SWITZERLAND Law and Practice Contributed by: Philippe Nordmann, Marion Bähler, Dario Glauser, Christian Hagen and Samuel Lieberherr, Walder Wyss Ltd
in various industrial sectors and professions, such as the secrecy obligations applicable to lawyers, physicians, banking, etc. • Under Swiss competition law, unfair business practices regarding the unlawful procurement, misappropriation or exploitation of informa - tion are prohibited. Violation of these rules may lead to civil liability and criminal sanc - tions. • Corporate law prohibits the bodies and top management of companies from disclosing or otherwise utilising secret information other than according to the scope of their man - dates. • Employment law prohibits an employee from exploiting confidential information acquired in the course of work. • Agency and procurement law forbids an agent from making use of the trade secrets of the principal it has been entrusted with. Furthermore, Switzerland is a party to the Agree - ment on Trade-Related Aspects of Intellectual Property Rights (TRIPS). Data protection in Switzerland is mainly regu - lated by the Federal Act on Data Protection (FADP) and its ordinances, particularly the Fed - eral Ordinance on Protection Act. However, sector-specific or overarching data protection legislation may provide for a broader scope of application. The new FADP, which entered into force on 1 September 2023, aligned Swiss data protection with the European legislation to a sig - nificant extent and has, amongst other things, implemented: 8. Data Protection 8.1 Applicable Regulations
• the principle of data protection by design and by default; • the obligation to perform an impact assess - ment under certain circumstances; and • the obligation to notify the Federal Data Protection and Information Commissioner (FDPIC) or data subjects of data breaches unless an exception applies. Given that Switzerland is not a member state of the EU, the EU General Data Protection Regu - lation only applies under certain circumstances – eg, if a Swiss-based company offers goods or services to individuals in the EU or monitors the The FADP is applicable to the processing of per - sonal data that has an effect in Switzerland, even if it was collected abroad. Therefore, if personal data concerning natural persons in Switzerland is processed abroad, the controller or proces - sor abroad must comply with applicable Swiss law. In addition, private controllers domiciled or resident abroad must appoint a representative in Switzerland if they process the personal data of persons in Switzerland. The FADP establishes certain principles, which must be observed by controllers as well as – for most principles – processors. • Lawfulness: personal data must be processed lawfully, meaning that processing must not violate another norm of Swiss law directly or indirectly aimed at protecting the personality. • Good faith: data shall be processed in good faith, meaning that the processing shall be evident to the data subject. behaviour of such individuals. 8.2 Geographical Scope • Transparency and purpose limitation: the col - lection and usage of personal data must be
814 CHAMBERS.COM
Powered by FlippingBook