police, OASI number

Webmaster
Last modification 18.09.2024

Top of page