EPIC --- Privacy and Human Rights Report
|Title Page Previous Next Contents | Country Reports >Swiss Confederation (Switzerland)|
Article 36(4) of the 1874 Constitution guaranteed, "[t]he inviolability of the secrecy of letters and telegrams." This constitution was repealed and replaced by public referendum in April 1999. The new constitution, which entered into force on January 1, 2000, greatly expanded the older privacy protection provision. Article 13 of the new constitution states: "All persons have the right to the respect of their private and family life, home, mail and telecommunications. All persons have the right to be protected against abuse of their personal data."
The Federal Data Protection Act of 1992 (Loi fédérale sur la protection des données or LPD) regulates personal information held by federal government and private bodies. The act requires that information be legally and fairly collected and places limits on its use and disclosure to third parties. Federal agencies must register their databases. Private companies must register if they regularly process sensitive data or transfer the data to third parties. Transfers to other nations must be registered and the recipient nation must have adequate data protection laws. Individuals have a right of access to correct inaccurate information. There are criminal penalties for violations. In March 2006, the Federal Parliament adopted major revisions to the LPD; the revisions are expected to come into force towards the end of the summer of 2007.
Revisions to the LPD include: elimination of the possibility of justifying a violation of the principles on the basis of an overriding private or public interest; requirement that processors of sensitive data actively notify data subjects; further requirements for controllers to ensure that third party processors have adequate security in place; and restriction on the methods of ensuring adequate data protection in transfers to third countries.
Almost each of the 26 Swiss Cantons (states) has a separate data protection law and its own data protection commissioner. However, as some cantons are small, some data protection commissioners are employed only by 10 percent of their working time for this purpose. In order to exchange opinions and collaborate, the cantonal data protection officers founded the association "PRIVATIM” (formerly DSB+CPD.CH) in March 2000. PRIVATIM created a working group to address questions regarding health privacy, and in June 2007, published a brochure on the rights of individuals concerning their medical data privacy.
In June 1999, the European Union Data Protection Working Party determined that Swiss law was adequate under the European Union Directive. In July 2000, the European Commission formally adopted this position, thereby approving all future personal data transfers to Switzerland. On October 20, 2004, the Commission of the European Union confirmed this approval. However, as long as the revision of the Data Protection Law is pending, Switzerland cannot formally ratify the Data Protection Protocol of the European Council.
Besides the Data Protection Act, there are also legal protections for privacy in the Civil Code and the Penal Code. There are also special rules relating to workers' privacy from surveillance, telecommunications information, health care statistics, professional confidentiality including medical and legal data, medical research, and identity cards.
The LPD created the office of a Federal Data Protection and Information Commissioner (the Commissioner, or FDPIC). The Commissioner maintains and publishes the Register for Data Files, supervises federal government and private bodies, provides advice, issues recommendations and reports, and conducts investigations. The Commissioner has assumed a new role as mediator relating to transparency and public information. The Commissioner also consults with the private sector. The office publishes a detailed annual report, as well as leaflets, summaries of press articles and critical statements, and advice to government agencies on issues of data protection. However, the Commissioner has only limited possibilities for interventions: he can only submit "suggestions" (Empfehlungen) or ask the Data Protection Commission to review a case. Decisions of this commission can then be submitted to the Federal Court (Bundesgericht). In the FDPIC’s 14th Annual Report (2006/2007), the Commissioner addresses issues that range “from military information systems, such as reconnaissance drones, to the planned introduction of the health insurance card, to video surveillance in stores, and to biometric access control in sports stadiums and leisure facilities.”
Annually, the FDPIC deals with 1,500 to 2,000 complaints, investigations and requests. Among these, there are questions of individuals, media inquiries, long-term supervision of operational proceedings in private enterprises, as much as, in the federal administration, and comments on legislation at the hearing stage. According to the FDPIC, between April 1, 2005 and March 31, 2006 it conducted 63 official investigations, 50 of which concerned access to homeland security files.
In September 2005, the FDPIC hosted the 27th International Conference of Data Protection and Privacy Commissioners in Montreux. More than 350 participants from all over the world took part, and the Conference adopted two important resolutions: one on the use of biometric data in passports, ID cards and travel documents, and a second on the use of personal data for political communication.
The identity card is machine-readable as is the new passport, which became effective on January 1, 2003. On September 15, 2004, the Swiss government decided that the next edition of Swiss passports should include a chip with biometric data. The decision is based on a feasibility study by the Federal Police "Fedpol," commissioned in September 2003. This should allow Swiss citizens to fulfill the requests introduced by the US government after September 11 2001, requiring that every visitor without a visa be able to present a passport with a biometric identity tag. In April 2005, the Swiss government declared that such a passport would be available only by September 2006 or later, due to the coordination of similar efforts of the European Union (EU). In September 2006 Switzerland issued its first biometric passports as part of a 5-year pilot project. However, during the pilot phase, facial images are the only biometric data stored on the passports. The FDPIC reviewed and commented on draft revisions to the identity documents law and decree and was very critical of the plan to store biometric data in a central database.
Banking records are protected by the Swiss Federal Banking Act of 1934. This act was passed to guarantee strong protections for the privacy and confidentiality of bank customers. However, Switzerland has come under increasing pressure from the European Union and the Organization for Economic Cooperation and Development (OECD) to weaken these laws and provide greater access to bank records for the purposes of tax collection. The adoption of the "Schengen agreement" would provide a solution to the conflicts (see below). In reality, banking data have been transmitted illegally to the US in at least one case described at the end of this chapter.
Switzerland is not a member of the EU, but has some special agreements with the EU. Some of these bilateral agreements were signed in 2000 and 2001. In May 2004, the government decided to sign another set of agreements ("Bilaterale II"). These contracts were approved by referenda, and Switzerland ratified the Schengen and Dublin Conventions on June 5, 2005. The Schengen agreement aims at creating a pan-European Security Zone, thus shifting the borders between European nations to the external borders of Europe. Inside Europe, people would be able travel without the traditional border police control, while travelers from and to Europe would face strengthened border controls. However, the national police forces will be allowed to execute "mobile controls" in the 30 km range along the borders, as well as in train stations, inside of trains and at airports. This means that all persons will de facto have to carry an ID document, which was not compulsory until now in Switzerland.
