Page 1

235.1

Liechtenstein National Law Gazette
Born in 2002

No. 55

Issued May 8, 2002

Data Protection Act (DSG)
dated March 14, 2002

I grant the following resolution passed by the State Parliament
My consent:

I. General provisions

Art. 1
purpose
1) This law serves to protect the personality and the
Fundamental rights of persons about whom data are processed.
2) Through this law the directive 95/46 / EG of October 24th
About 1995 to protect natural persons in processing perso
n-related data and the free movement of data (EEA legal system
ment: Annex XI - 5e.01) implemented.

Art. 2
scope
1) This law applies to the processing of data natural and ju
ristic persons by:
a) private persons;
b) authorities.
2) This law also applies to all processing of data:
a) as part of the activities of a branch of the owner of the
Data collection is carried out in Liechtenstein;

1

Page 2

235.1

Data Protection Act (DSG)

b) carried out by a holder of the data collection to
is established in a place where Liechtenstein law applies
is reversible;
c) carried out by a holder of the data collection, who
is not established in the European Economic Area
and for the purpose of processing data on automated or
does not use automated means that occupy Liechtenstein
are, unless these funds are only for the purpose of transit
used by the territory of the European Economic Area
become. The owner of the data collection, regardless of his ver
responsibility to the data protection office, a representative in
To name Liechtenstein . 1
3) This law does not apply to:
a) Personal data that a natural person uses exclusively for personal
processed and not disclosed to outsiders;
b) deliberations in the state parliament and in commissions of the state parliament;
c) pending civil, criminal and mutual assistance proceedings as well as administrative proceedings
complaints procedure;
d) pending proceedings before the State Court of Justice;
e) the activities of the financial control of the country.
f) repealed 2
g) repealed 3
4) Deviating and supplementary provisions in other laws
remain reserved, provided they protect against unauthorized processing
of data within the meaning of this law.

Art. 3
Terms
1) For the purposes of this law:
a) "Personal data (data)": information that relates to a specific or
refer to identifiable person;
b) "data subjects": natural and legal persons as well
legal partnerships through which data is processed;

1 Art.

2 para. 2 let. c amended by LGBl. 2008 No. 273.

2 Art.

2 Para. 3 let. f repealed by LGBl. 2009 No. 46.

3 Art.

2 para. 3 let. g repealed by LGBl. 2009 No. 46.

2

Page 3

235.1

Data Protection Act (DSG)

c) "private persons": natural and legal persons as well as law
capable partnerships that are subject to private law;
d) "Authorities": organs of the state, municipalities and bodies
corporations, foundations and institutions under public law as well
Private insofar as they are in fulfillment of the public transferred to them
Tasks are active;
e) "particularly sensitive personal data": data on:
aa) the religious, ideological and political views or
Activities,
bb) health, privacy or race,
cc) social assistance measures,
dd) administrative or criminal prosecutions and sanctions;
f) "Personality Profile": a compilation of data that includes a
Assessment of essential aspects of the personality of a natural
Person allowed;
g) "Processing of personal data": any handling of personal data,
like obtaining, storing, using, remodeling, known
give, archive or destroy;
h) "Disclosure of personal data": making Per
personal data, such as granting access, passing on or publishing
lichen;
i) "data collection": any stock of personal data that is recorded in this way
it is essential that the data can be traced back to data subjects;
k) "Owner of the data collection (owner; person responsible)": private
Persons or authorities who are responsible for the purpose and content of a
Decide data collection;
l) "Recipient": the private person, public authority, agency or anybody
another body that receives data, regardless of whether it is one
Third party acts or not. Authorities working under an individual
Investigation request may receive data, but apply
not as a recipient;
m) "Consent of the data subject": any expression of will that
without compulsion, for the specific case and with knowledge of the facts
follows and with which the data subject accepts that data they
concern, to be processed.

3

Page 4

235.1

Data Protection Act (DSG)

n) "publicly accessible place": a place whose accessibility depends on
general characteristics that can be fulfilled by every person,
certainly. 1
2) Unless otherwise specified in this Act, are under
the masculine used in this Act to refer to a person
Conceptualized members of the female and male sex too
understand.

II. Use of data
A. Common provisions

Art. 4
Principles
1) Personal data may only be processed lawfully . 2
2) Your processing must and must be done in good faith
be proportionate.
3) Personal data may only be processed for the purpose that
was specified at the time of procurement or is required by law . 3
4) If the consent of be
required person, this consent is only valid if
it takes place voluntarily after appropriate information. When editing
of particularly sensitive personal data or personality pro
filing, the consent must be given expressly . 4th

Art. 5
Previous information
1) If data is obtained, the data subject is informed by the In
owner of the data collection at least the following information
to give, if you do not already have this:
1 Art.

3 let. n inserted by LGBl. 2009 No. 46.

2 Art.

4 para. 1 amended by LGBl. 2009 No. 46.

3 Art.

4 para. 3 amended by LGBl. 2009 No. 46.

4 Art.

4 para. 4 inserted by LGBl. 2009 No. 46.

