Individuals' Rights to Privacy

In Switzerland, the protection of individual privacy, especially in the digital realm, is a paramount concern. This guide delves into the various aspects of privacy rights in Switzerland, detailing the legal framework, practical steps for safeguarding personal information, and recourse options available to individuals.

Understanding Swiss Privacy Laws

Switzerland's approach to privacy protection is both comprehensive and nuanced, with several laws and regulations in place.

Key Legal Frameworks

  1. Federal Act on Data Protection (FADP): The revised FADP, which came into force on September 1, 2023, is the cornerstone of Swiss privacy law. It outlines the principles of data processing, rights of individuals, and duties of data handlers. The revision significantly strengthened individual rights, introduced mandatory data breach notifications, and imposed stricter penalties for violations (fines up to CHF 250,000 for individuals).
  2. Ordinance to the Federal Act on Data Protection (OFADP): It provides detailed implementation guidelines for the FADP, including specifics on data processing, data protection impact assessments, and the duties of Data Protection Officers.
  3. International Alignment: Regular updates to these laws incorporate global best practices and align with international standards like the EU General Data Protection Regulation (GDPR). Switzerland's adequacy decision with the EU ensures that personal data can flow freely between Switzerland and EU/EEA countries.
  4. Swiss Criminal Code – Privacy Provisions: The Swiss Criminal Code (Art. 179bis–179novies) provides additional criminal law protections for privacy violations, including unauthorized recording, surveillance, and data theft.

Principles of Data Protection

  • Lawfulness: Data processing must have a lawful basis (consent, contract, legal obligation, or overriding interest).
  • Purpose Limitation: Data can only be used for the stated, legitimate purposes communicated to the data subject.
  • Proportionality: Collection of data should be limited to what is necessary for the stated purpose.
  • Data Security: Adequate technical and organizational measures must be in place to protect data.
  • Transparency (New under Revised FADP): Individuals must be informed about data collection, including the identity of the controller and the purpose of processing.
  • Rights of Data Subjects: This includes rights to information, access, rectification, deletion, data portability, and the right to object to automated individual decision-making.

Exercising Your Privacy Rights in Switzerland

1. Understanding Your Rights

  • Familiarize yourself with your rights under the revised FADP, including consent requirements and limitations on data processing.
  • Under the revised FADP, you have the right to request information about what data is held about you free of charge.
  • You have the right to data portability — receiving your data in a commonly used electronic format.
  • You have the right not to be subject to a decision based solely on automated processing (including AI profiling) that significantly affects you.

2. Asserting Your Rights

  • Direct Communication: Contact organizations holding your data for access, rectification, or deletion requests. Send your request in writing (email or letter) and include a copy of your ID for verification.
  • Documentation: Keep records of all communications, screenshots, and submitted requests. Note the date of each request — organizations must respond within 30 days under the revised FADP.
  • Templates and Guidance: Use available resources, such as templates from the FDPIC website (edoeb.admin.ch), to structure your requests effectively.

3. Navigating Non-Compliance

  • Contact the FDPIC: If an organization does not comply with your request within 30 days, contact the Swiss Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch for assistance and guidance.
  • Legal Action: Under the revised FADP, willful violations of data protection obligations can result in fines of up to CHF 250,000 for the responsible individual. In cases of significant non-compliance or data breaches, civil legal action through Swiss courts is a viable option.
  • Cross-Border Complaints: If your case involves an organization in an EU/EEA country, you may also file a complaint with the relevant EU Data Protection Authority under the GDPR.

Practical Steps for Protecting Online Privacy

Proactive Measures

  • Privacy Settings: Regularly review and adjust privacy settings on social media and other online platforms. Pay special attention to settings related to AI training data — many platforms now use your content to train AI models.
  • Secure Connections: Use VPNs (such as ProtonVPN, a Swiss-based service) and secure, encrypted connections, especially on public networks.
  • Awareness: Stay informed about common data collection practices, emerging privacy concerns, and new AI-related threats such as facial recognition and deepfakes.
  • AI Opt-Out: Check whether your data is being used to train AI models. Many platforms (including Google, Meta, and OpenAI) have opt-out mechanisms for AI training.

Digital Hygiene

  • Regular Audits: Periodically review your digital footprint, including old accounts and subscriptions. Use tools like JustDelete.Me or JustDeleteMe.xyz to find forgotten accounts.
  • Data Minimization: Share only necessary information online and avoid oversharing personal details. Be especially cautious with location data, real-time check-ins, and photos that reveal your daily routine.
  • Software Updates: Keep your devices and software updated to protect against security vulnerabilities.
  • Self-Search: Search for your own name regularly on Google, Bing, and social media to monitor what information is publicly available about you.

Navigating Privacy in the Workplace

  • Employer Policies: Understand your rights in relation to your employer's data collection and monitoring practices. Under Swiss law, employers must inform employees about workplace monitoring.
  • BYOD Policies: If using personal devices for work, be aware of any implications for your personal data. Ensure that work apps do not access your personal photos, contacts, or messages.
  • AI Tools at Work: Be cautious about workplace AI tools (e.g., Microsoft Copilot, ChatGPT Enterprise) that may process your communications or documents.

Privacy in Specific Contexts

  • E-Commerce: Be cautious when providing personal information for online purchases. Use virtual credit cards or services like Apple Pay to minimize data exposure.
  • Health Data: Special considerations apply to the handling of sensitive health-related data under the revised FADP. Health data is classified as 'sensitive personal data' and requires explicit consent for processing.
  • Genetic Data: The revised FADP includes specific provisions for profiling and automated decision-making based on genetic data.

AI and Privacy Rights New

The rise of artificial intelligence has created new challenges for individual privacy. Here is what you need to know:

  • AI companies like OpenAI, Google, and Meta scrape publicly available data — including personal information — to train their models. Under Swiss law, you may have grounds to request the removal of your data from training datasets.
  • Deepfake technology can create realistic fake images or videos of real people. If you are a victim of a deepfake, you can report it to Swiss police and request removal from platforms under their Terms of Service and applicable law.
  • Facial recognition tools like PimEyes and Clearview AI index faces from publicly available photos. You can request opt-out or deletion from these services.
  • Many platforms now allow you to opt out of having your content used for AI training. Check the privacy settings of every platform you use.

Swiss Resources and Contacts

  • Federal Data Protection and Information Commissioner (FDPIC): edoeb.admin.ch
  • Pro Juventute (youth helpline): Call 147 (free, 24/7) — for children and teens facing cyberbullying or online threats
  • Swiss National Cybersecurity Centre (NCSC): ncsc.admin.ch — for reporting cyber incidents
  • Swiss police cybercrime units: Contact your cantonal police for criminal matters
  • Victim support services (Opferhilfe): opferhilfe-schweiz.ch — for victims of crimes including online harassment

In Switzerland, respecting and protecting individual privacy rights is not just a legal mandate but also a societal norm. By understanding these rights and the ways to exercise them, individuals can take proactive steps to safeguard their personal information in an increasingly digital and AI-driven world.

For further information and detailed assistance, individuals are encouraged to consult the resources provided by the Swiss Federal Data Protection and Information Commissioner's website and seek legal advice when necessary.