Sep 252020

The Swiss Parliament Agrees on the Draft Bill of a New Data Protection Act

William RM Long, Francesca Blythe and Sabrine Schnyder
, , , , , , ,

After three years of discussions and in a final debate, the Swiss parliament has agreed on the final draft bill of a new and modernized data protection law.

In particular, the National Council and the Council of States found a compromise on the these outstanding issues:

  • Definition of the term “profiling” (Article 4 (f) and (fbis) nDPA): The two chambers followed the suggestion of the Council of States to introduce “high risk profiling” in addition to normal “profiling”.
  • Express consent (Article 5(7) nDPA): In accordance with the compromise regarding profiling, express consent will be required for the processing of sensitive personal data as well as for profiling by a Federal authority and “high risk profiling,” as suggested by the Council of States.
  • Justifications in relation to the verification of the creditworthiness of a customer (Article 27(2)(c) nDPA):  According to Article 27(2)(c) nDPA, a violation of the data protection principles set out in the law may be justified if the data controller processes personal data in order to verify the creditworthiness of a customer and if certain conditions are met: (1) the data controller neither processes sensitive data, nor conducts a high risk profiling, (2) the data is only transferred to third parties if required for the conclusion or processing of the contract with the customer, and (3) the processed personal data does not go back more than 10 years (instead of 5 years as originally suggested by the Council of States and the Federal Council).

The Federal Council will set the date for the entry into force of the revised law.  That decision will depend on whether there will be a public vote, as the draft bill is subject to an optional referendum (the time limit for which is 100 days), as well as how fast the Federal Council can update the Ordonnance to the law (regulating some provisions in more detail).

This post is as of the posting date stated above. Sidley Austin LLP assumes no duty to update this post or post about any subsequent developments having a bearing on this post.

William RM Long

London

wlong@sidley.com

Francesca Blythe

London

fblythe@sidley.com

Sabrine Schnyder

sschnyder@sidley.com

You might also like
Schumer Framework May Forge U.S. Model on AI Governance

*This article first appeared on Law360 on September 5, 2023.

This summer, Senate Majority Leader Chuck Schumer proposed a distinctive new framework to develop a comprehensive artificial intelligence regulatory policy that is intended to be adamantly bipartisan and committed, as a first principle, to preserving innovation and intellectual property rights.

Regulatory Update: National Association of Insurance Commissioners Summer 2023 National Meeting

The National Association of Insurance Commissioners (NAIC) held its Summer 2023 National Meeting (Summer Meeting) from August 12–16, 2023. Highlights include continued development of accounting principles and investment limitations related to certain types of bonds and structured securities, continued discussion of considerations related to private equity ownership of insurers, a proposed model bulletin addressing the use of artificial intelligence by the insurance industry, and continued development of a new consumer privacy protections model law.

EU, U.S., and UK Regulatory Developments on the Use of Artificial Intelligence in the Drug Lifecycle

Globally, the rapid advancement of artificial intelligence (AI) and machine learning (ML) raises fundamental questions about how the technology can be used. Drug approval authorities are now also taking part in this discussion, resulting in emerging and evolving guidelines and principles for drug companies.