Switzerland
| OVERVIEW | Although not a Member State of the European Union, Switzerland has adopted similar laws and has been held to provide “adequate protection” by the Euoropean Union. |
| ENACTED | 1992 |
| GENERAL PRIVACY LAWS |
Federal Act of 19 June 1992 on Data Protection (FADP) Ordinance of 14 June 1993 to the Federal Act on Data Protection |
| PERSONAL DATA PROTECTION LAWS AND REGULATIONS | Federal Act of 19 June 1992 on Data Protection (FADP) |
| TYPE OF DATA PROTECTED | Personal |
| WORKPLACE PRIVACY LAWS |
Section 328 of the Code of Obligations establishes the general conditions for workplace monitoring. The Federal Data Protection and Information Commissioner has issued a number of statements that appear to make the monitoring of email difficult, if not illegal. Unfortunately, the guidance documents issued by the Commissioner do not specifically state that monitoring in the workplace is illegal. Instead, the Commissioner has identified a number of measures that would be considered illegal and thus should be avoided by employers. Employers should have in place clear policies that set forth the proper uses of networks, emails, Internet and other electronic communications media. If monitoring is to take place, the employer should set forth the specific basis for monitoring, explain how and when monitoring will take place, and provide information to employees sufficient to enable to employee to understand his or her rights of access, etc. Where feasible, the employer should obtain an employee’s specific consent to monitoring. Monitoring should be tailored to target specific violations of policy – and where possible, immediate notice should be provided to the employee for suspected violations. In order to avoid privacy problems, employers should consider setting up employee e—mail accounts in such a manner as to designate that are for business purposes and to avoid the use of an employee’s name. The Swiss Data Protection Commissioner provides the following examples: hans.meier@companyname.ch or hans.meier@sales.companyname.ch (as possibly indicating personal use is permissible), on the one hand, and info@companyname.ch, sales@companyname.ch, or salesmanager@companyname.ch (as indicating business purposes only and thus avoiding privacy issues). The Commissioner has made the following statement: “Opening emails where there is uncertainty over their nature is not permitted, irrespective of whether private emails are allowed within a company or not.” 105 in such circumstances, an employer must consult with the employee to determine the nature of the communication. The Commissioner specifically states: “The name address should be used for purely personal business related correspondence (e.g., personal matters or personal messages.”) |
| TRANSBORDER TRANSFERS |
Article 6 of the FADP is the main provision that regulates the transborder transfer of personal data, together with the Ordinance to the Federal Act on Data Protection. Article 6 of the Act provides: “Personal data may not be disclosed abroad if the privacy of the data subject would be seriously endangered thereby, in particular due to the absence of legislation that guarantees adequate protection.” |
| FINES AND SANCTIONS | Civil and criminal sanctions. |
| OTHER PRIVACY LAWS AND REGULATIONS |
Registration is regulated by Article 6 of the FADP. Swiss bank secrecy is viewed as the strongest worldwide and is enshrined in Swiss law by the 1934 Swiss Banking Act Bank-client confidentiality protects privacy in accordance with the constitution and laws of Switzerland. Article 13 of the Swiss Federal Constitution confers on every person "the right to receive respect for his/her private and family life". This includes privacy in relation to financial income and assets. The Swiss banker’s professional duty of client confidentiality is codified in Article 47 of the Federal Act on Banks and Savings Banks. This article stipulates that anyone acting in his/her capacity as a member of a banking body, as a bank employee, etc., is not permitted to divulge information entrusted to him/her. The Swiss Banking Act of 1934 provides for criminal punishment against anyone who reveals private information about a Swiss bank or a Swiss bank account. Article 47 of the Swiss Banking Act provides for criminal sanctions (imprisonment for no longer than six months or a fine of not more than 50,000 Swiss francs) against anyone who divulges confidential information entrusted to them or of which they have become aware in their capacity as an officer or employee of a bank, and against anyone who tries to induce others to violate professional confidentiality. Protection of bank client information has many legal foundations in Switzerland. Privacy laws for Swiss bank accounts are specifically written into the Swiss Civil Code. |
