Understanding FDPIC Investigations of Data Protection Violations

Sep 7, 2023

In September 2023, the Federal Data Protection and Information Commissioner (FDPIC) released an updated factsheet outlining the process of investigating violations of data protection regulations in Switzerland. This article provides a summary of key insights from the FDPIC’s guidance on Articles 49-53 of the Federal Act on Data Protection (FADP).

Reason and Purpose of the Investigation

Under the FADP, the FDPIC is responsible for ensuring compliance with data protection regulations. The FDPIC initiates investigations when there are “sufficient indications” that a data processing activity may violate these regulations. Investigations aim to establish the facts and assess whether a violation has occurred. If a violation is confirmed, the FDPIC can impose administrative measures.

Informal Preliminary Enquiries

Before launching a formal investigation, the FDPIC may conduct informal preliminary inquiries to determine if an investigation is necessary. This phase helps clarify whether the potential violation merits a full investigation, and it allows for quick resolution in some cases.

Legal Status of Reporting Parties

Reporting a potential violation is essential, and it can be done by data subjects, third parties, or the FDPIC itself. Reporting parties may or may not have the status of a party in the investigation proceedings, depending on their role and involvement in the case.

The FDPIC’s Duty to Investigate

The FDPIC must investigate significant violations of data protection regulations, but it has the discretion to decide not to investigate minor violations. The determination of “minor importance” is somewhat subjective but guided by ensuring an adequate level of data protection.

Investigation Proceedings

Investigation proceedings follow the Federal Act on Administrative Procedure (APA) and include cooperation from the party involved. The party has specific rights throughout the investigation, such as the right to a fair hearing and access to files.

 

Recent news

Privacy Symposium, june 10-14, 2024, Venice

Privacy Symposium, june 10-14, 2024, Venice

The EFDPO is a pround member of the Organizing Committe of this international conference. It will offer over 100 sessions with over 300 top level speakers and data protection authorities, including international organizations, European authorities, and national data protection authorities, as well as experts in innovative technologies.

read more