Further, the Schengen Convention establishes a close cooperation among police forces, in order to combat international "criminal tourism" (Kriminaltourismus). The core subject of this agreement is the Schengen Information System (SIS), a pan-European database that records personal information on people who have been arrested, migrants, and missing objects (Fahndungsdatenbank) by the national police forces. In the summer of 2007, SIS consisted of 17 million entries. A second generation database, SIS II is currently being developed. The new system’s implementation has been delayed until 2008. The SIS database is not only a tool against crime, but also a tool for repression against immigration. SIS is operated by the EUROPOL, and by joining the Schengen agreement, Swiss police officers have full online access to the SIS database. The Swiss Department of Justice and Police (EJPD) calls the SIS "a revolutionary step for police work." Other parts of the Schengen Convention cover the cross-border observation by national police forces and the exchange of police officers. According to the agreement, Switzerland must contribute to the SIS database by 2008.
The Dublin Convention, created in 1990, establishes a European cooperation agreement to process applications from asylum seekers. It will allow Switzerland to access "Eurodac," the pan-European database of fingerprints of asylum seekers and migrants. According to the Dublin Convention, asylum requests are checked only by one EU member state whose decision becomes binding for all other member states.
There are several bilateral agreements on police cooperation between Switzerland and many other nations in Europe, which expand the types of collaboration among law enforcement authorities. The Swiss Federal Police is, in this regard, exchanging information and data with other countries. Concrete collaboration has been tested in the case of international political and economic meetings, like the G8 meeting in Geneva in June 2003 and the World Economic Forum meeting in Davos in January 2004. In January 2005, the Swiss government published an agreement on the collaboration with Europol, signed in September 2004. The agreement allows both parties to establish "exchange officers."
The Swiss police system is traditionally strongly organized by the 26 cantons. Every canton has its own police force. However, in the last few years there have been substantial efforts to build up a central "Federal Police" corps (Fedpol), based in Berne. Fedpol has mainly investigative duties. For this purpose, a Federal Criminal Police has been built up since 1994. Other duties include the "prevention" of crimes. Fedpol publishes an annual report on "national security." Most of the expansion of Fedpol has been done in order to "fight against organized crime and terrorism." In order to "fight cybercrime" a specific task force was established in 2003, the "Coordination Unit for Cybercrime Control" (CYCOS). In December 2004, the Swiss government opened the consultation process on a revision of the Penal Code (Strafgesetzbuch, StGB), which consists mainly of regulating the criminal liability of Internet providers, stating: content providers should be fully liable for documents which are prohibited by law; hosting providers should not be liable at all; while access providers should be liable only if they participate actively in offering such documents. A second consultation process has been opened on a bill aiming at centralizing the investigations of cybercrime cases at the Federal Police.
Although the cooperation has been extended in various fields, there are still some tensions between Fedpol and cantonal police forces, and also inside governmental agencies. Therefore, the Controlling Commission of the Swiss Parliament (Geschäftsprüfungsdelegation, GPDel) is demanding a more efficient coordination of the different intelligence agencies of the Swiss Army and the Federal Police.
Legally, the activities of the Fedpol are mainly based on the Bundesgesetz über Massnahmen zur Wahrung der inneren Sicherheit (BWIS). This law was enacted in July 1, 1998 following a scandal in the autumn of 1989, when members of a parliamentary investigative commission (the Parlamentarische Untersuchungskommission, or PUK) discovered huge databases of citizens in the premises of the Federal Police (the political police) and the Federal Prosecutor (Bundesanwaltschaft).
The former Federal Police, now called the Service for Analysis and Prevention, is part of the Federal Office for Police Matters, which also includes the Federal Criminal Police. It hosts two databanks, including ISIS (the Information System for Internal Security), which replaced the old paper files of the federal police. In April 2004, ISIS contained files on 60,477 persons who are considered terrorists, violent extremists or possible spies. Files are opened on "preventive" grounds, which means that no criminal investigation is required. However, data resulting from criminal investigations, and thus also from telephone surveillance, can be maintained for preventive purposes, even if the person is acquitted before a court. The other databank is JANUS, which contained files of 62,500 persons in July 2001 and 83,700 in March 2004, most of them being registered for alleged drug trafficking, since registration of consumers is not allowed. Files in JANUS can be created on the grounds of simple suspicion. In July 2001, the records on the 62,500 suspected target persons (Stammpersonen) also contained 116,500 references to third persons who are not suspected.
The database GEWA of the Fedpol section on money laundering (Meldestelle Geldwäscherei) contained 10,884 persons and 4,170 companies in February 2004. The database for "searched people and objects" (Fahndungsdatenbank) RIPOL contained 142,625 entries for persons in January 2004, most of them are searched for because of minor offenses. In February 2004, the main Fedpol register IPAS (Personen- und Aktennachweissystem) contained entries on 641,446 persons. IPAS is organized as an index to other databases, including the database of fingerprints AFIS and of genetic profiles EDNA (see below).
Currently the Swiss government is preparing a bill that should include the legal basis for JANUS, IPAS and RIPOL in one single law on police databases. In the same context, the government plans a new information system called "Police Index," to facilitate the collaboration with the cantonal and with foreign police authorities.
A revision of the BWIS is currently planned. The directors of the Federal Police and the Intelligence forces are demanding an extension of their capabilities, e.g., to be allowed to spy inside private apartments or to tap telecommunications, even without the concrete suspicion of a crime. Further, the revision should include the possibility to operate secret "undercover agents" (verdeckte Ermittler), even for the means of "prevention," that is, in cases where no concrete crime is under investigation. Since January 1, 2005, the police are allowed to operate as undercover special agents. The majority of the Parliament accepted the governmental proposal, arguing that this would be "a necessary tool against organized crime," like terrorism and money laundering. Finally, the police forces are also demanding access to ONYX, the Swiss military satellite telecom interception system similar to ECHELON (see below).
