On 9 November 2016, the Swiss Federal Administrative Court (FAC) upheld legal provisions allowing for the retention of personal data by post and telecommunication services.
18. November 2016 – In its ruling (German version available here), the FAC rejected an appeal lodged by six members of the not-for-profit "Digitale Gesellschaft" (Digital Society, hereinafter "DG") who claimed that the provisions of the Federal Act on the Surveillance of Correspondence by Post and Telecommunications (ASCPT) violated their constitutional rights.
The ASCPT provides for the recording and conservation of so-called marginal data ("Randdaten" or "données secondaires") for a period of six months. This marginal data contains information pertaining to specific communications. Based on this data, it is not only possible to obtain the identity of the user of post or telecommunication services, but also the time of connections using telecommunication devices, the location (through mobile phone antennas for instance) and the duration of calls or connections. However, no content is being recorded.
The DG argued that the collection of this marginal data harmed their fundamental rights, especially in that it hinders the confidentiality of their communications. However, although the FAC recognised the substantial impact arising from the recording and conservation of data on the rights of the users, it deemed this to be lawful for several reasons. The FAC in particular considered that marginal data plays an essential role in the area of criminal law. Indeed, because of the information it provides, it can greatly facilitate the prosecution of many serious offences. Therefore, the FAC argued that the temporary recording of marginal data presented an overriding public interest, which should trump purely individual rights to privacy.
In comparing the public interests at play to the private interests of the DG, the FAC noted that the prevailing public interests were further strengthened and validated by the safeguards put in place by the Federal Data Protection Act (DPA) and its Ordinance (ODPA). According to the FAC, both of these statutes protect the users, in particular against unauthorised processing and further disclosure of their personal data.
We do wish to note that an appeal may still be lodged (at the time of writing) before the Swiss Federal Supreme Court. Hence, the ruling is not, as of yet, legally binding.
Furthermore, the ASCPT was recently revised – although the new version has not yet entered into force – and the FAC issued its ruling based on the prior version of the statute. The FAC did however address this issue and attempt to ensure that its ruling will not contradict the ASCPT in its new form. Therefore, the reach of this ruling should continue into the foreseeable future, provided no party appeals against it.