The GDPR sets the EU standard for Privacy by Design. How does Swiss law handle the same concept?
Swiss DSG Article 7 mirrors the GDPR approach in three paragraphs: a design obligation, a proportionality principle, and a privacy-friendly defaults requirement.
* Privacy by Design compared: GDPR Art. 25 vs Swiss DSG Art. 7. *
Paragraph 1: Design obligation. Controllers must design their technical and organizational structures to comply with data protection requirements from the very start. Privacy isn't optional and it isn't a feature you add later. It's a structural requirement.
Paragraph 2: Proportionality. Measures must be appropriate to the current state of technology, the scope of data processing, and the risk to data subjects. A startup processing minimal data has different obligations than a bank handling millions of financial records.
Paragraph 3: Privacy-friendly defaults. Data processing must be limited to the minimum necessary for the stated purpose. This is the Swiss version of Privacy by Default.
Tip: Article 25 DSGVO and Article 7 DSG are companion provisions. The Swiss version is more concise but covers the same ground. Know both article numbers and be able to compare their three-part structure.
Go deeper:
Federal Act on Data Protection (FADP), official text — the Swiss law whose Art. 7 mirrors GDPR Art. 25.