On the legal basis of the BWIS, the government decreed a regulation which compels all institutions "executing an official duty" to report any suspicion of a "terrorist activity" to the federal police. These institutions include universities, hospitals, and train carriers. The regulation was first released in November 1, 2001, in the aftermath of the attacks of September 11, 2001, to sunset after one year. It was extended for another year, and in November 2003 was extended for two more years.
In preparation for the next European Football Championship (TM), scheduled for 2008 in Switzerland and Austria, the new anti-hooliganism law came into force on January 1, 2007. Limited until the end of 2009, it introduces stadium bans, a national hooligan database, travel restrictions for known troublemakers and increased police powers. However, critics fear that the term "hooliganism" would not be restricted to football fans, since the law covers all kinds of "large public events," including political demonstrations. The National Swiss Security Strategy for EURO 2008 discusses a number of “risk situations” associated with the event, from terrorism to human trafficking and forced prostitution.
Swiss telecom providers have to keep a log for six months of all communication traffic data to comply with the Federal Law on the Surveillance of Mail and Telecommunications. This law requires that the respective telephone companies constantly track phones and store the data collected. Whereas until 2003 interception was possible in all investigations relating to crimes and offenses (crimes for which a prison sentence can be issued), the current law prohibits any preventive interception and provides, for the first time, for a catalogue of offenses. In the case of investigations on crimes and offenses described in the catalogue, an instruction judge (Untersuchungsrichter), with the allowance of the prosecution chamber, can order providers to hand over the archived data. The same catalogue is relevant for real-time interception cases. In this case, a judge can compel a provider to install a direct connection of all telecommunications to the STS. In March 2003, the catalogue of criminal offenses allowing interception was extended, introducing provisions against the "financing of terrorism."
On October 21, 2003, the Federal Court decided in a unanimous vote that, in the case of wiretapping, the Federal Prosecutor has the duty to inform the persons observed after surveillance has been carried out, including information about the reasons of the monitoring.
In a March 2004 revision of the Penal Code (Strafgesetzbuch), commercial companies are allowed to keep logs of phone conversations with their clients, even without their consent, for the purpose of securing evidence. However, they are not allowed to analyze this data for marketing purposes, or to give this data to third parties.
In April 2007, at the end of a year-long consultation process, the Swiss government announced its intention to move ahead with a proposal to allow the Swiss secret services to be able to carry out communications surveillance – correspondence, telephone and email – and observe private areas such as hotel rooms, if necessary by installing bugging devices. Proponents stated that the interception amendment would only concern cases that dealt with terrorism, weapons of mass destruction and spying. They would only be taken as a last resort and their legality checked beforehand. Critics from both the left and the right voiced concerns with the proposal, and the Data Protection Commissioner stated that the proposed changes are “dangerous because eavesdropping on citizens within their private sphere could take place without any criminal allegations."
In July 2000, a regulation on the collection and storage of genetic profiles was introduced, allowing the Swiss administration – by way of a new Agency called AFIS Services – to establish and operate a centralized database with DNA profiles of persons and stains. The Federal Office has collected data for the police since August 1, 2000. All samples taken by the police are given a unique identifier, so that the name of the suspect is never disclosed to laboratory employees. The regulation states that police forces are allowed to collect DNA samples only in case the offense committed is listed in a catalogue. However, this catalogue not only includes crimes like murder, sexual offenses, life endangerment and rape, but also theft (Diebstahl). Further, there are reports (and lawsuits) of cases where the police have taken DNA samples of persons who did not commit any of these offenses. By the end of 2003, EDNA contained 45,313 DNA profiles. One year later, it had almost 60,000. On January 1, 2005, the EDNA regulation was replaced by a formal law, which does not have a catalogue of offenses at all.
In March 2004, the majority of the National Council decided to allow life insurance companies to review previous DNA analyses of persons in case they want to sign a contract with a life or a voluntary insurance company against invalidity. The bill was approved by the smaller chamber (Ständerat) in June 2004 and again in October 2004. The deadline for a referendum passed on January 27, 2005 without a request for a public ballot.
Sports facilities in Switzerland have begun using biometric access control systems. The FDPIC has conducted inspections of the systems and asked that biometric data, in this case digital fingerprints, be stored on the individual membership cards and not on a central database. At the Commissioner’s request, the sports facility inspected agreed to provide customers that refuse the registration of their biometric data with alternative solutions at the same price.
The Federal Office of Public Health plans to implement voluntary storage of medical information on new health insurance cards. However, the Commission has asked the Federal Office of Public Health to forego storing medical data on the health insurance card for the time being, because Public Health has not yet defined the purpose of this storage, nor shown the necessity of implementing such a scheme. Without a clearly set out purpose, it is impossible to determine whether the storage is appropriate and whether their storage respects the principle of proportionality.
In May 2004, the National Council began to debate the revision of the Law on Foreigners. The larger chamber of the Federal Parliament decided to include biometric data in foreigners' identity documents. The law would also provide a definite legal basis for the Central Register of Foreigners, which now holds data on about 4.5 million persons. In order to avoid so-called "faked marriages" (Scheinehen), the law provides that marriage officers (Zivilstandsbeamte) would be allowed to investigate the "honesty" of bi-national marriages. In June 2004, the National Council passed the law, despite strong opposition in the parliamentary commission concerned. The second chamber (Ständerat) discussed the bill in March 2005 and introduced even more severe restrictions for foreigners. The bill now goes back to the National Council.
More and more public transport companies are introducing CCTV in their vehicles. After a pilot test in 2002 and 2003, the Swiss Federal Railway company SBB (now a private company, but still owned by the state) announced a large project to install surveillance cameras in trains. Until 2003, such surveillance was not allowed by law, neither was the operation of CCTV systems in train stations. In December 2003, a regulation was subsequently introduced, allowing the SBB to operate CCTV systems in train stations and inside trains.
The city police of Zurich bought a new mobile camera system with capabilities for automatic car plate recognition (AFNES) to be operated in Zurich. It will be able to identify car plates and compare the results with the national database RIPOL. With closer connections to EU justice and police agencies, Switzerland will likely also gain direct access to European car plate databases. According to some sources, the use of an automatic plate recognition system is planned on at least one Swiss highway tunnel in order to control speed limits.
