What laws apply to the collection and use of individuals’ personal information?
Data privacy laws have become more prominent in recent years. As the amount of personal information available online has grown substantially, there has been an enhanced focus on the processing of personal data, as well as the enforcement of such laws.
Although Switzerland is not in the EU or the European Economic Area (EEA), it does have laws that are closely based on EU law and similar principles are applicable.
Under Swiss law, the processing of personal data is essentially governed by the Swiss Federal Act on Data Protection (DPA) and the Swiss Federal Ordinance to the Federal Act on Data Protection (ODPA). Swiss data protection law is currently under revision and will undergo substantial changes (mostly in approximation of the future European Data Protection Regulation - GDPR). The consulting process of the preliminary draft legislation was concluded in April 2017. The draft legislation was released in September 2017 and, as of early 2020, is being reconciled by the chambers of parliament. Entry in to force is unlikely in 2020.
The authority responsible for enforcement of data privacy law and regulations in Switzerland is the following:
The Federal Data Protection and Information Commissioner (FDPIC) supervises and advises state authorities and private bodies with regard to the compliance with the data protection regulations. The data protection laws are enforceable through the ordinary courts in Switzerland.