Coronavirus protection plans
19.05.2020 - The FDPIC supervises the implementation of the protection plans by private companies. He attaches importance to the fact that the procurement and transfer of personal data within the framework of these plans is voluntary.
As part of the easing of measures to contain the corona pandemic, the Federal Council in Ordinance 2 on Measures to Combat the Coronavirus (COVID-19; SR 818.101.24) has made the resumption of activities and the re-opening of businesses and institutions conditional on the introduction of precautionary measures (s. FOPH's recommendations for the workplace and schools).
It is the responsibility of the businesses and institutions concerned to implement their own precautionary measures. Where this requires them to process the personal data of customers, members, employees, etc., this will be carried out under the FDPIC’s oversight. The FDPIC will seek to ensure that businesses and institutions respect the principles of the Federal Data Protection Act, in particular that of proportionality. Depending on the sector and the size of the business or institution, in-house legal and data protection advisers will also help to implement the precautionary measures in accordance with data protection law.
The FDPIC regards it as important the customers, etc., will be under no obligation to provide their personal data as part of the precautionary measures and that they cannot be indirectly compelled to provide data, e.g. by making the provision of goods and services dependent on doing so.
The FDPIC takes the view that using direct or indirect pressure to obtain and process data relating to customers, etc., constitutes an invasion of privacy and of a person’s autonomy over their own information. This is incompatible with the principle of proportionality, other than in the case of mandatory data processing requirements based on precisely defined principles of federal and cantonal public law.