LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Under Swiss data protection law, when is processing of personal data permitted, and when do you need a legal justification?

If all data protection principles are followed, processing is generally permitted. If any principle is violated, you need a specific legal justification.

Swiss data protection law (DSG) takes a pragmatic approach:

The default rule: If all processing principles are met, processing personal data is fundamentally allowed. No extra permission needed.

When you need a justification (Rechtfertigungsgrund): A legal justification is required under Art. 31 and 39 DSG when:

  • Processing principles are not fully met.
  • The affected person objects to the processing.
  • Specially protected personal data is disclosed to third parties.

The three types of legal justification:

Justification What it means
Consent (Einwilligung) Voluntary, informed, and unambiguous agreement from the affected person.
Legal basis (Gesetzliche Grundlage) A law permits or requires the data processing.
Overriding interest (Überwiegendes Interesse) The interests of the processor or a third party outweigh the protection interest, per Art. 31 DSG.

How privacy is protected in practice combines two approaches:

  • Privacy by policy: Laws and self-regulation set the rules.
  • Privacy by architecture: Technology enforces the rules.

Both are needed. Laws without enforcement technology are toothless. Technology without legal backing is optional.

From Quiz: PRIVACY / Introduction to Privacy and Data Protection | Updated: Jul 14, 2026