The Federal Data Protection and Information Commissioner (FDPIC) attended the 46. Global Privacy Assembly, which took place from 28 October to 1 November in Jersey.
The existing explanations on data processing in clubs and associations have been comprehensively supplemented with frequently asked questions and important innovations under the new Data Protection Act.
Online access to personal data can cause serious prejudice to the fundamental rights of the data subjects concerned. Federal authorities must therefore plan such access in good time in accordance with the FADP and justify it to their political overseers.
Data Protection Commissioner welcomes public debate on the inter-cantonal agreement on the exchange of data between police corps and the planned involvement of the federal government.
To mark International Data Protection Day, experts will be discussing the topic of ‘Data protection and vulnerability’ at the University of Lausanne on 26 January.
The FDPIC recommends the deferral of access until the PInC has completed its work if the disclosure could significantly harm the free opinion-forming and decision-making process of the PInC.
The FDPIC hosted the European Case Handling Workshop in Bern from 8 to 9 November 2023, under the aegis of the Conference of European Data Protection Authorities.
As the only legally binding international instrument for the protection of personal data, Convention 108 plays a crucial role in promoting the right to privacy worldwide.
Under the new Data Protection Act, there is an obligation for federal bodies and private individuals to prepare a DPIA if the planned data processing entails a high risk for the personality or fundamental rights of the data subjects.
The FDPIC, acting with nine other national data protection authorities, has published a joint statement to social media platform operators on the protection of personal data against data scraping.
The factsheet is designed to provide a brief overview of the investigation. It summarises the in-depth interpretations of the FDPIC on Articles 49-53 FADP.
In view of the entry into force of the revised Data Protection Act, the FDPIC is completing its reporting portals with the online registration of Data Protection Officers.
Switzerland is also engaged in discussions on a Swiss-U.S. Data Privacy Framework). Under the new FADP it will be the responsibility of the Federal Council to decide on the adequacy of states.
The FDPIC has updated the content of its website ahead of the new Data Protection Act coming into force on 1 September 2023. At the same time, the ‘DataBreach Portal’ for reporting security vulnerabilities is available.
The exclusion of citizens' rights of access guaranteed by the Freedom of Information Act by way of an emergency ordinance raises fundamental legal issues.
Nach dem Verbot von ChatGPT in Italien rät der EDÖB Nutzerinnen und Nutzern zu einem bewussten Umgang mit KI-gestützten Anwendungen und erinnert Unternehmen an ihre Pflichten.
The Microsoft Office 2021 applications that are currently still run locally throughout the Federal Administration are to be replaced by the public cloud-based Microsoft 365 application.
Elections and votes at all federal levels in Switzerland now take place in a digitalised world. Those involved in forming political opinion use the potential of digitalisation to specifically target their campaigns at voters. In this, voters’ rights to privacy and self-determination may come under considerable threat.
Gemäss News-Meldungen werden rund 550 Mio. Nutzerdaten des Messengerdienstes WhatsApp im Darknet zum Kauf angeboten, davon betroffen seien 1.5 Mio. Schweizer Nutzerinnen und Nutzer.
Katar verlangt von den Gästen der Fussball-WM für die Einreise die Installation der beiden Apps «Ehteraz» und «Hayya to Qatar 2022». Nach Einschätzung des EDÖB weisen beide Applikationen erhebliche datenschutzrechtliche Risiken auf.
When the new Data Protection Act (FADP) comes into force on 1 September 2023, the procedure for registering data files with the FDPIC will undergo a change. From this date onwards, only federal bodies will have to report their data processing activities to the FDPIC.
In a lawsuit filed in the US on 19 August 2022 against Oracle America Inc., plaintiffs raise serious allegations of unlawful tracking of internet users.
In its latest report, the Global Privacy Assembly identifies credential stuffing as a growing threat to personal data. The related guidelines provide users with information on security measures that can be taken to protect against this threat.
In view of certain differences of legal opinion, the FDPIC is advising Suva to reconsider the decision to outsource its personal data processing to a cloud service operated by the US company Microsoft.
Gestern wurde bekannt, dass Hacker mehreren Arztpraxen in der Romandie Patientendossiers entwendet und eine grosse Menge medizinischer Daten im Darknet publiziert haben.
Anfang Mai hat der Schweizer Schiesssportverband (SSV) über 50'000 lizenzierten Schützinnen und Schützen einen neuen Mitgliederausweis mit Kreditkartenfunktion verschickt.
Die Stiftung meineimpfungen hat am Freitag, 04.11.2021 damit begonnen, den Nutzerinnen und Nutzern der Plattform deren Impfdaten als Anhang einer unverschlüsselten E-Mail zukommen zu lassen.
Der EDÖB hat die Entwicklung des Covid-Zertifikats begleitet und darauf hingewirkt, dass dieses Zertifikat datenschutzkonform ausgestaltet wurde. Er begrüsst, dass der Nachweis jetzt ausschliesslich durch das Covid-Zertifikat erbracht werden muss und nicht auf beliebig andere Nachweise abgestellt wird.
In der Sachverhaltsabklärung betreffend die Plattform meineimpfungen.ch hat der EDÖB der Stiftung meineimpfungen Ende Juli 2021 seinen Schlussbericht zugestellt. Darin hat er drei Empfehlungen formuliert.