The growth of video surveillance in Switzerland is helped by the cameras getting smaller, cheaper and more sophisticated. This is especially true for the systems operated by private entities, such as shopkeepers or house owners. Also, more sport stadiums are installing CCTV cameras. However, opposition against camera surveillance is growing as well. The committee of the Swiss "Big Brother Awards" has been organizing several "excursions" on the subject of surveillance cameras in Zurich and released a map with camera locations in a city district of Zurich, as well as in the Zurich Main Train Station. The Federal Data Protection Commissioner published a leaflet explaining the legal conditions for private individuals to operate video surveillance cameras.
The Swiss Air Force started operating Unmanned Aerial Vehicles (Drohnen) of the type "ADS 95 Ranger." They are produced in Switzerland by the company RUAG in Emmen LU, in collaboration with Israeli companies. On January 6, 2004, on a test flight, a military UAV observed a civil car driving into a forest near Lucerne. The operators informed the local police patrol, who amended the car passengers for smoking marijuana. According to a media report, the Swiss Air Force is operating one to four UAV test flights every day. The images of the cameras are registered and stored for up to six months.
In honor of this privacy invasion, the Air Force received one of four Swiss "Big Brother Awards 2004." On Easter Holiday 2005, the Army offered their UAVs to cantonal police forces in order to observe north-south traffic on the Gotthard route. For the celebration of the International Worker's Day on May 1, 2004, the Zurich police asked the Air Force about using UAVs to observe the rally in Zurich from the air. These examples show a strengthened collaboration between military and police forces.
There is still no formal legal basis governing the use of army reconnaissance drones by the border police. At the request of the Commissioner, the Federal Council finally agreed to remedy this legal shortcoming and to also regulate the use of surveillance equipment for civilian purposes. The Commissioner has pointed out that the legal rules covering military information instruments need to be highly specific, and should cover not just the actual surveillance devices, but also the type and purpose of the surveillance.
At the Zurich "Unique" airport, the cantonal Police of Zurich tested a pilot system for automatic face recognition between February and June 2003. Officially, the Farec (Face Recognition system, mainly aims at recognizing people trying to immigrate without identity documents. This is the first test worldwide of face recognition in the context of boarder controls. During the test phase, 1,003 passengers of 277 flights were registered by Farec. In 81 cases, a search in the database followed, with 10 hits and 17 fails. In December 2004, the Zurich Cantonal Government (Regierungsrat) provided a legal regulation (decree, Verordnung), extending the test phase until the end of 2006. Although quite skeptical about the usefulness of the system, the data protection officer of the canton Zurich accepted the decree. There are reports that Switzerland will employ face recognition surveillance technology at the EURO 2008 sporting event; however, the official National Strategy makes no mention of face surveillance.
In July 2006, the Freedom of Information Act (BGÖ) came into effect. The FDPIC is responsible for Advisory, Conciliation and Arbitration Service related to the new Act. The FDPIC has already made several recommendations, and the number of requests for arbitration is increasing.
In some cantons, the data protection law is at the same time a "Freedom of Information Law" (Öffentlichkeitsgesetz), and the data protection officer has the duties of a Freedom of Information Protection Officer as well. According to such laws, all official documents should be publicly available and citizens have a legal right to receive information - except if a document is declared as confidential. Other cantons and the Confederation are preparing a similar law. However, the first consultations among interested parties are revealing considerable opposition, e.g. in the canton of Zurich.
By April 2005, a revision of the regulation (decree) on Land Registers (Grundbuchverordnung), dating back to 1910, has been put into force by the Government. The cantons are now allowed to publish parts of the register on the Internet.
Switzerland is a member of the Council of Europe (CoE) and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (Convention No. 108) in 1997. Switzerland has also signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR). On 13 May 2005, Switzerland signed Protocol 14 to the ECHR, amending the Convention's control system, at the 114th session of the Committee of Ministers of the Council of Europe held in Strasbourg. In November 2001, Switzerland signed, but has not ratified, the CoE Convention on Cybercrime. It is a member of the Organization for Economic Cooperation and Development (OECD) and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.
 Constitution of Switzerland, 1999, "Bundesverfassung der Schweizerischen Eidgenossenschaft vom 18. April 1999" (BV, SR 101), <http://www.admin.ch/ch/d/sr/c101.html>. In addition to the Constitution, every federal law and regulation is available in an online directory. In this report, we generally link to the German versions ("Systematische Rechtssammlung" SR: <http://www.admin.ch/ch/d/sr/sr.html>). However, there are version avialable in French ("Recueil systématique du droit fédéral" (RS) <http://www.admin.ch/ch/f/rs/rs.html>) and in Italian ("Raccolta sistematica del diritto federale" <http://www.admin.ch/ch/i/rs/rs.html>).
Bundesgesetz über den Datenschutz, DSG vom 19. Juni 1992 (Stand 2006)
(Swiss Data Protection Statute from June 19, 1992 (in the updated version of
2006) DSG, SR 235.1), available at
 David Rosenthal, “Country Q & A – Switzerland,” Information Technology 2007-2008, available at <http://www.homburger.ch/fileadmin/publications/DAPSWQAC_01.pdf>.
 Association of Data Protection Commissioners “PRIVATIM” <http://www.dsb-cpd.ch>. See “Votre dossier medicale, vos droits,” June 28, 2007, available at <http://www.privatim.ch/content/pdf/PRIVATIM_Dossier-medical_F.pdf>.
Protection Working Party, Article 19, Opinion 5/99 on the Level of Protection of
Personal Data in Switzerland, June 7, 1999, available at
 The Commission of the European Communities: "The application of Commission Decision 2000/518/EC of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Switzerland," SEC (2004) 1322, Brussels, 20.10.2004; the decision is based on the "Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Switzerland (notified under document number C(2000) 2304), 2000/518/EC," Official Journal L 215, 25/08/2000 P. 0001-0003. See also European Union Press Release, "Commission Adopts Decisions Recognising Adequacy of Regimes in United States, Switzerland and Hungary," July 27, 2000.
