The installation of video surveillance systems in Switzerland is subject to strict legal regulations. In this article, we’ll overview the relevant laws and regulations that you must follow when planning and implementing such systems. We’ll also pay attention to the requirements towards companies using cloud services or transferring data abroad.
Legal Foundations
Several laws regulate the use of video surveillance in Switzerland:
- Datenschutzgesetz (DSG): governs the protection of personal data.
- Zivilgesetzbuch (ZGB) Art. 28: protects personal rights from unlawful intrusions.
- Strafgesetzbuch (StGB) Art. 179quater: penalizes unauthorized recording of conversations.
These laws require that video surveillance be proportionate, serve a legitimate purpose, and that affected individuals are properly informed.
Purpose Limitation and Proportionality
Video surveillance may only be used if it serves a clearly defined purpose, for example, protecting people or property. Besides, measures must be proportionate, meaning there must be no less intrusive means available to achieve the same goal.
Duty to Inform
Individuals affected must be informed about the video surveillance. This can be done through clearly visible signs that provide details about the system operator, the purpose of the surveillance, and, if applicable, the storage duration of the recordings.
Data Security
Recorded data must be protected from unauthorized access through appropriate technical and organizational measures. These include, for example, access restrictions, encryption, and regular security audits.
Storage Duration
Recordings may only be stored as long as necessary for the intended purpose. As a rule, the maximum storage duration is 24 to 72 hours unless there is a specific reason for longer retention.
Prohibited Surveillance
Surveillance of public spaces, neighboring properties, or areas where individuals have a heightened expectation of privacy (e.g., changing rooms) is generally prohibited.
Video Surveillance in Rental Properties and Construction Sites
In rental properties, installing surveillance cameras is only permitted with the consent of the affected tenants. On construction sites, video surveillance can be used to prevent theft; however, legal requirements must also be met in this context.
Data Protection Impact Assessment (DPIA)
Extensive video surveillance systems, particularly those with multiple cameras and locations, must adhere to a Data Protection Impact Assessment (DPIA). This regulation helps identify risks to the rights and freedoms of affected individuals and implement appropriate risk mitigation measures.
Strategic Integration and Compliance
For companies, it is crucial to view video surveillance not as a standalone measure but as part of the overall security strategy. This approach includes:
- Compliance: Ensuring all measures comply with legal requirements.
- Risk Management: Identifying and assessing potential risks related to video surveillance.
- Consultation: Involving data protection experts or legal advisors in complex or uncertain cases.
A holistic approach not only improves security but also fosters trust among customers and employees.
Risks of Data Breaches or Camera Hacks
A data breach or hack of a video surveillance system can have serious consequences:
- Legal consequences: Violations of data protection laws can lead to fines of up to CHF 250,000.
- Reputational damage: Loss of trust among customers, partners, and employees.
- Operational disruptions: The need to audit systems and close security gaps, potentially causing downtime.
Preventive measures and regular security checks are therefore essential.
Cloud Systems and Data Transfers Abroad
The use of cloud-based video surveillance systems poses additional challenges:
- Data location: Data should preferably be stored in Switzerland to comply with local data protection requirements.
- Data transfer abroad: If unavoidable, it must be ensured that the recipient country provides an adequate level of data protection.
- Contract design: Data processing agreements must include clear provisions on data protection and security.
Hence, careful selection of the cloud provider and thorough review of contractual terms are essential.
FAQ
Can I monitor my own property with a camera?
Yes, as long as the surveillance is limited to your own property and does not capture public areas or neighboring properties.
Do I have to inform my employees about video surveillance?
Yes, employees must be informed about the surveillance, ideally in writing and before the cameras are installed.
How long can I store the recordings?
Recordings should generally not be stored for longer than 24 to 72 hours, unless there is a specific reason to retain them for a longer period.
What is a Data Protection Impact Assessment (DPIA)?
A DPIA is a process used to identify and assess risks to the rights and freedoms of individuals when processing personal data. It is particularly required for extensive video surveillance systems.
Can I use cloud services to store video recordings?
Yes, but data protection requirements must be met, especially concerning the location where data is stored and the contractual agreements with the cloud provider.
Where is the data from Sheriff Systems stored?
Data is usually stored on local servers. For detailed information, please contact us via the contact form or at 079 599 96 01. We’ll be happy to advise you.
