(Old) links related to the total revision of the Swiss Data Protection Law

Rosenthal, Der Vorentwurf für ein neues Datenschutzgesetz: Was er bedeutet, Jusletter v. 20.2.2017

This is excellent reading material – covers some very interesting aspects of Swiss privacy today (e.g. data subject access rights under current law)


Results of the Vernehmlassung and Botschaft of the Bundesrat


Summary of changes by David Vasella (post- vs. pre-Vernehmlassung Draft)


China’s Cybersecurity Law and administration of medical devices in China

“The China Food and Drug Administration (“CFDA”) has issued guidelines aimed to implement China’s new Cybersecurity Law (“CSL”) in the administration of medical devices in China. This development is a clear signal that Chinese regulators intend to enhance cybersecurity protection in the healthcare sector.”


(from 2016) UK court decision on whether clinical trial data can be adequately anonymised

The below is from 2016.

Very interesting article from Freshfields, that shows the UK Information Commissioner (supported by the First Tier Tribunal) taking a practical approach to the anonymisation of personal data. Also, a reminder that clinical trial data might be subject to freeddom-of-informations requests in UK under some conditions.


Key points of interest incl.

“There was no evidence that a third party, alone, could identify participants. The evidence showed that identification would be possible by combining the patient data with NHS data, but this would have involved an NHS employee breaching professional, legal and ethical obligations, and having the skill and motivation to do so. This level of conjecture was considered remote. It is not ‘any conceivable means of identification’ that must be considered, but only ‘those reasonably likely to be used’. We ‘must consider whether any individual is reasonably likely to have the means and the skill to identify any participant and also whether they are reasonably likely to use those skills for that purpose’. ”

High-level summary

“The Information Commissioner had ordered Queen Mary University London to disclose patient data from a trial on chronic fatigue syndrome under the Freedom of Information Act. The Tribunal reviewed this decision.

QMUL ran several arguments but the one the Tribunal most struggled with was whether the data had been anonymised enough that it should no longer be considered personal data. If so, it would likely be disclosable under FOIA. If the data was not sufficiently anonymised, it would still be ‘personal data’ and would therefore have to be withheld from disclosure.

Although the Tribunal was split in its decision, the majority was in favour of upholding the Information Commissioner’s decision that the data had been adequately anonymised. QMUL was therefore ordered to disclose it.”