4th

Page 5

235.1

Data Protection Act (DSG)

a) the identity of the holder;
b) the purpose of the processing.
2) The government can provide by ordinance that further In
information is to be given, provided that this takes into account the
specific circumstances under which the data are collected for a
Processing in good faith is necessary, such as:
a) the categories of data being processed;
b) the recipients or categories of recipients of the data;
c) the right to information and rectification.
3) If data was not collected from the data subject, then
the information in accordance with Paragraph 1 from the owner at the start of the storage
of the data or in the case of an intended transfer of the data to
To be given to third parties at the latest with the first announcement.
4) The above provisions apply, especially when processing
for statistical or historical or scientific purposes
research, no application if the information is concerned
is impossible for a person, requires disproportionate effort
or the storage or forwarding is expressly provided for by law
hen is.

Art. 6
Automated individual decisions
1) Decisions that are made exclusively on the basis of an automated
Processing of data for the purpose of evaluating individual aspects
a person, such as their professional capacity,
their creditworthiness, reliability or behavior
hen, ask if this has legal consequences and to a
significant impairment leads to an injury to personality
represent.
2) Decisions according to Paragraph 1 are admissible if they:
a) as part of the conclusion or performance of a contract
Request of the data subject or after their opportunity to
Opinion was granted; or
b) are permitted by law.

5

Page 6

235.1

Data Protection Act (DSG)

Art. 6a 1
Use of image transmission and image recording devices
publicly accessible places
1) The use of image transmission and recording equipment
in publicly accessible places (video surveillance) is only permitted,
as far as it is necessary:
a) for authorities to fulfill their legal duties;
b) to exercise house rules; or
c) to safeguard legitimate interests for specifically defined purposes
cke.
2) The processing of the data collected according to Paragraph 1 is only permitted,
if it is necessary to achieve the intended purpose and
there are no indications that the affected interests are worthy of protection
predominate. For any other purpose they are only allowed to
processed, as far as this is necessary:
a) to avert threats to state or public security
Ness;
b) to avert serious danger to life, limb, freedom or
Property; or
c) for the prosecution of criminal offenses and for the preservation of evidence.
In the case of sentence 2, the state police can announce the raised
request data.
3) The use of video surveillance must be carried out prior to installation
approved by the data protection office. From a permit
image transmissions are taken in real time without recording
or other further processing option. Against the decision
You can lodge a complaint about the authorization within 14 days with the
Data protection commission are charged. The government takes care of everything
here by prescription.
4) The fact of video surveillance and who is responsible
are to be made recognizable by means of suitable measures.
5) Are data collected by video surveillance of a certain
assigned to the th person, this is processed accordingly
Art. 5 para. 3 to notify.

1 Art.

6a inserted by LGBl. 2009 No. 46.

6th

Page 7

235.1

Data Protection Act (DSG)

6) The person responsible for the use of video surveillance has
all necessary measures to guarantee data security
hold true. Depending on the type of data being processed and the Um
catch and purpose of processing as well as taking into account the tech
niche possibilities and economic justifiability
put that:
a) the processing of the data properly and for a specific purpose
follows;
b) the data before accidental or unlawful destruction and before
Loss are protected; and
c) the data are not accessible to unauthorized persons.
The government regulates the details by ordinance.
7) The data are to be sent immediately, but no later than after 30 days
delete if:
a) they are no longer required to achieve the purpose; or
b) legitimate interests of the data subjects of another
Stand in the way of storage.

Art. 7
Correctness of the data
1) Anyone who processes personal data has to make sure that it is correct
make sure.
2) Every data subject can request that incorrect data be
be corrected.

Art. 8 1
Announcement abroad
1) Personal data may not be disclosed abroad,
if this seriously affects the personality of the persons concerned
would be endangered, in particular because there is no legislation that would allow one
adequate protection guaranteed. This does not apply in relation to EEA
Member States.

1 Art.

8 amended by LGBl. 2009 No. 46.

7th

Page 8

235.1

Data Protection Act (DSG)

2) There is no legislation that guarantees adequate protection
provides, personal data can only be disclosed abroad,
if:
a) the person responsible for processing provides sufficient guarantees
visibly of the protection of privacy, fundamental rights and the
Fundamental freedoms and the exercise of related rights, ins
special guaranteed by contractual clauses;
b) the data subject has given his / her consent in individual cases;
c) the processing in direct connection with the conclusion
or the fulfillment of a contract and it concerns personal data
of the contractual partner acts;
d) the announcement in individual cases either for the maintenance of an over
weighing public interest or for finding out
exercise or enforcement of legal claims in court
is venial;
e) the disclosure in individual cases is necessary to the life or the
protect the physical integrity of the data subject;
f) the data subject made the data generally accessible and
has not expressly prohibited processing; or
g) disclosure within the same legal person or company
or between legal persons or companies that
are subject to a uniform management, takes place, provided that the participation
uniform data protection rules are subject to which a
ensure measured protection.
3) The disclosure of data according to para. 2 let. a and g require one
Government approval. The data protection office issues a
Recommendation on whether the guarantees or uniform data protection regulations
lungs ensure adequate protection. The government regulates
the details by ordinance.
4) The adequacy of the level of protection is taken into account
assesses all circumstances involved in a data transfer or a
Category of data transfers are important; especially
can be the type of data, the intended purpose, the duration of the planned
th processing, the country of origin and the country of final destination that are required for the
relevant recipient legal norms as well as the applicable to him
ethical rules and safety measures are taken into account.
5) The government appoints based on resolutions of the community
the EEA Committee, the non-EEA Member States, their data
protection legislation has an appropriate level of protection, with ordinance
tion.

