After more than 15 years, the Canton of Zurich is subjecting its Information and Data Protection Act (IDG) to a total revision in accordance with Government Council Decision No. 878 of 4 August 2023. This is to take into account the requirements of the European legal area and to implement requests from the Zurich parliament. In addition to strengthening the principle of public access and a more modern approach to the use of data, the revised IDG will now contain rules on artificial intelligence (AI).
For a modern use of data, the revised IDG includes a regulation regarding the handling of open government data (OGD). This is information made freely accessible by a public body in machine-readable form that can be used without restriction (cf. § 5 para. 5 revIDG). The IDA now regulates the legal basis for open public authority data. According to section 15 para. 1 revIDG, public bodies may publish information as official data if there is no legal provision and no overriding public or private interest to the contrary. This is intended to encourage public bodies to make existing data available where possible and to allow it to be used by other public bodies or also private individuals. The universities and the University of Zurich in particular should welcome this regulation.
The revised IDG also contains new regulations on AI, as legal questions arise in this regard that are related to data protection. Pursuant to Section 13 (3) of the revised IDA, all public bodies are now obliged to keep a publicly accessible register of the algorithmic decision-making systems (AES) they use, insofar as these can have an impact on the fundamental rights of individuals. This takes into account the justified concern for transparency. In addition to the right to information, they must also provide information on AI-supported data processing to persons who request information on the processing of their personal data.
One of the important innovations is the creation of a commissioner for the principle of public access, who should contribute to strengthening the principle of public access. These tasks include, in particular, supporting and advising public bodies as well as advising private individuals on their rights, mediating in disputes concerning access to information or commenting on legal acts in the area of the principle of public access. According to the media release, the task of the Commissioner for the Principle of Public Access will be taken over by the Cantonal Commissioner for Data Protection.
Finally, selective adjustments will be made in a wide range of sub-areas. For example, a provision is inserted that allows public bodies to process data under strict conditions if the person concerned consents to the data processing (§§ 24 lit. c and 25 lit. c in conjunction with § 12 rev IDG). These provisions correspond to the regulatory content of Art. 34 nDSG. Next, provisions on the requirements for the legal basis for the processing of personal data or the use of personal data for non-personal purposes are adapted to the nDSG, which comes into force on 1 September 2023. This is intended to achieve overall consistency with the nDSG.
The Canton of Zurich wants to set a good example with its modernised law on information and data protection. The government’s bill now goes to the Zurich Cantonal Council for consultation – we are curious to see what the politicians in the canton of Zurich will now say about the topic of AI regulation and the requirements of the nDSG.
Sources (links, citation of books)