In addition to the provisions of the Swiss Federal Data Protection Act (DPA), the processing of employee data by an employer is governed by Article 328b of the Swiss Code of Obligations (SCO). This provision allows an employer to process data concerning its employees only to the extent that the data relate to the employee's suitability for employment or are necessary for the performance of the employment contract. The employee cannot validly consent to more extensive processing of his or her data.
The law does not define more precisely the scope of lawful processing of employee data. In addition to data processing strictly necessary for the performance of the employment contract, such as data relating to compensation and social security benefits, data processing within the scope of widely practiced human resources management may also be permitted. The processing of data which are outside the scope of the employer-employee relationship, however, is clearly prohibited.