8th

Page 9

235.1

Data Protection Act (DSG)

Art. 9
Data security
1) Personal data must be provided with appropriate technical and organizational
systematic measures are protected against unauthorized processing.
2) The government shall issue more detailed provisions by ordinance
the minimum requirements for data security.

Art. 10
Data secrecy
Anyone who processes or has data processed has data from data
applications that he uses due to his occupation
have become trusted or have become accessible, without prejudice to others
statutory confidentiality obligations to keep secret, unless none
legally permissible reason for the transfer of the entrusted or
data that has become accessible exists.

Art. 11
right of providing information
1) Any person can obtain information from the owner of a data collection
request whether data about you will be processed. The government
sets a deadline by ordinance within which usually the exit
future is to be granted.
2) The owner of the data collection must inform her:
a) all data about them in the data collection and their
Origin;
b) the purpose and, if applicable, the legal basis of the processing
as well as the categories of the processed personal data, which was submitted to the
Collection parties involved and the data recipient;
c) the logical structure of the automated processing that concerns them
in the case of automated decisions in accordance with Art. 6;
and
d) depending on the case, the correction, destruction or blocking of data,
the processing of which does not comply with the provisions of this Act
speaks, especially if this data is incomplete or incorrect
are.

9

Page 10

235.1

Data Protection Act (DSG)

3) Data on health can be the owner of the data collection
notify the person concerned by a doctor designated by them
to let.
4) Does the owner of the data collection have personal data through a
Process third parties, he remains obliged to provide information. The third one is out
obliged to give notice if he does not disclose the owner or the latter does not
Domiciled in Germany.
5) The information is usually in writing, in the form of a printout
or a photocopy as well as free of charge. The government regulates
by regulation the exceptions. In particular, it can contribute to the costs
provision if the information requires excessive effort.
6) Nobody can waive the right to information in advance.

Restrictions on the right of access
Art. 12
a) in general
1) The owner of the data collection can refuse to provide information
restrict or postpone if:
a) a law provides for this;
b) an information block ordered by a court or an official
present; or
c) this is necessary due to the overriding interests of a third party.
2) An authority can also refuse or restrict the information
or postpone if:
a) this because of overriding public interests, in particular the
internal or external security of the country is required; or
b) the information for the purpose of a criminal investigation or another
Investigative procedure in question.
3) Private individuals as owners of a data collection can also opt out
Refuse, restrict or postpone the future, as far as your own prevails
Due interests require it and you do not pass the personal data on to third parties
announce.
4) The owner of the data collection must indicate from which
Reason he refuses, restricts or postpones the information.

10

Page 11

235.1

Data Protection Act (DSG)

Art. 13
b) for media professionals
1) The owner of a data collection that is used exclusively for the Ver
Publication in the editorial section of a periodically published Me
diums is used can refuse or restrict the information
or postpone if:
a) the personal data provide information about the sources of information;
b) an insight into drafts for publications would have to be given; or
c) the public's freedom of opinion would be jeopardized.
2) Media professionals can also refuse to provide information
restrict or postpone if they exclude data collection
Lich serves as a personal work tool.

Art. 14
Right to object
1) If the use of data is not provided for by law,
every person concerned has the right to object to the use of their data
Violation of overriding legitimate interests arising from his
special situation arise with the owner of the data collection against
to make a verdict.
2) In the case of a justified objection, the owner
no longer refer to this data.
3) If data is processed for direct marketing purposes, the
to inform the person concerned in advance (Art. 5) and what to do with them
additional free and immediately effective right of objection
point.

11

Page 12

235.1

Data Protection Act (DSG)

Art. 14a 1
Certification process
1) In order to improve data protection and data security, you can
the manufacturers of data processing systems or programs
as well as private persons or authorities who process personal data,

their products, systems, processes and their organization of a Bewer
by recognized independent certification bodies.
2) The government shall issue regulations on the Acc
Editing of certification procedures and the introduction of a Da
protection quality mark. It takes the international into account
Law and the internationally recognized technical standards.

Art. 15
Register of data collections
1) The data protection office keeps a register of the data collections,
which is particularly accessible via the Internet. Anyone can do it
View register . 2
2) The authorities must collect all data with the data
log in to the protection agency for registration . 3
3) Private persons, who are regularly particularly vulnerable persons
Edit personal data or personality profiles or enter personal data
Announce third parties, must register collections if:
a) there is no legal obligation for processing; or
b) the data subjects have no knowledge of it. 4th
3a) Collections of private persons to which Paragraph 3 does not apply
are to be registered, unless they are subject to an exception according to para. 6
fall. 5
4) Data collections must be registered before they can be opened
become.
5) The registration contains the following information:

1 Art.

14a inserted by LGBl. 2009 No. 46.

2 Art.

15 para. 1 amended by LGBl. 2004 No. 174 and LGBl. 2008 No. 273.

3 Art.

15 para. 2 amended by LGBl. 2008 No. 273.

4 Art.

15 para. 3 amended by LGBl. 2004 No. 174.

