Switzerland stands at the forefront of several nations endorsing and bolstering data protection. While the digital era has drastically transformed the way data is collected and shared, keeping it properly protected remains a priority across borders.
Switzerland’s response to this challenge? The new Federal Act on Data Protection (nFADP). This law—hailed as a vital step towards fortifying data privacy in Switzerland—carries with it the essence of European standards while integrating them with Switzerland’s unique socio-political landscape.
FADP: A Journey from 1992 to 2023
Data protection isn’t a fresh concept for the Swiss. Back in 1992, Switzerland established its first Federal Act on Data Protection (FADP). However, given the rapid technological progress, it became increasingly clear that the older act was growing somewhat antiquated.
Partial updates in 2009 and 2019 aimed to bridge some of these gaps, but a comprehensive overhaul soon became a primary concern.
It was in the Parliament’s 2020 fall session that the nFADP was ratified, with an aim to provide Swiss citizens with robust rights regarding their personal data. The alignment of nFADP with the renowned European General Data Protection Regulation (GDPR) showcases Switzerland’s commitment to maintaining seamless data flow between its territories and the European Union.
GDPR vs. FADP: A Comparative Glance
So, why does Switzerland (which is not a member of the European Economic Area, or EEA) seek alignment with GDPR?
The answer lies in the intertwined economies and the increasing digitization of cross-border businesses. Many Swiss-based companies have clientele in the EU. Thus, maintaining GDPR-compliance becomes crucial, not just for business continuity but also for safeguarding the trust of European consumers.
Yet, the nFADP isn’t a mere replica of the GDPR. While both share foundational principles, nFADP is uniquely tailored to Switzerland’s national context.
A significant difference is the enforcement mechanism. Unlike the European counterparts, Switzerland’s Federal Data Protection and Information Commissioner (FDPIC) cannot levy direct fines. Instead, regional prosecution authorities play this role for local accountability.
Nitty-Gritties of Personal Data
At the core of the nFADP is the objective to protect ‘personal data’. But what does that include?
Simply put, it’s any detail that can pinpoint an individual’s identity—be it a full name, address, workplace, or even a phone number. But there’s more. A subset termed ‘sensitive personal data’ goes even deeper, covering facets like one’s beliefs, health, racial background, and criminal records.
Whom and Where Does nFADP Govern?
If you’re a private entity or a federal body processing the personal data of Swiss residents, nFADP is your playbook, even if the data processing occurs outside Swiss borders. However, the nFADP isn’t ubiquitous: It excludes personal data processed for some parliamentary activities and specific judicial processes.
Unraveling the Principles
The nFADP is built on a bedrock of principles that guide data processing. These principles include:
And then there’s the matter of ‘consent’, which stands as a linchpin in the data processing world. It should be informed, explicit, and specific, especially when handling sensitive personal data or high-risk profiling.
Rights of the Individuals
The nFADP is, above all, a citizen-centric law. It arms Swiss individuals with several rights:
But, these rights aren’t unbridled. For instance, the media has certain privileges to restrict data access if it jeopardizes journalistic integrity.
Infringements and Repercussions
Individuals violating nFADP’s provisions can face fines scaling up to CHF 250,000. In certain scenarios, companies can face penalties up to CHF 50,000.
Data Controllers and Processors
Data controllers and processors aren’t left out. They need to be transparent in their data collection, conduct data impact assessments, and report breaches promptly.
A Comprehensive Compliance Checklist
To ensure alignment with nFADP:
The new FADP is more than just a law. It’s Switzerland’s commitment to its citizens and by aligning with global standards and emphasizing transparency, the FADP is set to bolster the nation’s reputation as a leader in data privacy.