SWITZERLAND Law and Practice Contributed by: Lukas Morscher, Lukas Staub and Jil Eichenberger, Lenz & Staehelin
3. Artificial Intelligence 3.1 Liability, Data Protection, IP and Fundamental Rights Artificial intelligence (AI) offers new opportuni - ties to develop social or scientific knowledge and can be the basis for further forms of value creation by companies. In general, there is no cross-sector regulation in Switzerland regarding AI. As regards the processing of personal data, the right to privacy and the protection of per - sonal data must be safeguarded (see 2 Cloud and Edge Computing regarding data protection principles). While government authorities period - ically review developments regarding AI, it is cur - rently acknowledged that any regulation should be technology-neutral in order to accommodate new developments within the existing legal and regulatory framework. This enables businesses located in Switzerland to make optimal use of upcoming technologies and advances and to efficiently adapt their business models and pro - cesses as required or desired. The Federal Council has set up a federal working group on AI under the direction of the State Sec - retariat for Education, Research and Innovation (the “SERI”), which facilitates the exchange of knowledge and opinions and the co-ordination of Switzerland’s positions in international bod - ies. Based on a report submitted by the SERI to the Federal Council outlining existing measures, an assessment of possible fields of action and considerations on the transparent and respon - sible use of AI, the Federal Council concluded in December 2019 that Switzerland was, in general, well suited to address AI applications, business models and challenges. Therefore, there was no immediate need to adapt the existing legislative framework, subject to certain specific areas (such as mobility, security policy, education and research). However, a multitude of measures
by the European Commission pursuant to the Implementing Decision 2021/914/EU (the “EU SCC”), for data transfers to countries not pro - viding adequate data protection levels, provided the necessary adaptations and amendments are made for use under Swiss data protection law. Since 1 January 2023, data transfers must be based on the EU SCC. This means any previous model contracts to ensure equivalent protection The appointment of a data protection officer (DPO) is not mandatory for private controllers. However, by designating a DPO, this DPO may be consulted instead of the FDPIC in the case of a high-risk processing activity. Release to consult with the FDPIC only applies if the DPO exercises its functions towards the controller in a professionally independent manner and is not bound by any instructions, does not carry out any activities that are incompatible with its tasks and has the required expertise and the controller publishes the DPO’s contact details and notifies the FDPIC thereof. may no longer be used. Data Protection Officers A reporting portal for contact details of DPOs is publicly accessible on the FDPIC’s website. In contrast to private entities, federal bodies are required to designate a DPO. The DPO serves as a contact point for data subjects and for the authorities responsible for data protection in Switzerland. Further tasks include, in particular, training and advising the controller in matters of data protection and providing support on apply - ing the data protection regulations.
461 CHAMBERS.COM
Powered by FlippingBook