5 Art.

15 para. 3a inserted by LGBl. 2009 No. 46.

12th

Page 13

235.1

Data Protection Act (DSG)

a) Name and address of the owner of the data collection;
b) Name and full description of the data collection;
c) person with whom the right of access can be asserted;
d) purpose of data collection;
e) categories of processed personal data;
f) categories of data recipients;
g) categories of those involved in the data collection, i.e. third parties,
who enter data in the data collection and make changes to the
May undertake data;
h) a general description that enables a preliminary assessment
len whether the measures according to Art. 9 to ensure security
processing are appropriate.
6) The government regulates the details of the registration by ordinance
creation and updating of the data collections as well as the management
and the publication of the register. They can be for certain types
of data collections, exceptions to the reporting obligation or the register
Provide for guidance when editing the personality of the person concerned
Persons not endangered.

B. Processing of personal data by private persons

Art. 16
Personality violations
1) Anyone who processes personal data may use the personality of
do not unlawfully injure data subjects.
2) In particular, he may not without justification:
a) Personal data contrary to the principles of Art. 4, Art. 7 Paragraph 1,
Edit Art. 8 Paragraph 1 and Art. 9 Paragraph 1;
b) process data of a person against their express will;
c) particularly sensitive personal data or personality profiles
to edit.
3) As a rule, there is no violation of personality if the
data subject made the data generally accessible and a
Processing has not expressly prohibited.

13

Page 14

235.1

Data Protection Act (DSG)

Justifications
Art. 17
a) for personal data
1) A violation of personality when processing personal information
data is illegal if it is not justified by:
a) the consent of the injured party;
b) an overriding private or public interest; or
c) a law.
2) There is an overriding interest of the person carrying out the work
special consideration if these:
a) in direct connection with the degree or the Ab
Development of a contract personal data about your contractual partner
processed;
b) is in economic competition with another person or
wants to enter and for this purpose processes personal data without this
To disclose to third parties;
c) to check the creditworthiness of another person neither be
particularly sensitive personal data or personality profiles
processed and only discloses data to third parties that are necessary for the Ab
conclusion or the execution of a contract with the affected per
son need;
d) professional personal data exclusively for publication in
edited the editorial part of a periodically appearing medium;
e) Personal data for non-personal purposes, in particular
in research, planning and statistics, edited and the results
published in such a way that the data subjects cannot be identified
are;
f) processes data that are generally accessible ; 1
g) collects data on a public figure, provided that
the data relate to this person's work in public.

1 Art.

17 para. 2 let. f Amended by LGBl. 2009 No. 46.

14th

Page 15

235.1

Data Protection Act (DSG)

Art. 18
b) in the case of particularly sensitive personal data and
Personality profiles
A violation of personality when dealing with particularly
sensitive personal data and personality profiles is not
unlawful if:
a) a law expressly provides for it;
b) it is indispensable for a task clearly defined in a law
is;
c) the data subject gives his or her consent in individual cases or all of their data
made publicly available;
d) Processing to protect the vital interests of those affected
nen person or a third party is required, provided that the person is from
is unable to give her consent for physical or legal reasons
to give;
e) the processing is carried out by non-material associations, under the above
suspension that the processing is only limited to their members or
refers to persons who are related to their activity
maintain regular contact with her for the purpose and not the data
passed on to third parties without the consent of the persons concerned
become;
f) processing for assertion, exercise or defense
legal claims in court is required; or
g) the processing of the data for the purpose of health care, the
medical diagnostics, health care or treatment
or required for the administration of health services
is and is carried out by persons who have a professional
Subject to confidentiality.

Art. 19
Data processing on behalf
1) The processing of personal data can be delegated to a third party
if:
a) the client ensures that the data is only processed in such a way that
how he could do it himself; and
b) no statutory or contractual confidentiality obligation prohibits it.

15th

Page 16

235.1

Data Protection Act (DSG)

2) The third party is subject to the same obligations and can have the same rights
assert manufacturing reasons like the client.
3) For the purpose of preserving evidence, the data protection relevant
Elements of the contract and the requirements relating to measures
to be documented in writing or in another form in accordance with Paragraphs 1 and 2
ren.

Art. 19a 1
Anonymization and destruction of personal data
1) Private persons have to anonymize or to anonymize personal data
destroy if these are necessary for the achievement of the purposes for which they bear
are no longer needed.
2) Anonymization or destruction can be omitted if
the personal data beyond the original processing for histori
for statistical or scientific purposes
should. In this case, the owner has through appropriate technical and
organizational measures the secure storage of personal files
to ensure. The government regulates the details by ordinance.

C. Processing of personal data by authorities

Art. 20
Responsible authority
1) The authority responsible for data protection is the one which is responsible for the in
Processing of personal data in order to fulfill their legal duties
edit.
2) Authorities process personal data together with other Be
Heard or with private parties, the government may take responsibility for
regulate data protection in particular.

1 Art.

19a inserted by LGBl. 2009 No. 46.

