24 June 2018 – In his latest yearly report, available in German and French with a summary and press release available in English, German, French and Italian, the FDPIC offers a survey of his activities and the new developments over the past year.

The FDPIC also took the opportunity to highlight his growing concerns with the increase in the use of mass surveillance tools for security purposes. In this context, he stresses the importance of preserving individual liberties and the necessity to enact proper federal legislation on police measures in the fight against terrorism.

Among others, the following points mentioned in the report are worthy of note:

• Digitalisation: the swift development of novel IT technologies has led to an increase in data processing activities. The FDPIC however considers in particular that this increase did not go hand in hand with sufficient developments in the field of data security and cybersecurity.
• Entry into force of the GDPR: whilst the GDPR entered into force on 25 May 2018, Switzerland has yet to finalize and enact its revised Swiss Federal Data Protection Act. Until then, there will be a transition period during which the FDPIC will have much weaker powers compared to his EU counterparts.
• Revision of the Swiss Federal Data Protection Act (FDPA): the FDPIC regrets the time taken to revise the FDPA, especially as the current legal landscape leads to various discrepancies with the GDPR. The FDPIC complains about various elements in the current draft of the revised FDPA, such as the absence of data portability and insufficiently dissuasive fines in cases of offenses against the draft revised FDPA (currently, in the draft, a maximum of CHF 250’000).
• Others: many other points have been discussed, ranging from matters concerning the use of electronic IDs, to data processing in next generation vehicles and public transportation means or through the use of smart TVs. Of note are also concerns of data processing in the employment field.

In general, we note that the past year has been particularly relevant in terms of data protection. On the one hand, the legal landscape has been evolving, and this process is still on-going. On the other hand, the technological landscape now relies on massive quantities of processed personal data and this is set to further increase in the years to come. Businesses must avoid lagging behind these developments, both legal and technological, and adapt their practices on a dynamic basis.