Revision of the Data Protection Act: Threatening for SMEs?
The digital transformation and the revision of the Data Protection Act (DPA) are moving the national economy. The Federal Council is examining new regulatory measures to safeguard jobs and prosperity. However, domestic SMEs also see negative trends, in particular the numerous tightenings against EU requirements. The revision of the DPA and various legal adjustments could put domestic SMEs under pressure.
On the controversial revision of the DPA, "KS Kommunikation Schweiz", the umbrella association for commercial communication, takes a similar position to other Swiss associations. KS emphasizes that it is of existential importance for every company in Switzerland to be able to communicate as effectively as possible with its current and potential customers, with suppliers and other partners.
"Since we know that we cannot not communicate, communication is, so to speak, the oxygen of economic activity for companies", says Filippo Lombardi, CVP President and Member of the Council of States, and entrepreneur. - The Data Protection Act is therefore of existential importance not only for consumers, but also for all companies, particularly in the area of digital communication.
Federal Council calls for a framework
The Federal Council has recognised this and stated in its report "Framework conditions for the digital economy" of 11 January 2017: "The digital transformation offers great opportunities for the Swiss economy. The Federal Council intends to exploit these to secure jobs and prosperity." This commitment is diametrically opposed in numerous areas by the draft for the new data protection law and in particular the so-called "Swiss Finish".
If the DPA were implemented as proposed, the Swiss economy and especially domestic SMEs would be at a locational disadvantage. For this reason, "KS/CS Kommunikation Schweiz" rejects the draft and calls for the Data Protection Act to be revised only to the extent that international requirements make it mandatory.
"Swiss Finish" too strict
The umbrella organisation for commercial communication strictly rejects any "Swiss Finish" going beyond this (in the present draft, for example, particularly serious in the area of "profiling" and "sanctions system"). ICTswitzerland, the umbrella organisation of associations as well as provider and user companies of information and communication technologies, in collaboration with the cross-industry "Data Protection Working Group" of economiesuisse, has also identified a need for adjustments to the federal government's preliminary draft.
From the point of view of the ICT industry, the following adaptation requirements are particularly central:
- The information and reporting obligations go far too far. They should be substantially reduced. In particular, the excessive reporting obligations to the Federal Data Protection and Information Commissioner (FDPIC) should be limited to breaches with serious consequences.
- The sanctions system provides for criminal sanctions against employees of up to CHF 500,000. This is neither proportionate nor effective. The focus should be on administrative penalties against companies, unless the employees have acted intentionally. A catalogue of penalties that goes beyond EU standards should be rejected.
- In line with Switzerland's successful tradition, more sensible self-regulation by companies is called for. For example, it is imperative that recommendations of good practice come from (industry) associations and not from the FDPIC on its own initiative. In addition, a company data protection officer should be introduced into the Data Protection Act on a voluntary basis, with corresponding simplifications for companies.
- Equipping the FDPIC with powers of investigation and now also powers of disposal is a delicate matter. A clear separation of competences is advisable.
You can find out more about the 2nd revision of the Federal Act on Data Protection (FADP) at this Link
