Article 36(4) of the 1874 Constitution guaranteed, "[t]he inviolability of the secrecy of letters and telegrams." This Constitution was repealed and replaced by public referendum in April 1999. The new constitution, which entered into force on January 1, 2000, greatly expanded the older privacy protection provision. Article 13 of the Constitution now states: "All persons have the right to receive respect for their private and family life, home, mail and telecommunications. All persons have the right to be protected against abuse of their personal data."[2566]
The Federal Act of Data Protection of 1992 (Loi fédérale sur la protection des données or LPD) regulates personal information held by federal government and private bodies.[2567] The Act requires that information must be legally and fairly collected and places limits on its use and disclosure to third parties. Private companies must register if they regularly process sensitive data or transfer the data to third parties. Transfers to other nations must be registered and the recipient nation must have equivalent laws. Individuals have a right of access to correct inaccurate information. Federal agencies must register their databases. There are criminal penalties for violations. To date, the Parliament is discussing a revision of the act, which in its main parts provides better regulations for the protection against the transfer of data especially by private bodies. It also tries to adapt Swiss data protection law to the standards of the European Union Data Protection Directive. However, the government also proposes a major change in a new Article 17a, which allows federal authorities to create new data banks and to process personal data without previous regulation by the law, "if major public interest does not allow a postponement of data processing or if a testing phase, before the law enters into force, is required." In this case, the government only has to produce a decree.[2568] There are also separate data protection acts for the "cantons" (states). However there are still some cantons that do not have data protection laws and thus do not have data protection commissioners.
In June 1999, the European Union Data Protection Working Party determined that Swiss law was adequate under the European Union Directive.[2569] In July 2000, the European Commission formally adopted this position, thereby approving all future transfers of all personal data transfers to Switzerland.[2570]
The LPD created the office of a Federal Data Protection Commissioner (the Commissioner).[2571] The Commissioner maintains and publishes the Register for Data Files, supervises federal government and private bodies, provides advice, issues recommendations and reports, and conducts investigations. The commissioner also consults with the private sector. In a report covering the period from April 2000 to March 2001, the Commissioner addressed in detail, the use of video surveillance in the public and private sectors, monitoring of employee e-mails and Internet use, employee drug testing, DNA profiling by law enforcement, privacy in e-commerce, seal programs and the adequacy of Safe Harbor. The report also criticized certain practices of the postal service, and called for increased compliance of the medical sector with the legal requirements on the processing of personal information. Finally, it addressed the need for strong technologies and amendments to the law to combat the increasing threat to privacy posed by the Internet.[2572] These issues continue to be of primary relevance to the Commissioner, as exhibited in its 2002 report. Of particular concern is the use of genetic testing, as well as privacy in telecommunication data storage.[2573] In previous reports, the Commissioner has recommended the introduction of legislation, similar to that in Germany, providing an explicit right to anonymity.[2574] In 2001, the commission also issued guidance on surveillance of Internet and e-mail use in the workplace and the use of video surveillance technologies. There are currently twenty-one people employed by the Commissioner, most of them, however, working part-time.[2575]
Until the beginning of 2002, telephone tapping was governed by Article 179 octies of the Penal Code and corresponding regulations in the federal, the military and the cantonal Penal Procedure Codes.[2576] Due to liberalization of the Telecom sector by the 1997 Telecommunication Act, the government issued a decree that established a specialized agency, Le Service des Tâches Spéciales (STS), within the Department of the Environment, Transport, Energy and Communications, to administer wiretaps.[2577] Until then, the technical procedures for wiretapping were carried out by a special service within former Telecom PTT (now Swisscom), the state monopoly company. The STS now has the function of a connecting link between the special services of the different private and state owned telecommunications companies and the public prosecutors, who issue an interception order. Already under the old legal regulation, every interception order had to be confirmed by the allowance of a prosecution chamber of the federal court or the cantonal high court respectively.
