The History of Data Protection in Switzerland

The initial moves towards the introduction of data protection legislation in Switzerland were made between 1971 and 1977, parallel to legislative activities in Europe and overseas. Based on the work of two commissions of experts, the Federal Council (Swiss government) in 1984 submitted draft legislation for the usual consultation procedure. While some fundamental principles were well received, many interested parties and organisations (including employers' and industrial organisations) criticised the regulation of private and public activities in a single act of Parliament. A further complaint was that the draft legislation was unduly complicated and bureaucratic. There was also criticism of the plan to create an independent data commission (instead of a data ombudsman).

In March 1988, having taken into account some of these comments, the Federal Council proposed a bill for a Federal Act on Data Protection (FADP) to Parliament. The new Act was approved by both chambers on 19 June 1992. Under Swiss law, the new legislation could have been submitted to the Swiss people for a referendum. However, the term for requesting a popular vote expired on 28 September 1992 and the FADP came into force on 1 July 1993. At the same time, the implementing ordinance came into force.

In 2003, the Swiss Federal Parliament began consultations about a revision of the FADP; the modifications as well as a federal decree were adopted on 24 March 2006.

The revised law strengthens the position of data subjects by requiring greater transparency in the processing of personal data. In particular, it introduces a duty of information towards data subjects when collecting personal data that are either especially sensitive or concern a personality profile. New rules also apply to the cross-border transfer of data. As a result, it is no longer necessary to report the transmission of data files that are sent outside Switzerland. Provisions relating to the notification of data files have been adapted to the new transparency requirements. A new and innovative provision introduces the possibility of obtaining the certification of personal data processing products and systems, and encourages the owners of data sets to designate a data protection officer. Last, but not least, the Swiss Federal Data Protection and Information Commissioner (FDPIC) is empowered to appeal any order of the Federal Chancellery or of the Departments (Ministries) if a recommendation he has made is rejected.

These changes are effective since 1st January 2008.