Even legislation can’t escape the digital transformation: legal developments in ICT-law at a glance.
Telecommunications have developed at a rapid rate since the Telecommunications Act (TCA) entered into force in 1997. The current partial revision takes the changed technological environment into account, enhances consumer protection, enshrines net neutrality and regulates access to the last mile of fibre-optic connections.
For universities offering telecommunications services, it should be noted that the much-discussed definition of ‘telecommunications service provider’ (TSP) is broader under the revised act. The category TSP now also includes over-the-top (OTT) services such as instant messaging and voice over IP. Anyone offering these OTT services must now fulfil the obligations of a TSP under the TCA and is subject to supervision by the Federal Office of Communications (OFCOM). However, the exponential growth of providers of OTT services means that they are exempt from the obligation to report to and register with OFCOM. The revised act imposes various new obligations on all TSPs, such as obligations to actively combat cyber attacks (Art. 48a(1) nTCA) or to provide information about the quality of telecommunications services (Art. 12a(2) nTCA).
As the registry for .ch domain names, SWITCH is also affected by the new telecommunications legislation: for reasons of fairness, for example, a legal basis is being created under which authorities can revoke domain names in the event of unfair conduct (Art. 26a nUCA). In addition to the TCA, various related ordinances will be revised, including the Ordinance on Internet Domains (OID), which regulates SWITCH’s activity as a registry. The most significant change in the current draft is the restriction of the WHOIS database that SWITCH operates, according to which no more personal data is to be published by default.
The category TSP now also includes over-the-top (OTT) services such as instant messaging and voice over IP.
Since the referendum period for the TCA has elapsed without being used, the consultation period for the associated ordinances will run until 25 March 2020. SWITCH will also comment on the relevant provisions. The Federal Council will subsequently determine when all the legislation will enter into force.
After much delay in the total revision of the Federal Act on Data Protection, the pace suddenly picked up at the end of 2019: following the National Council, the Council of States also published the outcome of its decisions on the draft Federal Act on Data Protection (D-FADP) on 20 December 2019.
If a referendum is not called after the differences have been settled, the new act and the associated ordinance will probably enter into force at the end of 2020 or the beginning of 2021. While provision has been made for transition periods for implementing certain provisions, it is still highly advisable to start dealing with implementation early on to ensure timely compliance with data protection laws. After all, there are various new obligations with respect to personal data processing under the revised Federal Act on Data Protection for the purpose of improving transparency in data processing activities and strengthening data subjects’ right to self-determination.
There are various new obligations with respect to personal data processing under the revised Federal Act on Data Protection for the purpose of improving transparency in data processing activities and strengthening data subjects’ right to self-determination.
These new obligations include amongst others providing information when data is collected, the deletion of personal data, the notification regarding data security breaches and the preparation of a data protection impact assessment for certain data processing activities. The Councils still don’t agree with regard to profiling, i.e. automated processing of personal data to evaluate personal aspects of natural persons. It should be noted, however, that federal bodies, and thus also certain universities, must obtain data subjects’ explicit consent for each type of profiling unless there is another justification reason for the same.
Also in 2020 – probably in May – the European Commission will again decide on the adequacy of Swiss data protection law. A decision to this effect will make cross-border disclosure of personal data much easier. Since the current draft of the Federal Act on Data Protection also sets down most of the provisions applicable at European level, even going above and beyond them in some cases (what is known as the Swiss Finish), the prospects of a positive decision are good. The signing of the Protocol of Amendment to Convention 108, whereby Switzerland commits itself to an international level of data protection and implementation of the same in national law, is also beneficial. Nevertheless, it is important to keep the development on the radar, as a negative decision will create the need for additional action when exchanging personal data with companies based in the EU.
The Federal Act on Copyright and Related Rights (CopA) is also being revised in response to the digital transformation and technological developments. One aim of the revision is to better fight against piracy. For certain providers of internet hosting services, the draft stipulates that they must keep copyright-infringing content permanently off their platforms (so-called stay-down obligation).
If text and data mining is used for scientific research in copyrighted works (e.g. texts, images), this can now be done free of charge and without the author’s consent. This was previously only permitted for private use and simplifies the structuring and analysis of large amounts of data in research.
Another amendment to the Act strengthens research in text and data mining, a process of intelligent data analysis and interpretation: if text and data mining is used for scientific research in copyrighted works (e.g. texts, images), this can now be done free of charge and without the author’s consent. This was previously only permitted for private use and simplifies the structuring and analysis of large amounts of data in research. It is also positive that libraries, schools and universities are not subject to any new remuneration obligations for copying protected content; the revised law even sets down a preferential tariff for libraries.
With the Parliament passing the act on 27 September 2019, the Federal Council will soon decide when it will enter into force, which is expected to be already in 2020.
The new year will therefore also bring exciting reforms and challenges from a legal perspective. We from the SWITCH legal team will be happy to address them and assist you in any of your questions at any time