 Zusatzprotokoll zum Übereinkommen des Europarats zum Schutz des Menschen bei der automatisierten Verarbeitung personenbezogener Daten (Série des traités européens STE Nr.108).
 For an
overview of legal regulations concerning Data Protection,
 Section 28 of the Zivilgesetzbuch (ZGB, SR 210), Civil Code, December 10, 1907, <http://www.admin.ch/ch/d/sr/c210.html>.
 Code pénal, Titre troisième: Infractions contre l'honneur et contre le domaine secret ou le domaine privé, Art. 173-179. Schweizerisches Strafgesetzbuch (StGB) vom 21. Dezember 1937 (SR 311.0) <http://www.admin.ch/ch/d/sr/c311_0.html>.
 Section 328 of the Obligationenrecht (OR, SR 22) <http://www.admin.ch/ch/d/sr/22.html>, Code of Obligations. See International Labour Organization, Conditions of Work Digest, Volume 12, 1/1993.
 Fernmeldegesetz (FMG, SR 784.10), available at <http://www.admin.ch/ch/d/sr/c784_10.html>, Telecommunications Law (LTC) of 30 April 1997.
 Office fédéral de la statistique, La protection des données dans la statistique médicale, 1997 <http://www.admin.ch/bfs/stat_ch/ber14/statsant/ff1403c.htm>.
 Code pénal, Art. 320-322, Schweizerisches Strafgesetzbuch vom 21. Dezember 1937 (StGB, SR 311.0) <http://www.admin.ch/ch/d/sr/c311_0.html>.
 Verordnung vom 14. Juni 1993 über die Offenbarung des Berufsgeheimnisses im Bereich der medizinischen Forschung (VOBG, SR 235.154) <http://www.admin.ch/ch/d/sr/c235_154.html>, Ordonnance du 14 juin 1993 concernant les autorisations de lever le secret professionnel en matière de recherche médicale (OALSP).
 Bundesgesetz vom 22. Juni 2001 über die Ausweise für Schweizer Staatsangehörige (Ausweisgesetz, AwG, SR 143.1) <http://www.admin.ch/ch/d/sr/c143_1.html>, and the corresponding regulation Verordnung vom 20. September 2002 über die Ausweise für Schweizer Staatsangehörige (Ausweisverordnung, VAwG, SR 143.11) <http://www.admin.ch/ch/d/sr/c143_11.html>, replacing the older Ordonnance du 18 mai 1994 relative à la carte d'identité suisse.
 14th Annual Report on Activities, Federal Data Protection and Information Commissioner, 2006-2007, available at <http://www.news-service.admin.ch/NSBSubscriber/message/en/13377#>.
 Annual report, nr. 13, published on July 3, 2006, available at <http://www.edoeb.admin.ch/dokumentation/00445/00509/00965/index.html?lang=en>.
 14th Report on Activities, supra.
 Rosenthal, supra.
 FDPIC 13th Annual Report 2005-2006, available at <http://www.edoeb.admin.ch/dokumentation/00445/00509/00965/index.html?lang=en>.
"Pilotprojekt für Biometrie-Pässe," Media release of the Justice and
Police Department EJPD of September 15, 2004, available at
An official 10-point FAQ on biometrical data in the Swiss passport is available
 "Biometrischer Schweizer Pass: Einführung frühestens im September 2006," Media release of the Swiss Justice and Police Departement EJPD of 13 April 2005, available at<http://www.ejpd.admin.ch/doks/mm/content/mm_view-d.php?mmID=2386&mmTopic=Ausweise>.
 “Introduction of Biometric Data in the New Swiss Passport,” Federal Data Protection Commissioner, July 2006 <http://www.edoeb.admin.ch/dokumentation/00445/00509/00965/00980/index.html?lang=en>.
zur Genehmigung der bilateralen Abkommen zwischen der Schweiz und der
Europäischen Union, einschliesslich der Erlasse zur Umsetzung der Abkommen
(Bilaterale II) vom 1. Oktober 2004," published in the Bundesblatt nr. 44/09 on
November 9, 2004, pp. 5965-6564, available at
 A Swiss majority of 55% voted to ratify the Schengen and Dublin agreements. See “Vote Takes Switzerland Closer to EU,” BBC News, June 5, 2005, available at <http://news.bbc.co.uk/2/hi/europe/4612281.stm>.
 See "Solidarité sans frontières" (SOSF), available at <http://www.sosf.ch/publikationen/intro/intro.html>.
 This rule is most likely against a 1983 decision by the Swiss federal court, which held that identity controls are only allowed in case of a disruptive situation ("situation troublée"). Bundesgerichtesentscheid BGE 109 Ia 146, available at <http://www.polyreg.ch/bgeleitentscheide/Band_109_1983/BGE_109_IA_146.html>.
 <http://www.fact-index.com/s/sc/schengen_information_system.html>. For a critical review of the SIS see e.g. the documentation of the group "Solidarité sans frontières" (SOSF) at <http://www.sosf.ch/publikationen/intro/intro.html>, as well as Heiner Busch "Lieber Pest oder Cholera?" in WOZ Die Wochenzeitung Nr. 14/2004, April 1 2004. For information on SIS in English see .e.g. statewatch.org, "From the Schengen Information System to SIS II and the Visa Information (VIS): the Proposals Explained" (48 pages / February 2005), available at <http://www.statewatch.org/news/2005/may/analysis-sisII.pdf>, as well as the 12 page update of May 2005 by statewatch.org, "SIS II fait accompli? Construction of the EU' Big Brother Database Underway - New Analysis", available at <http://www.statewatch.org/news/2005/may/sisII-analysis-may05.pdf>. By checking the Governmental Report (Botschaft) on the Schengen Agreement, the data protection officer of the Canton Zug found 233 hits in his quick survey. However, this does not mean that personal data is protected. The Botschaft has been published in the Bundesblatt Nr. 44/2004 (November 9, 2004), pp. 5965-6564, available at <http://www.admin.ch/ch/d/ff/2004/5965.pdf>. For other agreements in the same context, See <http://www.admin.ch/ch/d/ff/2004/index0_44.html>.