16

Page 17

235.1

Data Protection Act (DSG)

Art. 21
Legal bases
1) Authorities may process personal data if there is a law for this
lich basis exists.
2) Particularly sensitive personal data and personality
Profiles are only allowed to be edited if a law expressly prescribes it
sees or if, as an exception:
a) it is indispensable for a task clearly defined in a law
is;
b) the government approves it in individual cases because the rights of the affected
people are not at risk; or 1
c) the data subject has consented in individual cases or their data
are generally accessible and processing has not been prohibited . 2

Art. 22
Obtaining personal data
1) In the case of systematic surveys, in particular with questionnaires, there are
the authority the purpose and legal basis of the processing, the
Categories of those involved in the data collection and the data temp
known catcher.
2) The procurement of particularly sensitive personal data
as well as personality profiles must be for the individuals concerned
be recognizable.

Art. 23
Disclosure of personal data
1) Authorities may disclose personal data if this is legal
There are foundations within the meaning of Art. 21 or if:
a) the data for the recipient in individual cases to fulfill his ge
are indispensable for a legal task;
b) the person concerned has consented in individual cases or the consent
depending on the circumstances;

1 Art.

21 para. 2 let. b Amended by LGBl. 2009 No. 46.

2 Art.

21 para. 2 let. c amended by LGBl. 2009 No. 46.

17th

Page 18

235.1

Data Protection Act (DSG)

c) the data of the data subject is generally accessible; or 1
d) the recipient demonstrates that the person concerned has received the A
Consent denied or the disclosure is blocked in order to allow him to pass through
establishment of legal claims or the perception of others
to deny legitimate interests; the person concerned is
to give an opportunity to comment beforehand, if possible.
2) Authorities may on request surname, first name, address and ge
Also announce the date of birth of a person if the requirements
of Paragraph 1 are not fulfilled.
3) Authorities may access personal data through a retrieval process
make accessible if this is expressly provided for. Especially
sensitive personal data and personality profiles are only allowed
be made available by a retrieval process if a law
this expressly provides.
4) The authority rejects the disclosure, restricts or ver
binds them with conditions if:
a) essential public interests or clearly worthy of protection
Interests of a data subject request it; or
b) statutory confidentiality obligations or special data protection
regulations require it.

Art. 24
Blocking of the announcement
1) A data subject who credibly has a legitimate interest
makes, can demand of the responsible authority that they the
Blocks disclosure of certain personal data.
2) The authority refuses to block or lifts it if:
a) there is a legal obligation to disclose; or
b) the fulfillment of their task would otherwise be jeopardized.

1 Art.

23 para. 1 let. c amended by LGBl. 2009 No. 46.

18th

Page 19

235.1

Data Protection Act (DSG)

Art. 25 1
Archiving and destruction of personal data
1) The authorities bid in accordance with the Archives Act
give the state archive all personal data that you no longer need.
2) The authorities destroy the personal data stored by the state archive
were designated as not worthy of archiving, unless they:
a) are anonymized;
b) must be retained for evidence or security purposes.

Art. 26
Processing for research, planning and statistics
1) Personal data may be used for non-personal purposes, esp
be processed especially for research, planning and statistics if:
a) the data will be anonymized as soon as there is the purpose of processing
allowed;
b) the recipient will only forward the data with the consent of the owner
gives; and
c) the results are published in such a way that the persons concerned
are not determinable.
2) He does not have to meet the requirements of the following provisions
be filled:
a) Art. 4 Para. 3 on the purpose of processing;
b) Articles 18 and 21 on the legal basis for processing
particularly sensitive data and personality profiles; as
c) Art. 23 para. 1 on the disclosure of personal data.

Art. 27
Activities of public authorities under private law
1) If an authority acts under private law, the provisions apply
for the processing of personal data by private persons.
2) The supervision is based on the provisions for authorities.

1 Art.

25 amended by LGBl. 2009 No. 46.

19th

Page 20

235.1

Data Protection Act (DSG)

III. Data protection office and data protection commission 1
A. Data protection office 2

Art. 28 3
Establishment and legal status
1) A data protection office will be set up that organizes the
Landtag is assigned.
2) The data protection office consists of the data protection officer
as head and the rest of the staff.
3) The data protection office is in the process of fulfilling the duties assigned to it
Tasks independent and not bound by any instructions.
4) The data protection agency concludes an agreement with the government
about the organization and administrative business.

Art. 28a 4
Data protection officer
1) The state parliament elects the data protection officer on the proposal of the
Government and after consulting the Audit Committee for
a term of office of eight years. Re-election is possible.
2) The data protection officer may neither the state parliament, the director
tion, a court or an administrative authority still belong to the
Function of a community leader or a community council
exercise in the Liechtenstein community. With his appointment he leaves
from such offices.
3) The state parliament can appoint the data protection officer in the event of severe
gender breach of duty, behavior damaging the country's reputation
ten or for other important reasons before the end of the term of office
Government hearing recalled.

1 Heading

before Art. 28 amended by LGBl. 2008 No. 273.

2 Heading

before Art. 28 amended by LGBl. 2008 No. 273.

3 Art.

28 amended by LGBl. 2008 No. 273.

4 Art.

28a inserted by LGBl. 2008 No. 273.

20th

Page 21

235.1

Data Protection Act (DSG)

4) The data protection officer issues after hearing the business
the examination board, an organizational set of rules.
5) In addition, the state person can be found on the data protection officer
salary law, the salary law and the law on pension insurance
security for state personnel apply mutatis mutandis.

