The Federal Act on Data Protection (FADP) of Switzerland includes a specific exception for certain public registers, limiting the scope of the law's applicability.

Text of Relevant Provisions

FADP Art.2(2)(d):

"It does not apply to: public registers based on private law;"

Analysis of Provisions

The FADP explicitly excludes "public registers based on private law" from its scope of application. This provision creates an exception for certain types of publicly available information, specifically those contained in registers that are established under private law but are accessible to the public.This exception is narrower than a general exemption for all publicly available information. It specifically targets registers that have a legal basis in private law, rather than all forms of publicly accessible data. This distinction is important, as it limits the exception to a specific category of information sources.The rationale behind this exception likely stems from the understanding that information in these public registers is already subject to specific regulations governing their creation, maintenance, and access. These registers often serve important public functions, such as providing transparency in property ownership or business registrations, and their public nature is an inherent part of their purpose.

Implications

The implications of this exception for businesses and data processors are significant:

1. Data from private law public registers: Companies processing personal data obtained from public registers based on private law may not need to comply with the FADP for that specific data processing activity. This could include, for example, information from commercial registers or land registries.
2. Limited scope: The exception is narrow and does not extend to all publicly available information. Data controllers and processors must carefully assess whether the data they are handling truly falls within this specific category of "public registers based on private law."
3. Other obligations may apply: While the FADP may not apply to these registers, other legal obligations or industry-specific regulations may still govern how this data can be used or processed.
4. Verification of register status: Organizations relying on this exception should ensure that the registers they are accessing are indeed "public registers based on private law" as defined by Swiss legislation.
5. Combination with other data: If data from these exempt registers is combined with other personal data subject to the FADP, the resulting dataset may still fall under the Act's purview.

It's important to note that this exception does not create a blanket exemption for all publicly available information. Data controllers and processors must carefully consider the source and nature of the data they are handling to determine whether it falls within this specific exception or if the full provisions of the FADP still apply.