SWITZERLAND Law and Practice Contributed by: Hugh Reeves, Jürg Schneider and David Vasella, Walder Wyss Ltd
5.2 Government Notifications and Approvals Personal data may be disclosed abroad if the Federal Council has determined that the legis - lation of the relevant state or international body guarantees an adequate level of protection. In this case, additional safeguards are not required. In the absence of an adequacy decision by the Federal Council, personal data may be disclosed abroad only if appropriate protection is guaran - teed by certain conditions (see 5.1 Restrictions on International Data Transfers ). Also in this case, no notification or approval is required for the specific data transfer, but some conditions may apply. If there is no adequacy decision and no appro - priate protection is guaranteed through appro - priate safeguards, personal data may neverthe - less be disclosed abroad in certain cases. The controller or processor must inform the FDPIC of this disclosure, but only upon request. These cases are as follows: • the disclosure is directly connected to the conclusion or the performance of a contract with the data subject, or with another party but in the interest of the data subject; • the disclosure is necessary in order to safe - guard an overriding public interest, or for the establishment, exercise or enforcement of legal claims before a court or another compe - tent foreign authority; • the disclosure is necessary to protect the life or the physical integrity of the data subject or a third party and it is not possible to obtain the consent of the data subject within a rea - sonable period of time.
5.3 Data Localisation Requirements There are no specific data localisation require - ments under Swiss data protection law. How - ever, some exceptions may apply to regulated activities. For example, the Ordinance on the Electronic Patient Dossier explicitly states that the data repositories (of health data) must be located in Switzerland and must be subject to Swiss law. In addition, various provisions require that certain data remain accessible at all times from Switzerland, such as some client data pro - cessed by banks and insurance companies, but this does not usually prevent cross-border trans - fers or storage abroad of that data. 5.4 Blocking Statutes Swiss law contains so-called blocking statutes that can prevent or hinder the collection of evi - dence in multijurisdictional proceedings. As soon as an internal investigation is carried out at the request of a foreign authority or the results of such an investigation are generated with the aim of making them available to a foreign author - ity, two provisions of the Swiss Criminal Code (SCC) must be taken into account: Article 271 of the SCC (unlawful activities on behalf of a for - eign state) and Article 273 of the SCC (industrial espionage). According to Article 271 of the SCC, anyone who carries out activities on behalf of a foreign state, foreign party or foreign organisation on Swiss territory without lawful authority, where such activities are the responsibility of a pub - lic authority or public official, and anyone who facilitates such activities, is liable to punishment. The taking of evidence constitutes a sovereign judicial function of the courts rather than of the parties. Therefore, the taking of evidence for a foreign state court or for foreign regulatory pro - ceedings constitutes an act of a foreign state. If such acts take place in Switzerland, they violate
430 CHAMBERS.COM
Powered by FlippingBook