SWITZERLAND Law and Practice Contributed by: Hugh Reeves, Jürg Schneider and David Vasella, Walder Wyss Ltd
4.4 Transfer of Personal Data in Asset Deals In Switzerland, an assignment of claims is gener - ally permissible without the consent of, or even without informing, the debtor. There is therefore a general understanding that a transfer of assets does not require consent, provided that the seller ceases its own business activities in rela - tion to the sale (but information from the seller or the purchaser remains a requirement in most cases). Stricter rules may apply where the asset deal involves a transfer of sensitive data, and even more so in case of data processed under secrecy obligations (such as patient data or CID processed by a bank or financial institution). 5. International Considerations 5.1 Restrictions on International Data Transfers The FADP aims to protect the personality rights and fundamental rights of natural persons whose personal data is processed. As a consequence, the FADP contains provisions on how this pro - tection is to be guaranteed when data is trans - ferred abroad, for instance to a state that does not offer the same level of data protection as Switzerland does. Controllers or processors may transfer personal data abroad if the Federal Council has deter - mined that the legislation of the relevant state or international body guarantees an adequate level of protection. Therefore, the Federal Coun - cil determines, in a binding manner, to which countries the export of data is permitted. On the other hand, in the absence of such a decision by the Federal Council, personal data may be disclosed abroad only if appropriate pro -
ers. The Swiss Code of Obligations (SCO) also contains specific provisions on data processing and the protection of the privacy of employees. Most importantly, the employer must – within the employment relationship – acknowledge and safeguard the employee’s personality rights, have due regard for their health and ensure that proper moral standards are maintained. The employer must refrain from any interference with the personality of the employee that is not justified by the employment contract and, within the framework of the employment relationship, prevent any such interference by superiors, employees or third parties. Excessive employee surveillance, for example, may be unlawful under public labour regulations. These provisions of the SCO and the FADP are closely intertwined, and the employer may only process data on employees in two cases and only to a rather limited extent. • Before the conclusion of an employment contract and during its implementation, data on job applicants may be processed in order to clarify whether they are suitable for the job in question. • During the employment period, data on employees that is necessary for the perfor - mance of the employment relationship may be processed. However, recent Swiss Supreme Court case law adds some flexibility and leaves some room for employer private interest justifications. This approach is comparable to the GDPR in the sense that an overriding private interest could justify the processing of employee data that the employment law and the SCO would otherwise not cover.
428 CHAMBERS.COM
Powered by FlippingBook