 After a revision of the regulation "Verordnung über die Bearbeitung erkennungsdienstlicher Daten" by the Swiss Government on May 12, 2004, the Swiss border police is allowed to collect fingerprints of all persons they expect to be illegally trying to immigrate to Switzerland, and to store these data in the national database called AFIS, from June 1, 2004 on. The revision has to be regarded as a preparation for the joining of the Eurodac database. See "Verordnung über die Bearbeitung erkennungsdienstlicher Daten vom 21. November 2001" (SR 361.3), available at <http://www.admin.ch/ch/d/sr/c361_3.html>.
 E.g., in April 2002, the Swiss government signed an agreement with Europol on exchanging information as well as police agents. The government promised to submit the agreement to Parliament in a later stage.
 See Botschaft, Bundesbeschluss and Abkommen (Aggreement, SR 0.360.268.2) in Bundesblatt Nr. 6/2005 of February 15, 2005, pp.983ff., available at <http://www.admin.ch/ch/d/ff/2005/index0_6.html>.
See <http://www.fedpol.ch>, with an impressive organization chart:
 "Bundesgesetz über kriminalpolizeiliche Zentralstellen des Bundes vom 7. Oktober 1994" (ZentG, SR 360) <http://www.admin.ch/ch/d/sr/c360.html>.
 "Bericht Innere Sicherheit der Schweiz 2004," published on May 26, 2005, available at <http://www.fedpol.ch/d/aktuell/berichte/biss_2004_d.pdf> (in German). The report is edited by the Fedpol section "Service for Analysis and Prevention," DAP (Dienst für Analyse und Prävention), which is the political Swiss "preventive State Security Police," part of the Swiss Federal Police, ex-BUPO, Bundespolizei.
"Coordination Unit against Cybercrime" (CYCOS, KOBIK in German)
<http://www.cybercrime.admin.ch/e/index.htm>. The CYCOS is a cooperating
project between the Confederation and most of the Swiss Cantons. In 2005, the
Canton Zurich decided to participate as well. According to a newspaper report,
CYCOS received about 6,500 hints from the public, most of them regarding child
pornography and child abuse. During 2005, CYCOS forwarded 272 cases to the
competent cantonal attorneys. Source: Niels Anner, "Erfolge der
Internet-Polizei", NZZ am Sonntag, February 6, 2005).
 Swiss Penal Code, Strafgesetzbuch, SR 311.0, available at <http://www.admin.ch/ch/d/sr/311_0/index.html> (in German, French and Italian).
 See media release by the Federal Justice Departement (EJPD): "Die Netzwerkkriminalität verstärkt bekämpfen. EJPD schickt zwei Gesetzesentwürfe in die Vernehmlassung," December 10, 2004.
 See, e.g., "Für Parlamentarier gar nicht 'hervorragend'," NZZ, November 22, 2004, p.13.
Bundesgesetz über Massnahmen zur Wahrung der inneren Sicherheit vom 21.
März 1997 (BWIS, SR 120)
 The commission found about 900,000 folders, called "Fichen" (hence "Fichenskandal"), on persons, most of whom were not suspected of having committed any offenses. Most of the folders had to be destroyed. At this time, there was no legal basis for the collection of these folders. In 1991, a citizens' committee launched a popular initiative to abolish the political police. Surveillance should only be possible on the grounds of a criminal investigation. The vote on the initiative was postponed by the government for years. In June 1998, nine years after the scandal 75 percent of the voters said no to the initiative. The federal government had saved its political police, which since the beginning of the nineties had been completely modernized and, by July 1, 1998, received for the first time a legal basis with the Law on Measures for Maintaining Internal Security (BWIS).
Verordnung über das Staatsschutz-Informations-System (ISIS-Verordnung) vom
30. November 2001 (SR 120.3),
 Heiner Busch, "Das neue Schweizer Wettfichen," in WOZ Die Wochenzeitung nr. 9, March 3, 2005, p.6.
 Verordnung über das Informationssystem der Bundeskriminalpolizei (JANUS-Verordnung) vom 30. November 2001 (Stand am 22. Januar 2002) (SR 360.2) <http://www.admin.ch/ch/d/sr/c360_2.html>. JANUS is the fusion of three information systems that have been built up during the nineties, and had been maintained separately until 1998: DOSIS, which held data on investigations in drug trafficking; ISOK, the information system on "organized crime;" and FAMP, which includes information about forged money, trafficking human beings (prostitution) and illicit pornography.
 Among them, 13,500 are so-called "contact persons"; 13,000 are telephone subscribers (with their names and addresses); and about 90,000 are telephone numbers with only fragmentary information to the respective persons (Conseil national 01-1068 – Question ordinaire de Dardel – Personnes enregistrées dans les systèmes de données JANUS et ISIS – Réponse du Conseil fédéral du 5 septembre 2001 <http://www.parlament.ch/afs/data/f/gesch/2001/f_gesch_20011068.htm>).
Busch, "Das neue Schweizer Wettfichen,"
 The acronym RIPOL stands for "le système de recherches informatisées de police." see Verordnung über das automatisierte Fahndungssystem (RIPOL-Verordnung, SR 172.213.61) vom 19. Juni 1995, see <http://www.admin.ch/ch/d/sr/c172_213_61.html>-
 IPAS is an acronym for "informatisiertes Personennachweis-, Aktennachweis- und Verwaltungssystem im Bundesamt für Polizei", based on the IPAS-Verordnung vom 21. November 2001 (SR 361.2), See <http://www.admin.ch/ch/d/sr/c361_2.html>.
 Heiner Busch, "Das neue Schweizer Wettfichen," supra at p.6.
 "Bundesgesetz über die polizeilichen Informationssysteme des Bundes (BPI)," available at <http://www.fedpol.ch/d/aktuell/medien/050304_BPI_Vorentwurf_d.pdf>. The consultation process is going on until June 15, 2005. (in general on the Swiss consultation procedure: <http://www.admin.ch/ch/e/gg/pc/index.html>).
