Switzerland: Introduced revised Federal Data Protection Act

The Act to revise the Federal Data Protection Act (DPA) is introduced in the Swiss Parliament. Firstly, the revision establishes that data relating to legal entities will no longer be protected by the DPA. Data controllers are requested to disclose their identity and contact details, and the purpose of their data processing operations. The Act obliges data controllers to perform a data protection impact assessment for high-risk processing activities and to notify relevant data breaches to the Federal Data Protection and Information Commissioner (FDPIC). The DPA specifies the conditions to request data access and introduces a right to data portability. The Act introduces an information duty as regards decisions with legal consequences that are exclusively based on automated processing. Moreover, the Act restrict the use of data profiling to perform credit checks. Finally, the enforcement powers of the FDPIC are expanded by providing it the power to conduct investigations and to issue binding orders. At the same time, the range and entity of sanctions are increased.