By decision of 6 October 2015 the Court of Justice of the European Union (CJEU) declares that the European Commission’s Decision of 26 July 2000 finding that, under the US-EU Safe Harbor Framework, the USA ensures an adequate level of protection of the personal data transferred, is invalid (Judgement C-362/14). [more]
On 1 April 2015 the Swiss Federal Council decided to undertake a revision of the Federal Act on Data Protection (DPA) and instructed the Federal Department of Justice and Police to submit a preliminary draft for a revision by the end of August 2016 at the latest. [more]
On 12 January 2015, the Swiss Federal Supreme Court found in favour of two employees of a Swiss bank and laid the obligation on the bank to provide the employees with copies of all documents that have been transferred to the US Department of Justice (DoJ) in April 2012 containing their personal data (4A_405/2014; 4A_408/2014; official publication is foreseen). [more]
On 4 December 2014, an employee of a Swiss bank obtained an ex-parte preliminary injunction prohibiting the transfer of his/her personal data to US authorities. The preliminary injunction was granted by the District Court of Zurich. [more]
Some weeks ago, ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) published the new standard ISO/IEC 27018:2014 (ISO 27018) regarding data privacy in the cloud. It provides for a many-faceted protection of personally identifiable information (PII) being processed in public clouds. This new standard is specifically directed at cloud services providers. [more]
On July 24, 2014, an employee of a Swiss bank obtained an ex-parte preliminary injunction prohibiting the transfer of personal data to US authorities. The preliminary injunction was granted by the District Court of Horgen (Zurich). The preliminary injunction was published for the first time in October 2014. [more]
In a data protection dispute, the Swiss Federal Supreme Court held that the claimant (a Swiss bank) in a second instance proceeding before the Zurich Court of Appeal (see news) was not given an adequate opportunity to be heard and thus the second instance decision violated principles of due process (see decision of the Swiss Federal Supreme Court, BGer 4A_215/2014). The Swiss Federal Supreme Court remanded the decision to the Zurich Court of Appeal. [more]
According to a recent decision of the EU Court of Justice (case C-131/12, dated 13 May 2014), individuals have a «right to be forgotten» under the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (EU Directive). [more]
The Zurich Court of Appeal upheld the first instance decision that a Swiss bank is obliged to provide its former employee with copies of documents containing his personal data, which had been transferred to US authorities (see decision of Zurich Court of Appeal, case no. LB130059-O/U; decision of Zurich Court of First Instance, case no. CG120124-L/U). [more]
In December 2013, the Cantonal Court of Geneva confirmed the first instance decision prohibiting the transfer of a bank employee’s data to US authorities (see news). The court held that employees of Swiss banks may (still) face criminal charges and may be kept in detention on American soil for interrogation. Accordingly, the court ruled that the interests of the employee take precedence over those of the bank. However, the court‘s decision is not yet final and the bank may file an appeal against the judgement with the Swiss Federal Supreme Court. [more]
On 11 January 2013, an employee of a Swiss bank obtained an ex-parte interim measure prohibiting the transfer of personal data to US authorities. The interim measure was confirmed by the Geneva Court of First Instance on 21 June 2013. [more]
On 17 January 2013, the Swiss Federal Supreme Court decided that the termination notice served by an employer was invalid (BGE 139 II 7). The employer terminated the employment contract because the employee used the company computer (e-mail and internet) for private purposes during working hours. To confirm the suspected misuse of the computer, the employer used a programme to monitor the use of e-mail and internet by the suspected employee. The monitoring revealed that the employee spent a considerable part of his working hours for not work-related purposes. [more]
In the past, it was a common understanding that the “U.S.-Swiss Safe Harbor Framework” only covers the disclosure and transfer of personal data pertaining to individuals and not pertaining to legal entities (see news). [more]
On 30 March 2011, the Swiss Federal Administrative Court ruled on a claim submitted by the Federal Data Protection and Information Commissioner (FDPIC) against Google regarding Google Street View. In particular, the Administrative Court determined that all faces and licence plates must be rendered completely unrecognisable prior to the pictures being put online (for details, see the News dated 05.05.2011). [more]
(Safe Harbor: Globaler Datenumschlagplatz?) [more]
On March 30th, 2011, the Federal Administrative Court ruled on the Google Street View case. The court held that Swiss data protection law is applicable to Google Street View. The court ruled that Google violated the principles of legitimacy, proportionality, purposefulness, and transparency without the consent of the persons concerned, and that the violation was not legitimised by an overriding public or private interest. It further held that Google’s private economic interest in providing its services does not prevail over the importance of the privacy interest being breached. [more]
As previously mentioned (see News dated 30 November 2010), the Swiss Federal Supreme Court held, in a decision dated 8 September 2010, that collecting dynamic IP addresses of persons uploading copyright-protected works and then forwarding those addresses to copyright holders so as to enable them to enforce their rights constitutes an unlawful and unjustifiable breach of the privacy of the persons concerned. [more]
Logistep AG had been extracting the dynamic IP addresses of persons uploading copyright-protected works to P2P networks and then forwarding those addresses to the relevant copyright holders in order to allow them to identify the persons using the IP addresses by filing criminal complaints against “unknown” persons. [more]
On October 14th, 2009 Google rejected large parts of the recommendation of the Federal Data Protection and Information Commissioner (FDPIC) regarding Street View. Google only agreed to refrain from posting additional pictures until the end of 2009. [more]
As in other countries, Google launched its Google Street View service in Switzerland in August 2009. This service allows an online virtual tour of parts of Switzerland. In order to create this service, Google has used specially equipped vehicles to take pictures of specific streets or houses and approximately 20 million pictures are now online. Google uses software which automatically blurs faces and licence plates of vehicles in order to render them unrecognizable before putting them online. Because this process is not 100% effective, faces and licence plates which are still recognizable can be notified to Google or the removal of the pictures can be requested. [more]
Personal data may only be disclosed or transferred from Switzerland to a recipient in the U.S.A. if an exception specified by Art. 6 para. 2 of the Swiss Data Protection Act (DPA) applies because neither U.S. federal law nor the laws of any U.S. state are considered under Swiss law to guarantee an adequate level of data protection. If none of the other exceptions set out in Art. 6 para. 2 DPA are available, the data exporter needs to enter into a specific cross-border data transfer agreement with the recipient in the U.S.A. and notify the Federal Data Protection and Information Officer about it. These requirements are cumbersome and have often been disregarded despite the risk of sanctions. [more]

Excerpt from Copyright Walder Wyss Ltd., Zurich, Switzerland
This excerpt provides general information which may not be current or complete. It is not made available for the purpose of providing legal advice and it should not be relied upon as legal advice. Before taking any action with regard to the matters discussed in this excerpt, advice specifically addressing the applicable facts and circumstances should be obtained.