What are Switzerland's data protection laws?

by editorial staff2 june 2021

According to Lukas Morscher and Nadja Flühler of Lenz & Staehelin, as reported in Lexology, Switzerland has dedicated data protection laws. On the federal level the Federal Data Protection Act (DPA) of Switzerland of 19 June 1992, together with its Ordinance (DPO) of 14 June 1993, governs processing of what in Switzerland is called ‘personal data’ by private parties or federal bodies. Processing of PII by cantonal authorities (cantons are the Swiss states) is subject to state legislation. Additionally, several other Swiss federal laws contain provisions on data protection, especially laws that apply in regulated industries (such as financial markets and telecommunications), which further address the collection and processing of PII.

In the financial area, the Swiss Federal Code of Obligations (Code of Obligations) sets forth restrictions on the processing of employee data, and Ordinance 3 to the Swiss Federal Employment Act (Employment Act) limits the use of surveillance and control systems by the employer;

In telecommunications, the Swiss Federal Telecommunication Act (Telecommunication Act) regulates the use of cookies; the Swiss Federal Unfair Competition Act regulates unsolicited mass advertising by means of electronic communications such as email and text messages; communications statutory secrecy obligations, such as banking secrecy (set forth in the Swiss Federal Banking Act (Banking Act), securities dealer secrecy (set forth in the Swiss Federal Stock Exchange and Securities (Stock Exchange Act), financial market infrastructure secrecy (set forth in the Swiss Federal Act on Financial Market Infrastructures and Market Conduct in Securities and Derivatives Trading (the Financial Market Infrastructure Act) and telecommunications secrecy (set forth in the Telecommunication Act). All these apply to any such data stored or processed in Switzerland, in addition to the DPA;

Violations of the data protection principles are generally not criminally sanctioned. However, private persons are liable to a fine of up to 10,000 Swiss francs if they willfully: fail to provide information with regard to safeguards in the case of cross-border data transfers or fail to notify data collections or in so doing willfully provide false information; or provide the FDPIC with false information in the course of an investigation or refuse to cooperate.

In addition, the willful non-compliance with the following duties is, on complaint, punishable by a fine of up to 10,000 Swiss francs: the data subject’s right of access by refusing to allow access or by providing wrong or incomplete information; the duty to inform the data subject on the collection of sensitive PII or personality profiles;  and the duty of confidentiality of certain professionals to keep sensitive PII and personality profiles.

Schweizer Host offers shared and VPS hosting in Switzerland

Schweizer Host is subject to all laws and regulations of Switzerland and is in full compliance. Schweizer Host is the secure choice in web hosting and virtual private server hosting. Our infrastructure is located in Switzerland, as is our company, at two ultra-secure datacenters in the Zürich area.

Lupfig datacenter (ZH-2)

 10 000 m2 of data center space with independent data center modules
 Tier-IV-Level ISO 27001 certified
 24/7-monitoring 24/7-security personnel on-site with state-of-the-art biometric access control
 Completely independent power lines, 40 MW power from two separate substations
 Multiple diesel generators, 7 days autonomous power, redundant UPS systems
 Redundant cooling systems
 Energy efficiency of PUE 1.19
 ISO 50001 certified and compliant with ISAE 3402