What is the maximum fine that can be applied for breach of data protection laws?
Technology (second edition)
Private persons are liable to a fine of up to CHF 10,000 for wilfully failing to provide information as regards safeguards in the case of cross-border data transfers or to notify data collections (or in so doing wilfully providing false information) or for wilfully providing the FDPIC with false information in the course of an investigation or for refusing to cooperate. On complaint, the wilful provision of false or incomplete information to data subjects who exercise their right of information or when collecting sensitive personal information of personality profiles, including the wilful failure to inform data subjects as required pursuant to the DPA, is sanctioned by a fine of up to CHF 10,000.
The preliminary draft of the revised DPA (see Question 7) imposes fines of up to CHF 250,000 for the breach of the obligations set forth above and further obligations set forth in the DPA. Further, wilful breach of professional secrecy shall be punishable by imprisonment of up to three years or monetary penalty. This new sanction will not be limited to the usual bearers of professional secrets but extend to any profession for which protection of confidentiality is essential.
According to Article 42 of the Cyber Security Law, network operators shall not divulge, tamper with or damage the personal information they have collected, and shall not provide the personal information to others without the consent of the information subjects. Any network operators violating the Article 42 of the Cyber Security Law shall be fined no less than one time but no more than ten times of the illegal gains; where there is no illegal gain, the fine may be up to RMB 1,000,000.