On April 1, 2003, a new Federal Law on the surveillance of mail and telecommunications became fully binding.[2578] Having been enacted in January 2002, this law is the product of parliamentary debates that started in 1999, when the federal Department on Justice and Police (Justice Ministry) presented a first draft for that law, which replaces federal and cantonal regulations. The Law Commission of the National Council (Great Chamber of the federal Parliament) rejected this draft and prepared its own, which constitutes the basis of the new law. Whereas, until then, interception was possible in all investigations relating to crimes and offences (crimes for which a prison sanction can be issued), the new law prohibits any preventive interception and provides, for the first time, for a catalogue of offences. The requirements for an order by a prosecutor and the respective allowance of a prosecution chamber are more precise. The catalogue thus impedes interceptions like in the Canton of Berne where, in 1995, the phone of a family was tapped to investigate against the eighteen-year old son, who was suspected to be the author a series of graffiti. Nevertheless, the list of offences does not stop the avalanche of tapping actions since the beginning of the nineties. While at the beginning of that decade about 500 interception orders were issued annually, the number has continuously increased to about 2,000 orders since 1996 (2,138 cases).[2579] To these orders, another 2,000 cases of disclosure of traffic data have to be added. Furthermore, Swiss authorities ordered 2,430 telephone taps in 2000 compared with 2,046 the previous year. More than a third of them were ordered in connection with a suspected breach in drugs law, an eighteen percent increase.[2580] Traffic data have to be retained by the providers for six months backward. In the case of mobile phones, this also includes information on the location of speakers. This, however, requires that the respective telephone companies constantly track phones, and that they store the data hereby collected. In the course of the parliamentary debate, the Conseil des Etats (Small Chamber of the Parliament) voted in the spring of 2000 in favor of the registration of all users of prepaid calling cards.[2581] This proposal was eventually dropped but is likely to resurface at a later date.
The new law also provides for the surveillance of e-mails, which are treated as every other telecommunication. Swiss Internet service providers (ISPs) are now required to keep a six-month log of all e-mails sent by their customers. These providers must log customer activity, including connection times, e-mails sent, addresses and senders, but not the content of the e-mails. Many ISPs will thus have to create the respective interfaces to make surveillance possible. However, legal authorities will only be able to access this data as necessary for an ongoing investigation into suspected criminal activity. To access the provider's electronic log, an investigating judge must issue a search warrant, and in some cases, the suspects will have to be informed of the proceedings.
On December 28 1997, the newspaper Sonntags Zeitung reported that Swisscom, was tracking the location of cellular phone users and maintaining those records for an extended period.[2582] Following this article, the Data Protection Commissioner opened an investigation and issued a report on this subject in July 1998.[2583] Swisscom at that occasion denied the tracking practice. Company speakers argued that the company was acting completely legally. Indeed, the article of the Sonntags Zeitung was wrong, in the sense that location data are only transmitted to the police in case of a judicial order. The Commissioner's report concluded that conservation of certain data, such as time and location of transmission, is necessary in order to establish the communication.[2584] However, it also concluded that retention of that data is only needed for no more than six months in order to obtain payment for services provided, and thus, according to Article 50 of the Telecommunications law, storage of that information cannot be more than six months.[2585]
There have been numerous public revelations of illegal wiretapping. A 1993 inquiry found that phones used by journalists and ministers in the Swiss Parliament were tapped.[2586] The Commissioner also accused the Swisscom (Telecom PTT at that time), the state telephone company, of illegally wiretapping telephones. There were considerable protests in 1996 when it was revealed that the federal prosecutor was wiretapping journalists to discover their sources after which Swiss President Arnold Koller described the taps as "excessive."[2587] In February 1998, an agent for Israel's Mossad Secret Service was arrested by the Swiss authorities for attempting to tap the phone of a Lebanese immigrant whom he believed had links to the Hizbollah. On July 7, 2000 the Swiss court handed down a one year sentence to be suspended for two-years.[2588]
In 1989, a parliamentary inquiry revealed that the Federal Police (the political police) had collected files on about 900,000 people, most of whom were not suspected of having committed any offence. In 1991 a citizens committee launched a popular initiative to abolish the political police. Surveillance should only be possible on the grounds of a criminal investigation. The vote on the initiative was postponed by the Government for years. In June 1998, nine years after the scandal seventy-five percent of the voters said no to the initiative. The Federal government had saved its political police, which since the beginning of the nineties had been completely modernized and, in July 1998, received for the first time in history a legal basis with the Law on Measures for Maintaining Internal Security.