See, e.g., Markus Steudler: "Der Staat
will wieder lauschen," NZZ am Sonntag, 1. Mai 2005, p.11,
 Bundesgesetz über verdeckte Ermittlung (BVE) vom 20. June 2003 (SR 312.8) <http://www.admin.ch/ch/d/sr/c312_8.html>, and the regulation (decree) Verordnung vom 10. November 2004 über die verdeckte Ermittlung (VVE, SR 312.81), <http://www.admin.ch/ch/d/sr/c312_81.html>.
betreffend die Ausdehnung der Auskunftspflichten und des Melderechts von
Behörden, Amtsstellen und Organisationen zur Gewährleistung der
inneren und äusseren Sicherheit (SR
 In Switzerland, the citizens can demand a referendum on every law regarding domestic politics by collecting 50,000 signatures in the delay of 100 days – but they can not ask for a referendum in the case of a regulation (Verordnung, decree).
2008 Tickets Up For Grabs,” February 28, 2007, SwissInfo
 The National Swiss Strategy for EURO 2008, Public Authorities Project Orgnanisation, March 2007, available at <http://126.96.36.199/search?q=cache:OlUqnkXffB0J:www.switzerland.com/files/%3Fid%3D2086+switzerland+hooligan+face+surveillance&hl=en&ct=clnk&cd=3&gl=us#24>.
Bundesgesetz zur Überwachung des Post- und Fernmeldeverkehrs (BÜPF, SR
780.1) (Loi fédérale sur la surveillance de la correspondance
postale et des telecommunications) <www.admin.ch/ch/f/rs/c780_1.html>,
available at <www.admin.ch/ch/f/rs/c780_1.html> and its implementing
decree, Ordonnance du 31 octobre 2001 sur la surveillance de la correspondance
par poste et télécommunication (OSCPT), RS 780.11 from October 31,
2001, available at <www.admin.ch/ch/f/rs/c780_11.html> (Verordnung zur
Überwachung des Post- und Fernmeldeverkehrs (VÜPF, SR 780.11)),
 However, this does not include communication by way of ADSL, WLAN, voice-over-IP, MMS and SMS-over-GPRS, see the article "Taube Lauscher", facts October 7, 2007, p.26. While at the beginning of the 1990s about 500 interception orders were issued annually, the number has continuously increased to about 2,000 orders since 1996 (2,138 cases). (Conseil National, Heures de Questions: Session d'hiver 1999, Réponse du Conseil fédéral concernant les écoutes téléphoniques (Answer by the Federal Council, Decembre 20, 1999,) available at <http://www.parlament.ch/afs/data/f/gesch/1999/f_gesch_19993427.htm>.) To these orders, another 2,000 cases of disclosure of traffic data have to be added. Furthermore, Swiss authorities ordered 2,430 telephone taps in 2000 compared with 2,046 the previous year. More than a third of them were ordered in connection with a suspected breach in drugs law, an 18 percent increase ("Phonetapping on the Increase," July 23, 2003, available at <http://www.swissinfo.org/sen/Swissinfo.html?siteSect=111&sid=1000096>). In 2002, lawful interception concerned 6,646 telephones, 2/3 of the mobile phones, that is 1,551 more than in 2001. Almost 3,000 real-time observations were established in 2002. The tariff for lawful interceptions according to BÜPF has been changed for April 1, 2004. For Internet Service Providers, there are only two tariffs since then. One is for requests of past data from log files and it is CHF 538 flat (IP address, login number, email log). The other one is CHF 1,326 flat for real-time transmission of e-mail messages. Since it is always a flat rate no matter how long the interception (or logs, up to six months) is, some suspect that law enforcement will always opt for maximum period just in case. Statistics for the years 1998-2003 are available at <http://www.uvek.admin.ch/kommunikation/dba/unterseite2/index.html?lang=de>. In regards to the Internet traffic, the newspaper "Sonntagszeitung" calculated a projection of about 3,000 ex-post requests per year (Michael Soukup: "Sorgen mit dem Datenhunger", Sonntagszeitung 30.01.2005, p.102.)
 See <http://www.admin.ch/ch/d/as/2003/3043.pdf>.
 Federal Court, BGE 8G.109/2003 of 21.10.2003, no publication. There have been numerous public revelations of illegal wiretapping. A 1993 inquiry found that phones used by journalists and ministers in the Swiss Parliament were tapped (Statewatch bulletin, Volume 3, Number 1, January-February 1993). The data protection commissioner also accused the Swisscom (Telecom PTT at that time), the state telephone company, of illegally wiretapping telephones. In February 1998, an agent for Israel's Mossad Secret Service was arrested by the Swiss authorities for attempting to tap the phone of a Lebanese immigrant whom he believed had links to the Hezbollah. On July 7, 2000 the Swiss court handed down a one-year sentence to be suspended for two years ("Swiss Court Hands Mossad Spy a Suspended One-year Sentence," Associated Press, July 10, 2000).
 Presumably with the exception of giving away such data to investigating police forces, in the case that a judge ordered it. See: Änderung des Art. 179 quinqies StGB, Abs. 1, Bst. b) vom 1. März 2004 (AS 2004 823). Schweizerisches Strafgesetzbuch (Code Penal) vom 21. Dezember 1937 (SR 311.0) <http://www.admin.ch/ch/d/sr/c311_0.html>, with the new article 179 quinqies: <http://www.admin.ch/ch/d/as/2004/823.pdf>.
 “Anti-terror Phone Tap Plan to Continue,” SwissInfo, April 4, 2007 <http://www.swissinfo.org/eng/swissinfo.html?siteSect=881&sid=7688550>.
über das DNA-Profil-Informationssystem
(EDNA, SR 361.1)
 EDNA, Article 5, for details on the procedure see also W.Bär, Adelgunde Kratzer & M. Strehler, "Swiss Federal DNA Profile Information System – EDNA," available at <http://www.promega.com/geneticidproc/ussymp12proc/abstracts/bar.pdf>.