Art. 28b 1
Other staff
1) The government is responsible for the rest of the staff of the data protection agency
in agreement with the data protection officer within the framework of the
prepared by the state parliament approved estimate; Art. 28a para. 2 takes place
by analogy application.
2) For decisions under personnel law that the other staff of Da
protection agency are responsible:
a) the data protection officer, as far as matters are concerned
delt, which according to the state personnel legislation to the head of the office
have been assigned to be dealt with independently;
b) the government in agreement with the data protection officer in
all other cases.
3) Otherwise applies to the employment relationship of the other staff
the data protection office the State Personnel Act, the Salary Act and
the law on pension insurance for state employees
according to application.

Art. 28c 2
Estimation and accounting
1) The data protection office submits the draft of its annual advance
schlags after its preliminary consultation by the business audit committee
to the government. This leads him unchanged to the treatment and
Resolutions passed on to the state parliament.
2) The data protection office keeps its own account. The law
The assessment is carried out on behalf of the Audit Commission by the
Audited financial control within the meaning of their legal powers.

1 Art.

28b inserted by LGBl. 2008 No. 273.

2 Art.

28c inserted by LGBl. 2008 No. 273.

21

Page 22

235.1

Data Protection Act (DSG)

Art. 29
Supervision of authorities
1) The data protection office monitors the application of the provisions
of this Act and the other data protection regulations by the
Authorities. The government is exempt from this supervision . 1
2) It clarifies the facts of its own accord or upon notification of third parties
closer . 2
3) During the investigation, the data protection office can request files
information, data processing and demonstration.
The authorities must help establish the facts.
The right to refuse to testify according to Section 108 of the Code of Criminal Procedure applies
analogous. 3
4) If the clarification reveals that data protection regulations are being violated,
the data protection office recommends to the responsible authority that
Edit to change or omit. It guides the government
about their recommendation. 4th
5) If a recommendation is not followed or rejected, it can
Submit the matter to the data protection commission for decision.
The affected person is informed of the decision. The data protection
body is entitled to object to the decision of the data protection commission
To make a complaint. 5

Art. 30
Clarifications and recommendations in the area of ​private law
1) The data protection office clarifies of its own accord or upon notification of third parties
further clarify the facts if: 6
a) Editing methods are appropriate to the personality of an or
injuring several people ; 7th
b) data files must be registered (Art. 15);

1 Art.

29 para. 1 amended by LGBl. 2008 No. 273.

2 Art.

29 para. 2 amended by LGBl. 2008 No. 273.

3 Art.

29 para. 3 amended by LGBl. 2008 No. 273.

4 Art.

29 para. 4 amended by LGBl. 2008 No. 273.

5 Art.

29 para. 5 amended by LGBl. 2008 No. 273.

6 Art.

30 para. 1 introductory sentence amended by LGBl. 2008 No. 273.

7 Art.

30 para. 1 let. a amended by LGBl. 2009 No. 46.

22nd

Page 23

235.1

Data Protection Act (DSG)

c) Notices abroad must be reported (Art. 8).
2) During the investigation, she can request files and information
and have data processing demonstrated. The certificate ver
The right to refuse according to Section 108 of the Code of Criminal Procedure applies mutatis mutandis. 1
3) The data protection office can recommend on the basis of its clarifications
len to change or refrain from editing . 2
4) If such a recommendation by the data protection agency is not followed
or rejected, it can raise the matter of the data protection commission
Submit sion for decision. She is entitled to object to the decision of
To make a complaint to the data protection commission . 3

Art. 31
Reporting; information
1) The data protection office reimburses the state parliament and the government
an annual activity report in which they are informed about the scope and the
Main focus of their work as well as about findings and recommendations
and their implementation. The report is published. 4th
2) In cases of general interest, the data protection office can
Inform the public about their findings and recommendations.
She is only allowed to share personal data that is subject to official secrecy
Publish the approval of the competent authority. Denied this
the consent, the data protection commission makes a final decision. 5

Art. 32
Further tasks
1) The data protection office includes the following additional information in particular
were true:
a) it supports private persons and authorities through general orien
tings and individual advice;

1 Art.

30 para. 2 amended by LGBl. 2008 No. 273.

2 Art.

30 para. 3 amended by LGBl. 2008 No. 273.

3 Art.

30 para. 4 amended by LGBl. 2008 No. 273.

4 Art.

31 para. 1 amended by LGBl. 2008 No. 273.

5 Art.

31 para. 2 amended by LGBl. 2008 No. 273.

23

Page 24

235.1

Data Protection Act (DSG)

b) it is sufficient in pending proceedings upon request of decisive ones
Organs or appellate authorities statements on data protection
ask a;
c) it assesses the extent to which the data protection legislation abroad
ensures adequate protection ; 1
d) it gives its opinion on templates and decrees that are relevant for the data
protection are significant and in particular checks their compliance
compliance with the provisions of Directive 95/46 / EC;
e) it works with domestic and foreign data protection authorities;
f) it represents the Principality of Liechtenstein in the data protection group
in accordance with Art. 29 of Directive 95/46 / EC; 2
g) it checks the guarantees and data reported to it in accordance with Art. 8 Paragraph 3
protection rules; 3
h) it examines the certification procedure according to Art. 14a and can do so
Submit declarations in accordance with Art. 29 Paragraph 4 or Art. 30 Paragraph 3. your
can also be assigned the tasks of an accreditation body
become. 4th
2) You can also advise authorities if this law is in accordance with
Art. 2 para. 3 let. c to f is not applicable. You can get her insight into
grant their business . 5

B. Data Protection Commission

Art. 33
Data Protection Commission
1) The data protection commission consists of three members who are to
elected together with two substitute members by the state parliament for four years
become. The state parliament appoints the chairman and his deputy.
2) The members of the data protection commission are subject to the Be
provisions of the law on general state administrative law
care (LVG) about recusal, responsibility and prohibition of the report

1 Art.

32 para. 1 let. c amended by LGBl. 2009 No. 46.