[2589] The former Federal Police now named Service for Analysis and Prevention is part of the Federal Office for Police Matters, which also includes the Federal Criminal Police. It hosts two data banks, including ISIS (the Information System for Internal Security), which replaced the old paper files of the federal police. ISIS contains files on about 50,000 persons who are considered as "terrorists," "violent extremists" or possible spies. Files are opened on "preventive" grounds, which means that no criminal investigation is required. However, data resulting from criminal investigations and thus also from telephone surveillance can be maintained for preventive purposes, even if the person is acquitted before a court. The other data bank, JANUS, is the fusion of three information systems which have been built up during the nineties, and had been maintained separately until 1998: DOSIS, which held data on investigations in drug trafficking; ISOK, the information system on 'organized crime'; and FAMP which includes information about false money, trafficking human beings (prostitution) and illicit pornography. Files in JANUS can be created on the grounds of simple suspicion. Most of the 62,500 persons filed in JANUS in July 2001 were registered for alleged drug trafficking, since registration of consumers is not allowed. The records on the 62,500 suspected persons (Stammpersonen) also contain 116,500 references on third persons, which are not suspected. Among them, 13,500 are so-called 'contact persons'; 13,000 are telephone subscribers (with their names and addresses); and about 90,000 are telephone numbers with only fragmentary information to the respective persons.[2590] The tenth 2002 annual report of the Data Protection Commission indicated that the handling of indirect requests for information in connection with internal security and the combating of money laundering has been proceeding smoothly. However, the report indicated difficulty with the handling of requests relating to organized crime, illegal drug trafficking, counterfeit coins, trading in human beings and pornography due to the nature of the JANUS system.[2591] The Swiss federal government intends to replace the practice of fingerprinting criminals with DNA sampling instead by the end of 2004.[2592] In May 2000, a decree was passed to establish a DNA database within the Federal Office for Police, and this database, the DNA Profile Information System (EDNA), has been in operation since August 1, 2000. A June 2000 provisional ordinance specified what types of crimes would permit the admission of DNA profiles from suspected criminals.[2593] These crimes include sexual offenses, life endangerment, and burglaries. All samples taken by the police are given a unique identifier; therefore, the name of the suspect is never revealed to lab employees.[2594] As of July 2001, 521 DNA profiles have been collected and entered into the database.[2595] The system has proven to be particularly successful for burglary cases. The Commissioner strongly criticized the measure and insisted that a law should be quickly enacted to govern its use. A new federal DNA law will replace the provisional ordinance of May 2000, which expires at the end of 2004.
Besides the Data Protection Act, there are also legal protections for privacy in the Civil Code[2596] and Penal Code,[2597] and special rules relating to workers' privacy from surveillance,[2598] telecommunications information,[2599] health care statistics,[2600] professional confidentiality including medical and legal information,[2601] medical research,[2602] and identity cards.[2603] The identity card is machine-readable as is the new passport, which became effective January 1, 2003. During the discussion on the Law on Identity Papers (passports and ID cards), it was debated whether to include biometric data in the papers. Although Parliament rejected the idea, the form of the new passport can be upgraded with such information. The draft for a new Foreigners Law, however, provides for biometric data to be included into the ID cards for foreigners. The law will also provide a definite legal basis for the Central Register of Foreigners, which now holds data on about 4.5 million persons.
Banking records are protected by the Swiss Federal Banking Act 1934. This Act was passed to guarantee strong protections for the privacy and confidentiality of bank customers, allegedly for those subject to persecution for racial, political or religious reasons.[2604] Switzerland has come under increasing pressure from the European Union and the Organization for Economic Cooperation and Development (OECD) to weaken these laws and provide greater access to bank records for the purposes of tax collection. Swiss Finance Minister, Kaspar Villiger, initially rejected these calls, maintaining that the banking secrecy laws are essential for Switzerland's role as an important financial center.[2605] However, in October 2000, following the scandal involving the funds of Sani Abacha, former dictator of Nigeria, it was announced that the Swiss banking laws would be amended.[2606] In January 2001, Lukas Muhlemann, former chairman[2607] of Crédit Suisse, urged the government not to submit to EU pressure, proposing alternative less privacy invasive means to fight tax evasion.[2608]
The Government has proposed new amendments in the criminal law to deal with "terrorist organizations" and "financing of terrorism" as well as for the ratification of the United Nations Convention against Terrorist Financing.[2609] When presenting his annual report on July 1, 2002, the Commissioner, Hanspeter Thür, warned that Switzerland is under foreign pressure to cut fundamental rights of privacy, saying "Perfect security is not possible. Those who go in this direction, are taking the risk of a totalitarian state."[2610] Thür echoed these sentiments in the 2003 report, calling for tighter controls on the war against terrorism and additional funds to protect personal privacy.[2611] At a press conference to launch the tenth annual report, Data Protection Commission spokesman Kosmas Tsiraktsopulos denied that Switzerland opposed a war on terror. Instead, he stated that "there should always be a balance between the right of security, which is also a constitutional right, and the right of privacy."[2612] However, the report indicated that new technologies, such as electronic insurance and health cards, as well as biometric identification techniques, threaten individual privacy. Thür commented that the increase in technological innovations has substantially increased the work of the Data Protection Commission.[2613]
Switzerland is a member of the Council of Europe and signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108) in 1997.[2614] Switzerland has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. In November 2001, Switzerland had signed, but not ratified, the Council of Europe Convention on Cybercrime.[2615] It is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.