 See, e.g., Heiner Busch, "Die Wattestäbchenattacke", in WOZ Die Wochenzeitung, Nr. 26/2004, available at <http://www.woz.ch/artikel/archiv/10141.html>, as well as reports at <http://switzerland.indymedia.org/demix/2004/11/28078.shtml>. For a critical comment on DNA samples See also Markus Hofmann "DNA-Profile - die Lieblinge der Polizei," in: Neue Zürcher Zeitung NZZ, March 4, 2005, p.13. According to this article, every sample costs about 295 CHF.
 Heiner Busch, "Das neue Schweizer Wettfichen" in WOZ Die Wochenzeitung nr. 9, March 3, 2005, p.6.
 Bundesgesetz über die Verwendung von DNA-Profilen im Strafverfahren und zur Identifizierung von unbekannten oder vermissten Personen (DNA-Profil-Gesetz, SR 363 <http://www.admin.ch/ch/d/sr/c363.html>, as well as the corresponding regulation (decreee) (DNA-Profil-Verordnung, SR 363.1 <http://www.admin.ch/ch/d/sr/c363_1.html>). For the discussion in the parliament see (Nationalrat, Amtliches Bulletin, 20.06.03-08h00) <http://www.parlament.ch/ab/data/d/n/4619/86799/d_n_4619_86799_86951.htm>. In September 2002, the majority of the National Council decided, against the recommendation of the preparing commission, not to include any catalogue in the new law on DNA profiles. After the tsunami disaster in December 2004 in Southeast Asia, a lot of DNA samples of Swiss relatives of missing tourists have been taken.
 Bundesgesetz über genetische Untersuchungen beim Menschen (Parliamentary number 02.065, SR 814.02, Bundesblatt Nr. 41, 19 October 2004, pp.5483ff, available at <http://www.admin.ch/ch/d/ff/2004/5483.pdf)>. For a summary of the parliamentary discussion see <http://www.parlament.ch/afs/data/d/rb/d_rb_20020065.htm> (in German).
 14th Report on Activities, supra.
<http://www.parlament.ch/do-auslaendergesetz> and the Bundesgesetz
über die Ausländerinnen und Ausländer (AuG, Entwurf)
<http://www.admin.ch/ch/d/ff/2002/3851.pdf> (Parliamentary nr.
 Discussion in the Parliament (Ständerat) available at <http://www.parlament.ch/ab/data/d/s/4707/122615/d_s_4707_122615_122623.htm>.
See media release
 Verordnung über die Videoüberwachung durch die Schweizerischen Bundesbahnen SBB (Videoüberwachungsverordnung SBB, VüV-SBB) SR 742.147.2, <http://www.uvek.admin.ch/imperia/md/content/gs_uvek2/d/verkehr/schienenverkehr/vuev/1.pdf>, as well as the media release of the Department UVEK, December 5, 2003, available at <http://www.uvek.admin.ch/dokumentation/medienmitteilungen/artikel/20031205/01748/index.html>.
 "Abschnittsgeschwindigkeitskontrolle," planned for the Belchentunnel from 2005 on, see <http://www.radar.ch/Infoblitz/0304.pdf> (especially p. 2).
 See <http://www.edsb.ch/e/doku/merkblaetter/video.htm>.
 See "Von der Luftwaffe beim Kiffen erwischt", NZZ am Sonntag on May 23, 2004, <http://www.nzz.ch/2004/05/23/il/page-article9M50A.html> (in German). During the Olympic Games in Athens, Greece in Summer 2004, Swiss surveillance "Zeppelins" were used to observe the city.
 See <http://www.bigbrotherawards.ch/hallofshame>.
 14th Report on Activities, supra.
über den Einsatz eines biometrischen Gesichtserkennungssystems am Flughafen
Zürich vom 8. Dezember 2004, (Nr. 551.113, available at
See also the media release issued by
the Regierungsrates on December 16,
See also Marcel Gyr, "Weiterer Test des
Gesichtserkennungssystems," in: Neue Zürcher Zeitung NZZ, December 17,
 See, e.g., Neue Zürcher Zeitung, 23. August 2002, No. 194, p.37, and id., and Stefan Hohler, "Phase 2 für 'Frühwarnsystem'" in Tages-Anzeiger December 17, 2004.
 14th Report on Activities, supra.
 For the Confederation, see the proposal for a Bundesgesetz über das Öffentlichkeitsprinzip der Verwaltung (Öffentlichkeitsgesetz, BGÖ; SR 152.), published in the Bundesblatt 2004, pp. 7269ff. (<http://www.admin.ch/ch/d/ff/2004/7269.pdf>) and the corresponding governmental report (Botschaft) at <http://www.ofec.admin.ch/themen/oeffprinzip/bot-d.pdf>. The delay for a referendum was passed on April 7, 2005 without any request for a referendum. For an overview of this law, see <http://www.ofj.admin.ch/themen/oeffprinzip/intro-d.htm> (in German). Critics of the new law argue that it contains too many exceptions.
 Grundbuchverordnung, (GBV; SR 211.432.1, <http://www.admin.ch/ch/d/sr/c211_432_1.html>. The changes have been published in the official publication of laws (AS) at <http://www.admin.ch/ch/d/as/2005/1343.pdf>. For an overview in English, see <http://www.ofj.admin.ch/themen/gba/intro-e.htm>.
"Übereinkommen zum Schutz des Menschen bei der automatischen Verarbeitung
personenbezogener Daten. Abgeschlossen in Strassburg am 28. Januar 1981. Von der
Bundesversammlung genehmigt am 5. Juni 1997. Schweizerische Ratifikationsurkunde
hinterlegt am 2. Oktober 1997. Für die Schweiz in Kraft getreten am 1.
Februar 1998" (Übersetzung des französischen Originaltextes,
Translation of the original in French, RO 2002 2847). SR 0.235.1)
<http://www.admin.ch/ch/d/as/2002/2847.pdf>. Signed October 2, 1997;
ratified October 2, 1997; entered into force February 1,
 EMRK, signed in Rome on November 4, 1950, accepted by the parliament on October 3, 1974, ratified on November 28, 1974 <http://www.admin.ch/ch/d/sr/0_101/index.html>.
 See <http://www.ofj.admin.ch/themen/menschenrechte/prot14emrk-com-e.htm>.
 Signed November 23, 2001.