Five questions for Christian Kunz (student CAS ETH in Cyber Security)
«Inspired by the best»: we are taking a closer look at what we claim to be: Christian Kunz, a student in the CAS ETH in Cyber Security, explains that the continuing education has bridged the gap between law, with whose system, possibilities and limitations he is familiar, and technology, in which he is fascinated but has no previous knowledge.
ETH School for Continuing Education: What is special about your work?
Christian Kunz: My work as a lawyer and partner at the law firm Bär & Karrer is varied and challenging. My specialisation in (among other things) data and technology law (including cyber security and cyber crime, data strategy and outsourcing) puts me in contact with high-calibre and highly motivated developers. Being able to contribute to their partially disruptive projects is exciting.
What, or who, has particularly inspired you at ETH up to now?
Enthusiasm for the subject, a sober approach, clarity and the will to get to the bottom of things inspire me. The informal atmosphere, the unpretentious behaviour and accessibility of world-famous researchers are exemplary. Because its students have different professional backgrounds, the discussions that arise during the CAS programme are also enriching.
external pageDr iur. Christian Kunz is Partner at Bär & Karrer AG. He has specialised in data, data protection and technology law, internal investigations, white-collar crime, Merger and Aquisitions and general corporate and commercial matters. He is currently attending the CAS ETH in Cyber Security at ETH Zürich.
What does attending a continuing education course at ETH Zurich mean to you?
Because I specialise in data and technology law, I have long wanted to extend my technical knowledge. The CAS ETH programme in Cyber Security was therefore a very good solution for me. The syllabus, which aims to impart the basics of cyber security but also encompasses cyber security topics relevant to practice, meets my needs. It was particularly important to me to acquire knowledge during the CAS programme which I could subsequently utilise in my daily work. The global renown of ETH Zurich and the quality of the education it offers were also decisive.
How will you be able to use the skills you have acquired in the CAS ETH programme in Cyber Security in your daily work, and for what purposes?
For me the CAS programme has bridged the gap between law, with whose system, possibilities and limitations I am familiar, and technology, in which I am fascinated but have no previous knowledge. In my view, to credibly advise clients on their legal data and technology issues requires basic technical understanding. For example, how can I advise a client to encrypt data before uploading it to the public cloud of a US tech giant unless I understand how encryption works? The CAS programme has enabled me to develop an understanding of this, and familiarised me with the language of technicians. It has thus made it possible for me to offer my clients better service.
How do you feel about the new data protection act, which will prospectively come into force in 2023? What improvements will it provide for internet users?
It is good that under the new data protection act data manipulation in the private sector will still be permitted if processing rules are adhered to, and that legal justification will only be required in exceptional cases. Here the act will continue to differ conceptually from the EU’s General Data Protection Regulation: under the latter, data manipulation is basically forbidden unless there is legal justification for it, e.g. the agreement of an affected person, the fulfilment of a contract or legal duties, or the rightful interests of the data processor.
What I consider problematic in the new act, however, is its introduction of the personal liability of employees for data protection offenses. Instead of punishing the firm (as the EU law does), in Switzerland individual employees can be punished in the future with fines of up to CHF 250,000 and a criminal record. This will make it harder for firms to find qualified employees (e.g. data protection managers). It is also a disadvantage for Switzerland as an innovation hub.
The requirement for more transparency in the new act is an improvement for internet users: with a few exceptions, an active obligation of disclosure will apply. The position of internet users will also improve in the area of automated individual decisions. However, if firms are already applying the EU standard today, the improvements provided by the new Swiss act for internet users will be marginal.
More information about the CAS ETH in Cyber Security.