Part 2 of our series on data protection law in Switzerland
In this second part of our series on data protection in Switzerland, we analyse the definition of personal data under the Swiss Federal Act on Data Protection (FADP) and elaborate why context matters when determining whether data is identifiable.
Definition of personal data
Under Art. 5(a) FADP, personal data is defined as "any information relating to an identified or identifiable natural person".
While the term "identified" is in general unambiguous, the "relative approach" is maintained regarding identifiability. According to the Federal Council Dispatch on the Federal Act on the complete revision of the Federal Act on Data Protection and the modification of other federal enactments1, the mere theoretical possibility to identify a person is, as under current law, not sufficient to presume that a person is identifiable. The Federal Council already stipulated in its Dispatch to the FADP of 19882 that no identifiability is given if "the effort necessary to identify a data subject is so great that, according to general life experience, it cannot be expected that any interested person should undertake such effort". "It must rather be considered what means can be reasonably employed to identify a person and be determined whether the employment of such means is reasonable under the given circumstances, for instance in terms of time and cost. In doing so, the technologies available at the time of processing and their further development must be considered. The law does not apply to anonymised data, if a re-identification by third parties is impossible (the data has been completely and irreversibly anonymised) or if a re-identification would only be possible with a great effort that no interested person would undertake. The same applies to pseudonymised data". 3
Court ruling on pseudonymisation
In a ruling published in September 2021, the Commercial Court of Zurich decided that pseudonymised data is quasi-anonymous for those who cannot assign the pseudonymised data to a specific person. In doing so, the court took a relative approach – the decisive factor is whether a person can be determined from the perspective of the data recipient. The court also expressly stated that there is no data transfer if the personal data is anonymised or pseudonymised before it is disclosed abroad in such a way that its recipient abroad can no longer identify the data subject.
Context and effort: When is data identifiable personal data?
What level of effort is needed and reasonable to identify a person must be determined on a case-by-case basis, considering the entirety of the information and the technical means available to the interested party as well as its interest in identifying the person. This means that identifiability not only depends on the available data itself, but also on who is using this data to identify the person it relates to. It further may evolve over time with technological advancement, especially in the context of big data analysis and the combination of data, and must therefore be re-assessed regularly during the whole period of data processing.
Preview on part 3
In part 3 of our series, we will examine the principles of personal data processing under the FADP.
Footnotes
1 BBl 2017 7019
2 BBl 1988 II 444
3 BBl 2017 7019 (translated from the German text)
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.