4th Update concerning the Libra project
19.09.2019 - At a meeting with the FDPIC in Berne, Libra Association reiterates its commitment to develop a consistent data protection standard for the system. The association will involve the FDPIC in its ongoing development work at an early stage in order to comply with data protection requirements from the outset.
After the Libra Association had provided supplementary information on the Libra project in due time, a personal meeting between the FDPIC and representatives of the Libra Association took place in Berne on 17 September 2019.
The Libra Association reiterated its commitment to develop a consistent data protection standard for the system. This is in line with the position of the FDPIC, who thereby wants to achieve a high level of protection for the personal data of the users.
The Libra Association will involve the FDPIC in its ongoing development work at an early stage in order to comply with data protection requirements from the outset (privacy by design). The association will carry out a risk impact assessment and implement measures necessary for a consistent data protection standard, including necessary organizational measures like the creation of a data protection office.
Draft of new Data Protection Act to be debated in the National Council
30.08.2019 - Following its discussion of the Federal Council dispatch of 15 September 2017, the National Council’s political institutions committee decided on 16 August 2019 based on the casting vote of its president to remit the draft of the totally revised Data Protection Act to the plenary session of the National Council for debate.
The proposal made to the National Council contains several provisions which, in the version approved by a majority of the committee, would lead to a lower level of data protection for the Swiss population than in neighbouring European countries and to a partial reduction in the level of data protection afforded by the current Data Protection Act of 1992.
In its public debate on 24 and 25 September, the National Council will have the opportunity to compare the respective drafts of the committee’s majority and minority and to decide whether it wishes to improve the level of protection given to the Swiss population and adapt to European standards.
The summary with the requests of the Political Institutions Committee of the National Council for the revision of the Federal Data Protection Act has been published.
Postfinance: no equal treatment for customers under the current law
30.08.2019 - In a letter dated 13 June 2019 in response to an enquiry from the FDPIC, Postfinance AG confirmed that their Swiss customers will still require to register an express objection if they do not wish their identity to be authenticated by voiceprint. In contrast, Postfinance makes authentication by voiceprint for foreign customers subject to their express consent. This unequal treatment, which the FDPIC has publicly criticised, (see the report on SRF’s 10vor10 programme on 20.5.2019) is set to continue.
In its response to the FDPIC, Postfinance AG maintained that this difference in treatment is due to differences in the requirements of Swiss and foreign law, and that the adoption of foreign law to cover domestic circumstances is a political matter reserved to parliament. Postfinance AG will therefore continue to treat Swiss customers differently for as long as Swiss data protection law is not brought in line with EU law.
3rd Update concerning the Libra project
23.08.2019 -The Libra Association sent the first part of the requested documents to the FDPIC on time. Further documents and explanatory information will follow in the coming weeks.
These submissions will serve as a basis for the FDPIC's determination of its competences and the planning of future activities. In due course, the FDPIC will inform the public of the outcome of his examination of competence and of any further steps he may take.
The FDPIC will attend the forthcoming meeting with the U.S. House Committee on Financial Services and personally serve it with this information.
2nd Update concerning the Libra project
06./08.08.2019 - The British and other data protection authorities have published a joint statement demanding more openness from Libra promoters about the project. The FDPIC stays in contact with the European Data Protection Board (EDPB) and the International Conference of Data Protection and Privacy Commissioners (ICDPPC).
The FDPIC is affected as all other Data Protection Authorities (DPAs) by the Libra project and its global network and therefore eager to support the global community of DPAs in their joint efforts to protect the people. The FDPIC thus stays in contact with the EDPB and the ICDPPC.
On the other hand, the FDPIC as the DPA at the Swiss headquarters of the Geneva based Libra Association has to exercise his legal tasks. In this latter role the FDPIC initiated an official proceeding focused on the evaluation of his competence with regard to the Geneva based association, which in the meantime appointed a Swiss law firm and declared its readiness to deliver more detailed information on the project, as requested in the FDPIC’s letter of 17 July 2019. The FDPIC will thus first analyse upon receipt the promised information and assess the extent to which his advisory competences and supervisory powers would apply, before joining any statements or commenting on the Libra project and its network as a whole.