2 Art.

32 para. 1 amended by LGBl. 2008 No. 273.

3 Art.

32 para. 1 let. g inserted by LGBl. 2009 No. 46.

4 Art.

32 para. 1 let. h inserted by LGBl. 2009 No. 46.

5 Art.

32 para. 2 amended by LGBl. 2008 No. 273.

24

Page 25

235.1

Data Protection Act (DSG)

least. They take the oath of office before taking office in the government
to discard.

Art. 34
tasks
The data protection commission decides on:
a) Recommendations of the data protection office that are submitted to it (Art.
29 para. 5; Art. 30 Para. 4); 1
b) Complaints against rulings by authorities on data protection issues;
exceptions are those of the government;
c) Complaints against decisions of the data protection office according to Art. 6a
Paragraph 3. 2

Art. 35
Provisional injunctions
1) The chairman can at the request of a party or the data
protection agency make those injunctions that are necessary
appear to regulate an existing condition for the time being
or to ensure threatened legal relationships . 3
2) There is no appeal against the injunction
suspensive effect.
3) Decide on complaints against the chairman's orders
the data protection commission. The deadline for filing a complaint is 14 days.

Art. 36 4
compensation
The members of the data protection commission are responsible for their work
in accordance with the provisions of the law on the remuneration of members
the government, the courts and the commissions.

1 Art.

34 let. a amended by LGBl. 2008 No. 273.

2 Art.

34 let. c inserted by LGBl. 2009 No. 46.

3 Art.

35 para. 1 amended by LGBl. 2008 No. 273.

4 Art.

36 amended by LGBl. 2009 No. 380.

25th

Page 26

235.1

Data Protection Act (DSG)

IV. Legal protection
A. Processing of personal data by private individuals

Art. 37
Legal Claims and Procedures
1) For lawsuits and injunctions (protective measures)
Articles 39 to 41 of the Personaland corporate law. In particular, the plaintiff can demand that
the personal data are corrected or destroyed or that their be
disclosure to third parties is blocked.
2) Can neither the correctness nor the incorrectness of persons
data are presented, the plaintiff can demand that with the data
a corresponding note is made.
3) He can demand that the correction, destruction, blocking, the
Notification of the dispute or the judgment communicated to third parties or
is published.
4) For actions to enforce the right to information, the end
dispute application. 1

B. Processing of personal data by authorities

Art. 38
Claims and proceedings
1) Anyone who has an interest worthy of protection can rely on the
authorities require that they:
a) fails to unlawfully process personal data;
b) eliminates the consequences of unlawful processing;
c) establishes the unlawfulness of the processing.

1 Art.

37 para. 4 amended by LGBl. 2010 No. 454.

26

Page 27

235.1

Data Protection Act (DSG)

2) Can neither the correctness nor the incorrectness of persons
data are presented, the authority must provide an ent
Attach a speaking note.
3) In particular, the applicant may request that the authority:
a) Corrected, destroyed or disclosed personal data to third parties
locks;
b) their decision, namely the correction, destruction, blocking
or notifies or publishes the note about the disputes to third parties
public.
4) The procedure is based on the law on general
State administration maintenance (LVG).
5) Decisions and orders by authorities can be made within
14 days from delivery with a complaint to the data protection commission
be challenged. Against decisions of the data protection commission
can lodge a complaint with the administrative authority within 14 days of delivery
be submitted to the court of justice. 1
6) Decisions by the government can be rejected within 14 days
Service Complaint filed with the Administrative Court who
the. 2

1 Art.

38 para. 5 amended by LGBl. 2004 No. 33.

2 Art.

38 para. 6 amended by LGBl. 2004 No. 33.

27

Page 28

235.1

Data Protection Act (DSG)

V. Penal provisions

Art. 39
Unauthorized acquisition of personal data
Anyone who has unauthorized access to particularly sensitive personal data that is not released
are accessible, obtained from a data collection, is available on request
of the injured by the district court for offense with imprisonment up to
to a year or a fine of up to 360 daily rates.

Art. 40
Violation of information, information, reporting and
Duty to cooperate
1) Private persons who fulfill their obligations according to Art. 5 and 11 to 13
hurt by deliberately making a false or an incomplete
Giving information will be given by the district court at the request of the injured party
for violation with a fine of up to 20,000 francs, if not collected
possibility trap up to three months imprisonment, punished. 1
2) Anyone who, as a private person, willfully:
a) does not report data collections according to Art. 15 or when reporting
makes false statements ; 2
b) the data protection office when clarifying a matter (Art. 30)
provides false information or refuses to cooperate ; 3
c) Data known abroad without authorization in accordance with Art. 8 Paragraph 3
gives. 4th

Art. 41
Breach of data secrecy
1) Anyone who willfully secret, particularly sensitive personal data
or unauthorized disclosure of personality profiles of which he is involved in the
Exercising his profession, which requires knowledge of such data, he

1 Art.

40 para. 1 amended by LGBl. 2009 No. 46.

