Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Switzerland: FDPIC publishes explanation for personal data use by associations

On July 9, 2024, the Federal Data Protection and Information Commissioner (FDPIC) published explanations regarding using personal data by associations, federations, and their members. In particular, the explanations focus on new obligations arising from the revision of the Federal Data Protection Act (FDPA). The FDPIC highlighted that the collection and processing of personal data is subject to the requirements of the FDPA.

Who is responsible for the use of personal data?

The FDPIC stated that the association committee is responsible for ensuring that the use of member data is legally compliant and that only personal data directly related to the association's purpose should be collected from members. If additional data is to be collected and processed, members should be informed before data is processed.

Association committees should also, according to the FDPIC, be mindful of data protection principles including:

  • purpose limitation - only collect personal data for specific purposes that are clear to the individual;
  • transparency - association members must be informed if personal data is shared and to whom and for what purpose; and
  • data minimization - only data necessary to fulfill the association's purpose may be used.

Frequently asked questions

The FDPIC also included an updated list of FAQs covering a variety of topics including:

  • criminal sanctions under the FADP;
  • responsibility for data protection regulation compliance;
  • association member consent for data processing;
  • rules for the publication of photographs of members online;
  • disclosure of member data within and outside of the association;
  • the obligation to carry out a data impact assessment; and
  • requirements if sensitive data is processed by automated means.

You can read the announcement here and the explanation here.