1st Update concerning the Libra project
29.07.2019 - The Libra Association has replied to the FDPIC's letter of 17 July and promised a prompt response to issues raised. It plans to meet the FDPIC in the coming weeks for talks. The FDPIC will issue a press release on the next steps as soon as he has analysed the information received and gained an overview of the current status of the project.
Link to the media release of 23 July 2019
26th Annual Report: Switzerland must maintain its level of data protection
18.06.2019 - The FDPIC expects that the Federal Council and Parliament will continue to guarantee the Swiss population a level of data protection that is in line with its European neighbours by signing the Council of Europe Convention 108 in the near future and swiftly bringing to a close the complete revision of the Data Protection Act.
Link to the media release
Data Protection Day 2019 - 3 priorities for the Confederation and cantons: elections, police, OASI number
28.01.2019 - Federal and cantonal data protection authorities' press release:
25th Annual Report: Freedom before security
25.06.2018 - Monitoring major digital projects has once again been the focus activity for the FDPIC. The E-ID Act as the basis for using a SwissID, the risk report on using the OASI number as a univer-sal personal identifier or the conditions that must be met by e-ticketing or public transport apps underline this prioritisation. As a supervisory authority, the Commissioner had to intervene to prevent the processing of data on compulsory health insurance and had to deal with data leaks at several large companies. As the Freedom of Information Commissioner, the FDPIC succeeded in achieving a substantial increase in the efficiency of his arbitration procedures and welcomed the National Council’s unanimous commitment to guaranteeing transparency in connection with public procurement – thus ensuring that the principle of freedom of information does not become a farce.
Selection of arbitrators for the Data Protection Arbitration Panel under the Swiss-U.S. Privacy Shield - First call for Interest
Deadline: April 30, 2018
06.04.2018 - According to Swiss law, personal data transmitted to the USA must be subject to an appropriate level of data protection. The Swiss-U.S. Privacy Shield serves this purpose. Thanks to this new legal framework, personal data can be transferred from Switzerland to a company in the USA, provided that the US company complies with a set of data protection rules and safeguards. This protection that is given to personal data applies to everyone who is resident in Switzerland. For this mechanism to become operational, a list up to five arbitrators must be agreed between the Swiss administration and the DOC. In the event of a dispute, the parties may select the arbitral tribunal from the arbitration pool developed under the EU-U.S. Privacy Shield which has been supplemented by the pool developed under the Swiss-U.S. Privacy Shield. The call for interest has been published in the U.S. Federal Register and can be accessed under the following link: https://www.federalregister.gov/documents/2018/04/02/2018-06737/swiss-us-privacy-shield-invitation-for-applications-for-inclusion-on-the-supplemental-list-of
The deadline for applications is April 30, 2018. They must be submitted to David Ritchie at the U.S. Department of Commerce, either by email at email@example.com or by fax at: 202-482-5522.
Dispatch concerning the revision of the Data Protection Act: the FDPIC's general assessment
15.09.2017 - The rapid development of information and telecommunications technology and the related digitalisation of society have required the Council of Europe and the European Union to further develop their data protection legislation, and have now necessitated the complete revision of the Federal Data Protection Act, which originally came into force in 1993. The draft act prepared by the Federal Council has the aim of increasing the protection of data by improving the transparency of data processing and increasing the options that data subjects have to control their own data. In addition, the revision of the Act should ensure consistency between the level of data protection in Switzerland and that in the EU. Having a level of data protection that is comparable with that in EU states is particularly important for Swiss businesses, especially because the new EU General Data Protection Regulation (EU-GDPR), which comes into force at the end of May 2018, will have a direct effect on many Swiss enterprises.
Guide to the Swiss-US Privacy Shield
22.08.17 - The FDPIC has elaborated a practical brochure to the Swiss-US Privacy Shield. It provides information on the company's obligations and the rights of persons whose data is processed as well as how they can complain.
Swiss-US Privacy Shield Guide (PDF, 171 kB, 06.12.2017)
Transfer of data to the USA
Annual report 2016/2017
26.06.2017 - The Federal Data Protection and Information Commissioner presents his new annual report for the period from 1st of April 2016 to 31st March 2017.
Media release FDPIC annual conference 2017 (PDF, 152 kB, 26.06.2017)
Summary Annual report 2016/2017 (PDF, 35 kB, 26.06.2017)
Last modification 19.09.2019