In its statement of 27 August 2021, the FDPIC recognises the standard contractual clauses for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (pursuant to Implementing Decision 2021/914/EU) as the basis for personal data transfers to a country without an adequate level of data protection, provided that the necessary adaptations and amendments are made for use under Swiss data protection law.
The FDPIC has issued the following memorandum to the US Securities and Exchange Commission (SEC) on the question of the lawfulness of the transfer of data from Swiss asset managers to the US supervisory authority
19.07.2021 - Mit der neusten Version der «COVID Certificate»-App, kann auf einfache Weise ein datenschutzfreundliches Zertifikat Light generiert werden.
Nach dem der Bundesrat dem EDÖB mit Blick auf das im 2. Semester 2022 vorgesehene Inkrafttreten des neuen Bundesgesetzes über den Datenschutz (DSG) im Jahr 2019 die Schaffung von drei, vom EDÖB inzwischen rekrutierten Stellen genehmigte, hat er nun fünf weitere Stellen bewilligt.
Nachdem die gemeinsame Rechtsvertretung der Betreiber von SocialPass das Mandat beendet hat, droht sich das hängige Aufsichtsverfahren zeitlich erneut zu verzögern.
By offering the option of providing certificates in paper form, and creating an additional minimal data QR code for use in Switzerland, the Federal Council has dispelled key concerns raised by the Federal Data Protection and Information Commissioner (FDPIC).
Der EDÖB wirkt in einer vom BAG eingesetzte Projektgruppe im Hinblick auf die Umsetzung eines Covid-19-Zertifikats auf datenschutzkonforme Ausgestaltung des Nachweises hin. Die Forderungen des EDÖB decken sich im Wesentlichen auch mit der Stellungnahme des Europäischen Datenschutzausschusses und des Europäischen Datenschutzbeauftragten zum Verordnungsentwurf zum «Grünen Pass» der EU.
LinkedIn ist Opfer eines massiven Abflusses von Personendaten geworden. Wie die Website Cybernews berichtet, stehen die Daten von 500 Millionen Nutzern des professionellen sozialen Netzwerks auf einem spezialisierten Forum zum Verkauf.
Bis zum Inkrafttreten des neuen DSG werden Privatwirtschaft und Bundesbehörden ihre Bearbeitung von Personendaten an die neuen Bestimmungen anpassen müssen. Der Beauftragte hat hierzu die aus seiner Sicht wesentlichsten Neuerungen festgehalten und publiziert.
Bei der Bekämpfung der Covid-Pandemie kommen zunehmend digitale Applikationen zum Einsatz, die auf Smartphones installiert werden, auf denen sich meist umfangreiche Spuren der digitalen Lebensführung ihrer Besitzer befinden. So die vom Bund lancierte SwissCovid App oder sogenannte «Tracing Apps», welche von Privaten angeboten werden und das Contact Tracing in den Kantonen erleichtern sollen.
16.07.2020 - In its judgment of 16 July 2020 in Case C-311/18 Data Protection Commissioner v. Facebook Ireland Ltd and Maximilian Schrems, the Court of Justice annulled Decision 2016/1250 on the adequacy of the protection provided by the EU-US Privacy Shield.
After reviewing the NCSC report on Risk Estimation Proximity Tracing, the FDPIC has confirmed his assessment that the Swiss proximity tracing system operated by the Federal Office of Public Health and the SwissCovid app are data protection compliant.
The FDPIC supervises the implementation of the protection plans by private companies. He attaches importance to the fact that the procurement and transfer of personal data within the framework of these plans is voluntary.
Despite the rush with which business meetings, children’s ‘visits’ with their grandparents, or even parties have been moved online, we must not forget how important information security and data protection continue to be.
17.03.2020 - Insofar as private individuals (in particular employers) process personal data to combat the pandemic, the principles set out in Article 4 of the Federal Act on Data Protection must be respected.
Following the referendum held in the United Kingdom in June 2016, the British government announced its decision to withdraw from the European Union (Brexit). The United Kingdom will leave the EU on 31 January 2020.
The FDPIC welcomes the fact that the Council of States has debatted the totally revised DPA and has adopted most of the improvements proposed by its Commission in comparison to the National Council version.
The FDPIC welcomes the fact that, within the short time available up to the end of the session, the Political Institutions Committees of the Council of States (PIC-S) has succeeded in adopting a legislative text for the attention of the Plenum of the Council of States that is ready for consultation and significantly improved on the version of the National Council.
On the eve of the federal parliamentary elections on 20 October, Facebook is set to introduce features aimed to appeal to Swiss users of its social media platform.
Now that the National Council has treated the complete revision of the Federal Act on Data Protection (FADP) as first chamber of parliament, the FDPIC hopes that the second chamber will be able to schedule the debate in its winter session and improve the protection of the Swiss population by aligning it with European standards.
Following its discussion of the Federal Council dispatch of 15 September 2017, the National Council’s political institutions committee decided on 16 August 2019 based on the casting vote of its president to remit the draft of the totally revised Data Protection Act to the plenary session of the National Council for debate.
In a letter dated 13 June 2019 in response to an enquiry from the FDPIC, Postfinance AG confirmed that their Swiss customers will still require to register an express objection if they do not wish their identity to be authenticated by voiceprint.
The Libra Association has replied to the FDPIC's letter of 17 July and promised a prompt response to issues raised. It plans to meet the FDPIC in the coming weeks for talks.
