The Microsoft Office 2021 applications that are currently still run locally throughout the Federal Administration are to be replaced by the public cloud-based Microsoft 365 application. The FDPIC will provide supervisory support for the outsourcing project.
Elections and votes at all federal levels in Switzerland now take place in a digitalised world. Those involved in forming political opinion use the potential of digitalisation to specifically target their campaigns at voters. In this, voters’ rights to privacy and self-determination may come under considerable threat.
When the new Data Protection Act (FADP) comes into force on 1 September 2023, the procedure for registering data files with the FDPIC will undergo a change. From this date onwards, only federal bodies will have to report their data processing activities to the FDPIC.
In a lawsuit filed in the US on 19 August 2022 against Oracle America Inc., plaintiffs raise serious allegations of unlawful tracking of internet users.
In its latest report, the Global Privacy Assembly identifies credential stuffing as a growing threat to personal data. The related guidelines provide users with information on security measures that can be taken to protect against this threat.
In view of certain differences of legal opinion, the FDPIC is advising Suva to reconsider the decision to outsource its personal data processing to a cloud service operated by the US company Microsoft.
In its statement of 27 August 2021, the FDPIC recognises the standard contractual clauses for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (pursuant to Implementing Decision 2021/914/EU) as the basis for personal data transfers to a country without an adequate level of data protection, provided that the necessary adaptations and amendments are made for use under Swiss data protection law.
The FDPIC has issued the following memorandum to the US Securities and Exchange Commission (SEC) on the question of the lawfulness of the transfer of data from Swiss asset managers to the US supervisory authority
By offering the option of providing certificates in paper form, and creating an additional minimal data QR code for use in Switzerland, the Federal Council has dispelled key concerns raised by the Federal Data Protection and Information Commissioner (FDPIC).
Bis zum Inkrafttreten des neuen DSG werden Privatwirtschaft und Bundesbehörden ihre Bearbeitung von Personendaten an die neuen Bestimmungen anpassen müssen. Der Beauftragte hat hierzu die aus seiner Sicht wesentlichsten Neuerungen festgehalten und publiziert.
Für die Erfassung von Kontaktdaten für das Contact Tracing besteht eine gesetzliche Grundlage. Die Covid-19-Verordnung besondere Lage sieht vor, welche Daten zu welchem Zweck gesammelt werden dürfen.
Der Beauftragte ist mit dem Vorhaben des Bundesrates, Dokumente betreffend Preismodelle bei Arzneimitteln vom Öffentlichkeitsgesetz auszunehmen, nicht einverstanden.
Unter der Kurzbezeichnung «BAZG-Vollzugsaufgabengesetz» hat der Bundesrat die Vernehmlassung über ein Gesetzespaket eröffnet, mit dem er die rechtliche Grundlage für das Digitalisierungs- und Transformationsprogramm (DaziT) der Eidgenössischen Zollverwaltung schaffen will.
16.07.2020 - In its judgment of 16 July 2020 in Case C-311/18 Data Protection Commissioner v. Facebook Ireland Ltd and Maximilian Schrems, the Court of Justice annulled Decision 2016/1250 on the adequacy of the protection provided by the EU-US Privacy Shield.
After reviewing the NCSC report on Risk Estimation Proximity Tracing, the FDPIC has confirmed his assessment that the Swiss proximity tracing system operated by the Federal Office of Public Health and the SwissCovid app are data protection compliant.
The FDPIC supervises the implementation of the protection plans by private companies. He attaches importance to the fact that the procurement and transfer of personal data within the framework of these plans is voluntary.
Der EDÖB stellt in datenschutzrechtlicher Hinsicht Verbesserungen fest, namentlich aufgrund des dezentralen Ansatzes. Er wird bei der bevorstehenden Einführung weiter auf einen optimalen Datenschutz hinwirken.
Despite the rush with which business meetings, children’s ‘visits’ with their grandparents, or even parties have been moved online, we must not forget how important information security and data protection continue to be.
Am 21. März 2020 wurde der EDÖB von der École polytechnique fédérale de Lausanne (EPFL) gebeten, das Projekt für eine «Covid proximity tracing App», an welchem die EPFL mitwirkt, einer Grobbeurteilung zu unterziehen.
Der EDÖB hat unterdessen vom BAG wie auch von der Swisscom sachdienliche Dokumente dazu erhalten. Beide haben zudem zugesichert, den EDÖB künftig laufend über die datenschutzrelevanten Projekte zur Pandemiebekämpfung ins Bild zu setzen,
17.03.2020 - Insofar as private individuals (in particular employers) process personal data to combat the pandemic, the principles set out in Article 4 of the Federal Act on Data Protection must be respected.
In Ergänzung seiner Mitteilung zur Applikation Clearview präzisiert der EDÖB seine Haltung zur massenhaften Beschaffung und Weiterbearbeitung von Gesichtsdaten über das Internet.
Following the referendum held in the United Kingdom in June 2016, the British government announced its decision to withdraw from the European Union (Brexit). The United Kingdom will leave the EU on 31 January 2020.