2 Art.

40 para. 2 let. a amended by LGBl. 2009 No. 46.

3 Art.

40 para. 2 let. b Amended by LGBl. 2008 No. 273.

4 Art.

40 para. 2 let. c inserted by LGBl. 2009 No. 46.

28

Page 29

235.1

Data Protection Act (DSG)

has to drive is at the request of the injured party by the district court
Offense with imprisonment of up to one year or a fine of up to
Punish 360 daily rates.
2) Anyone who deliberately protects secret, must also be punished
sensitive personal data or personality profiles known without authorization
there of which he is in his work for the confidentiality officer
or learned from them during their training.
3) The unauthorized disclosure of secret, particularly worthy of protection
Personal data or personality profiles is also available after the termination of the
Practice or training is punishable by law.

VI. Transitional and final provisions

Art. 42
Implementing regulations
1) The government issues the necessary for the implementation of this law
applicable ordinances, in particular on:
a) Exceptions in accordance with Art. 11 Paragraph 5 on information and Art. 21
Paragraph 2 let. b about the processing of particularly sensitive persons
personal data and personality profiles;
b) Categories of data collections, which a processing order
need;
c) Conditions under which an authority processes personal data
let a third party edit it or edit it for a third party;
d) the disclosure of data in Art. 23 (2) and the retrieval procedure
according to Art. 23 Para. 3;
e) the use of means of identification of persons;
f) data security.
2) It can be used for the provision of information by diplomatic and con
Sular representations of the Principality of Liechtenstein abroad From
provide for deviations from Articles 12 and 13.
3) It regulates how data collections are to be secured, their data in
War or crisis poses a threat to life and limb of
affected people.

29

Page 30

235.1

Data Protection Act (DSG)

Art. 43
Processing of personal data in special areas of
Fight against crime and in the field of state security
1) For the processing of personal data to combat the terroir
rism, violent extremism, organized crime
and the prohibited intelligence service as well as to ensure the
State security can be the government until the entry into force of a
Law that regulates these areas:
a) Exceptions to the provisions on the purpose of processing
(Art. 4 Para. 3), the disclosure of data abroad (Art. 8), the Mel
duty and registration (Art. 15) as well as the procurement of
Provide for personal data (Art. 22);
b) the processing of particularly sensitive personal data and
Approve personality profiles, even if the requirements
of Art. 21 Paragraph 2 are not fulfilled.
2) Voting, petition and statistical secrecy remain unaffected
preserve.
3) The government decides after hearing the data protection authority
in place of the data protection commission or its chairman. Against
Government decisions can be made within 14 days of delivery
Complaint can be submitted to the Administrative Court . 1

Art. 44
Transitional provisions
1) The owners of data collections must have existing data
Collections that are to be registered in accordance with Art. 15, no later than one year
register after the entry into force of this Act.
2) You must do so within one year of the entry into force of this Act
take the necessary precautions so that they can post the information
Art. 11 can grant.
3) Holders of data collections are allowed to use an existing data
Collection with particularly sensitive data or with personal
Use the job profile until August 1, 2007 without the prior
The suspensions of Art. 18 and 21 are fulfilled. 2

1 Art.

43 para. 3 amended by LGBl. 2004 No. 33 and LGBl. 2008 No. 273.

2 Art.

44 para. 3 amended by LGBl. 2004 No. 174.

30th

Page 31

235.1

Data Protection Act (DSG)

Art. 45
Come into effect
1) Subject to Paragraph 2, this Act comes into force on August 1, 2002.
2) Articles 28 and 33 come into force on the day of publication.

signed Hans-Adam

signed Otmar Hasler
Princely Prime Minister

31

Page 33
32

235.1

Transitional provisions

Transitional provisions

235.1 Data Protection Act (DSG)

33

Page 34

235.1

Transitional provisions

Liechtenstein National Law Gazette
Born in 2008

No. 273

issued on November 14, 2008

law
dated September 17, 2008

on the amendment of the Data Protection Act

...

III.
Transitional provisions
1) The previous data protection officer takes over at the time
the entry into force 1 of this Act the management of the data protection office and
performs this function until December 31, 2016. Before this expires
The state parliament elects the data protection officer according to the term of office
issue of Art. 28a.
2) Existing employment relationships of the other staff remain
Entry into force of this law continues.

...

1 Entry

into force: January 1, 2008.

34

Page 35

235.1

Data Protection Act (DSG)

Liechtenstein National Law Gazette
Born in 2009

No. 46

Issued January 29, 2009

law
dated December 11, 2008

on the amendment of the Data Protection Act

...

II.
Transitional provision
For already existing video surveillance is immediate, late
at least, however, within six months after entry into force 1 of this Ge
Act to obtain a permit in accordance with Art. 6a Paragraph 3.

...

1 Entry

into force: July 1, 2009.

35

