The Film Act is under revision, with major implications for online film providers. Under the revised act, companies that show films in Switzerland in their programmes or as 'electronic services on demand or by subscription' (ESDS) must use at least 1% of their gross revenues to invest in independent Swiss film productions or pay a compensation fee. In addition, companies offering films in Switzerland as ESDS must allocate a minimum of 30% of their platform capacity to European films.
The Federal Council recently tasked the Department of Finance with drafting a bill which will introduce a cyberattack notification obligation for operators of critical infrastructure. The draft will appoint a central reporting office and provide uniform criteria for all sectors in order to clarify how the reporting procedure would work. This step forward represents a key point of implementation of the national strategy for the protection of Switzerland against cyber risks.
Parliament recently revised the federal telecoms legislation – in particular, the Federal Telecommunications Act and its various implementing ordinances. These revised regulations entered into force on 1 January 2021. The revision of the telecoms legislation brings about several fundamental changes that affect consumers as well as telecoms service providers and telecoms operators.
The Federal Council recently submitted to Parliament the draft and corresponding dispatch of the new Federal Act on the Protection of Minors in respect of Films and Video Games. Age labelling and age controls for films and video games will be uniformly stipulated throughout Switzerland and made mandatory for films and video games available at public events, through on-demand services and on physical storage media such as tapes, disks or sticks.
The Federal Council's Cyber Committee recently adopted a report on the advancement of the 2018-2022 national strategy for the protection of Switzerland against cyber risks and its gradual implementation. The report focuses mainly on the progress made in supporting small and medium-sized enterprises and promoting research and training.
Parliament recently approved new regulations for blockchain and distributed ledger technology (DLT). The goal of this new legal framework is to further establish and increase Switzerland's reputation as a leading, innovative and sustainable location for fintech and DLT companies. Because Switzerland already has a world-class and pioneering infrastructure for financial markets, these qualities should allow it to remain at the forefront of the DLT and fintech scene.
Parliament recently approved the final draft of the revised Data Protection Act, which is expected to enter into force in 2022. The revision aims to modernise Switzerland's data protection landscape in line with the more sophisticated EU legislation, particularly the EU General Data Protection Regulation, which entered into force in 2018.
The Federal Administrative Court (FAC) recently issued a ruling concerning the status of instant messaging app Threema from a telecoms surveillance legislation perspective. The consequences of the FAC's ruling, if upheld by the Federal Supreme Court, would exonerate many over-the-top service providers (typically instant messaging and voice call providers) from certain obligations under telecoms legislation. However, businesses active in the telecoms area should nonetheless remain cautious.
The Federal Data Protection and Information Commissioner (FDPIC) recently removed the United States from its list of countries deemed to provide an "adequate level of data protection". Essentially, the FDPIC is of the opinion that legal remedies for data subjects in Switzerland under the Swiss-US Privacy Shield are insufficient. Going forward, businesses must reassess their cross-border data transfers in light of the FDPIC's statement.
The Federal Supreme Court recently issued a ruling addressing the liability of a securities trading company when hackers break into and use a client's email account to send transfer orders. This case is a stark reminder of the importance for anyone using online accounts and online (email) communications to properly secure their IT systems against hackers and other malevolent third parties. In case of any suspicious activity, it is necessary to immediately assess the situation and react accordingly.
The European Court of Justice (ECJ) recently declared that the European Commission's decision that the United States ensured an adequate level of protection of personal data transferred under the EU-US Privacy Shield Framework was invalid. This article examines the effect that the ECJ's decision will have on the Swiss-US Privacy Shield Framework.
The Federal Council recently adopted the Ordinance on Protecting against Cyber Risks (OPCy), which is set to enter into force on 1 July 2020. This move is the next step in a series of measures taken by the Federal Council to adopt a new organisational structure and implement a national strategy to protect Switzerland against cyber risks. Along with the adoption of the OPCy, the Federal Council has also planned for 20 additional positions in the respective offices for cyber risk protection.
The Reporting and Analysis Centre for Information Assurance recently published its latest semi-annual report regarding the most important cyber incidents and cyber risks of the second half of 2019 in Switzerland and abroad. The report contains several practical recommendations for individuals and companies to improve their protection against cyberattacks.
Data protection laws continue to apply as they did prior to the COVID-19 crisis. However, the Swiss data protection authority, the Federal Data Protection and Information Commissioner, will be aware of the particular challenges and constraints that employers face at present. This article provides an overview of some of the data protection issues that employers face.
On 1 January 2020 the Swiss Financial Market Supervisory Authority implemented various revised rules primarily targeting small banks (the so-called 'small banks regime'). Among other aspects, this will result in a relaxation of IT outsourcing requirements for financial institutions. The amendments are positive and a step in the right direction, as they will allow financial institutions to enjoy more leeway to benefit from IT outsourcing services.
While many countries have introduced far-reaching obligations to report cyber incidents, Switzerland has not yet followed this lead. However, the Federal Council recently adopted a report which considers key issues with regard to the introduction of a general reporting obligation for operators of critical infrastructure. The report also discusses possible implementation models.
The Federal Council recently adopted a dispatch message to improve the legal framework governing distributed ledger technologies (DLT) in Switzerland. The Federal Council's objective is to increase legal certainty, remove obstacles to DLT-based applications and limit the risk of abuse. The Swiss parliament will examine the dispatch message in early 2020.
In view of the media industry's ostensibly democratic and political role, the Federal Council has decided to adopt effective and feasible support measures. These measures will be implemented by adapting existing laws and incorporating online media into the scope of the Federal Act on Radio and Television. However, the plan to create a new Electronic Media Act has been abandoned.
The Supreme Court of the Canton of Zurich recently clarified that employers must clearly regulate the private use of work communication devices, as well as any related control mechanisms. Further, data processing such as verifying WhatsApp chat messages – even if the information is stored on a work mobile phone – must be done in accordance with the more restrictive Article 328b of the Code of Obligations.
The Federal Council recently adopted a plan to implement the national strategy to protect Switzerland against cyber risks until 2022 and took additional steps towards the establishment of a cybersecurity competence centre. Work is also underway to develop a cyber-defence campus and strengthen capabilities relating to information acquisition and allocation.