Swiss Data Protection Commissioner Criticizes Leadership Cultures in Digital Megaprojects: Systemic Risks Are Being Ignored

Summary

The Federal Data Protection and Public Access Commissioner (EDÖB) published its 2025/26 activity report and criticizes leadership cultures in the federal administration that overlook systemic data protection risks in digital megaprojects. In the reporting period, over 2,000 reports of possible data protection violations were received; the EDÖB intervened 156 times and conducted 9 investigations. A milestone was the first legally binding judgment on October 6, 2025, which confirmed the EDÖB's enforcement practice. In parallel, the authority warns of an erosion of the public access principle: the number of exemptions has risen to 13, with a further 11 planned.

Persons

• EDÖB (Federal Data Protection and Public Access Commissioner) (Swiss authority for data protection and transparency)

Topics

• Data protection and data security
• Digital megaprojects of the federal administration
• Public access principle and transparency
• Artificial intelligence in public administration

Clarus Lead

The EDÖB's criticism targets a structural weakness: while the federal administration addresses information security risks (data breaches, unauthorized access), it ignores the larger systemic problem – the surveillance and control potential that arises from processing ever-larger, complexly interconnected citizen datasets. This endangers the legitimacy of digital transformation. At the same time, a growing number of exemptions weakens the public access principle, which after 20 years was considered established – a paradigm shift that is now being reversed.

Detailed Summary

The EDÖB documents a dual problem in its report: on one hand, the 156 interventions and confirmation of its enforcement practice by the Federal Administrative Court (October 2025) demonstrate functioning control mechanisms for concrete data protection violations. On the other hand, governance gaps are revealed: federal agencies differ significantly in their willingness to transparently disclose systemic risks – depending on their leadership culture.

In the course of 306 agency consultations, the EDÖB monitored central digitalization projects such as electronic legal communication in courts and social insurance, the police query platform, electronic postal services, AGOV, and the e-ID. The problem: while information security (technical controls) is handled routinely, the societal risk of mass surveillance through data fusion remains underexposed.

Regarding the public access principle, a concerning trend is evident. While access requests have more than tripled over ten years and the refusal rate stabilized at approximately 10 percent – a success of the paradigm shift introduced in 2004 – agency heads increasingly use legislative reforms to exempt their documents from access rights. The 13 existing exemptions and 11 planned additional exceptions point to a creeping renormalization of lack of transparency.

Key Findings

• Systemic risks are overlooked: Federal agencies focus on technical security but ignore the surveillance and control potential of larger data fusions.
• Leadership culture is decisive: the willingness to communicate risks transparently varies greatly depending on agency leadership.
• Public access principle is eroding: After 20 years of successful establishment, agencies are using legislative projects to circumvent transparency obligations.

Critical Questions

1. Evidence/Data Quality: How does the EDÖB concretely define "systemic surveillance and control potential" in measurable terms, and what indicators does it use for assessment in the 306 agency consultations?

2. Conflicts of Interest: What incentives lead agency heads to deliberately incorporate exemptions in legislative reforms – resource conservation, political control, or protection of sensitive processes?

3. Causality/Alternatives: Can the increasing number of exemptions (13 existing, 11 planned) be traced back to specific federal agencies or policy areas, or is this a widespread phenomenon?

4. Feasibility/Risks: How can the EDÖB, without enforcement power (except in individual cases such as criminal charges against a private company), actually change leadership cultures in the federal administration?

5. Source Validity: Is the criticism of "leadership cultures" based on systematic interviews or on observations from individual project consultations?

References

Primary Source: 33rd Activity Report 2025/2026 of the EDÖB – Federal Data Protection and Public Access Commissioner, Bern, 30.06.2026

Verification Status: ✓ 30.06.2026

This text was created with the assistance of an AI model. Editorial Responsibility: clarus.news | Fact-Check: 30.06.2026