On 11 January 2013, an employee of a Swiss bank obtained an ex-parte interim measure prohibiting the transfer of personal data to US authorities which was confirmed by the court of first instance on 21 June 2013. [more]
On 17 January 2013, the Swiss Federal Supreme Court decided that the termination notice served by an employer was invalid (BGE 139 II 7). The employer terminated the employment contract because the employee used the company computer (e-mail and internet) for private purposes during working hours. To confirm the suspected misuse of the computer, the employer used a programme to monitor the use of e-mail and internet by the suspected employee. The monitoring revealed that the employee spent a considerable part of his working hours for not work-related purposes. [more]
In the past, it was a common understanding that the “U.S.-Swiss Safe Harbor Framework” only covers the disclosure and transfer of personal data pertaining to individuals and not pertaining to legal entities (see news
On 30 March 2011, the Swiss Federal Administrative Court ruled on a claim submitted by the Federal Data Protection and Information Commissioner (FDPIC) against Google regarding Google Street View. In particular, the Administrative Court determined that all faces and licence plates must be rendered completely unrecognisable prior to the pictures being put online (for details, see the News dated 05.05.2011). [more]
(Safe Harbor: Globaler Datenumschlagplatz?) [more]
On March 30th, 2011, the Federal Administrative Court ruled on the Google Street View case.
The court held that Swiss data protection law is applicable to Google Street View. The court ruled that Google violated the principles of legitimacy, proportionality, purposefulness, and transparency without the consent of the persons concerned, and that the violation was not legitimised by an overriding public or private interest. It further held that Google’s private economic interest in providing its services does not prevail over the importance of the privacy interest being breached. [more]
As previously mentioned (see News dated 30 November 2010), the Swiss Federal Supreme Court held, in a decision dated 8 September 2010, that collecting dynamic IP addresses of persons uploading copyright-protected works and then forwarding those addresses to copyright holders so as to enable them to enforce their rights constitutes an unlawful and unjustifiable breach of the privacy of the persons concerned. [more]
Logistep AG had been extracting the dynamic IP addresses of persons uploading copyright-protected works to P2P networks and then forwarding those addresses to the relevant copyright holders in order to allow them to identify the persons using the IP addresses by filing criminal complaints against “unknown” persons.
On October 14th, 2009 Google rejected large parts of the recommendation of the Federal Data Protection and Information Commissioner (FDPIC) regarding Street View. Google only agreed to refrain from posting additional pictures until the end of 2009. [more]
As in other countries, Google launched its Google Street View service in Switzerland in August 2009. This service allows an online virtual tour of parts of Switzerland. In order to create this service, Google has used specially equipped vehicles to take pictures of specific streets or houses and approximately 20 million pictures are now online. Google uses software which automatically blurs faces and licence plates of vehicles in order to render them unrecognizable before putting them online. Because this process is not 100% effective, faces and licence plates which are still recognizable can be notified to Google or the removal of the pictures can be requested. [more]
Personal data may only be disclosed or transferred from Switzerland to a recipient in the U.S.A. if an exception specified by Art. 6 para. 2 of the Swiss Data Protection Act (DPA) applies because neither U.S. federal law nor the laws of any U.S. state are considered under Swiss law to guarantee an adequate level of data protection. If none of the other exceptions set out in Art. 6 para. 2 DPA are available, the data exporter needs to enter into a specific cross-border data transfer agreement with the recipient in the U.S.A. and notify the Federal Data Protection and Information Officer about it. These requirements are cumbersome and have often been disregarded despite the risk of sanctions. [more]
Excerpt from www.data.protection.ch Copyright Walder Wyss Ltd., Zurich, Switzerland
This excerpt provides general information which may not be current or complete. It is not made available for the purpose of providing legal advice and it should not be relied upon as legal advice. Before taking any action with regard to the matters discussed in this excerpt, advice specifically addressing the applicable facts and circumstances should be obtained.