Skip to main content

Right to access of origin of the information based on Swiss Federal Act on Data Protection (FADP)

|

The Swiss Federal Supreme Court has made an interesting decision on the scope of the right to information under Swiss Federal Act on Data Protection (FADP) and also addressed an abusive assertion (decision of 10th December 2020, ref. 4A_125/2020). The judges decided that there is no right to information about the origin of certain data if such origin information has not been recorded. In individual cases, the situation could be different due to special legal regulations. However, only if such data exist at all.

FACTS

A lawyer (the respondent) was charged with aiding and abetting tax offences in the USA. This led to an expulsion from his law firm. This expulsion resulted in a legal dispute, which was settled by a compensation payment from the law firm to the lawyer. Subsequently, his bank terminated his client relationship. The bank also had a sister company and a holding company (complainants). The bank justified the termination of the relationship with the client by stating that it had reached a settlement with the US authorities regarding tax disputes, which was implemented in such a way that bank client relationships with people who had been charged with or convicted of aiding and abetting tax offences in the USA were terminated.

The lawyer suspected that the information about the accusation had been divulged from his former law firm to the general counsel of the holding company.

The lawyer filed an information request with the bank for the handing over of all information in connection with the compensation payment, including e-mail and fax correspondence, telephone and conversation notes as well as internal documents and notes.

In addition, he filed an evidentiary order for witness interviews of the partner of the law firm and another lawyer as well as a party interview of the General Counsel. This order is governed by the applicable Code of Civil Procedure (CPC). The complainants argued that this order goes beyond the provision of information under Article 8 of the Data Protection Act (FADP) and is therefore not permitted.

The legal basis for the information in question must be distinguished.

 

THE RIGHT TO INFORMATION UNDER THE DATA PROTECTION ACT IN CIVIL PROCEEDINGS

On the one hand, the Code of Civil Procedure comes into question. Art. 150 paragraph 1 CPC determines the subject matter of evidence in civil proceedings. Thus, legally relevant, disputed matters may constitute the subject matter of evidence. In addition, Art. 152 paragraph 1 CPC stipulates that a suitable piece of evidence must be accepted by the court. On the other hand, the Data Protection Act is significant, as it regulates the request for information in Art. 8 FADP.

On the other hand, Art. 8 pargraph 2 lit. a FADP prescribes that all data about a person, if they can be attributed to a person, are the content of the right to information. In order to talk about such data, it must be a collection of data. This obligation also includes the origin of the data.

However, the information on the origin does not have to be recorded or stored. Therefore, should they exist, they have be disclosed.

The right to information is entitled to every person and is generally asserted in writing (Art. 8 para. 5 FADP). The assertion of the claim is free of charge unless a considerable effort is necessary. In such cases, it may be requested an appropriate contribution to the costs of a maximum of CHF 300.00

If the request for information is not followed up or if false or incomplete information is provided intentionally, a fine may be imposed upon request (Art. 34 para. 1 lit. a FADP).

 

LIMITS OF THE RIGHT TO INFORMATION

The distinction between the two legal bases is important, as the CPC offers the possibility of taking evidence and does not enable to obtain information. In contrast, the FDPA is able to enforce a substantive claim, whereby information is handed over to the applicant if the request is approved. Admitting the evidence order to question witnesses under the CPC would thus lead to more extensive information than under the FDPA. The Federal Supreme Court asserts that there would be a risk of abuse in the enforcement of a claim. In fact, this would lead to information being provided without determining whether a duty to provide information even exists.

For the above mentioned reasons, the Federal Supreme Court holds that an abuse of right regarding the assertion of the right to information exist in particular if:

  • The right to information is used to save costs for obtaining data,
  • The right to information is exercised in a vexatious manner, for example if there is no interest at all in the content of the data, or
  • The request serves to investigate the other party and to obtain evidence that otherwise the party would not be able to obtain

In the case at hand, this means that the respondent’s order to provide evidence is an abuse of right, as the provision of evidence under the CPC goes beyond the right to information under the FADP.

 

NO RIGHT TO INFORMATION FOR INFORMATION HELD IN MEMORY

Due to the design of the right to information under the FADP, one is of the opinion that the subject of the information is mainly written data. This argues against a party or witness questioning in connection with personal data. Rather, it is assumed that data collections that exist in writing or physically are covered by the right to information. Therefore, this also means that the data collections are permanent and can be inspected and do not have every conceived thought as their subject. Data held in memory cannot be retrieved completely and truly at any time, as they are memories.

Therefore, the Federal Supreme Court decided that the statements of the partner and the other lawyer of the law firm as well as the general counsel could not be covered by the right to information under the FADP either.

A duty to provide information under Art. 8 paragraph 2 lit. a FADP is therefore not possible regarding the content of the conversation between the law firm, the general counsel and the bank that was brought forward.

 

SPECIAL CASE: BANKING LAW

In principle, there is a duty to provide information with regard to the indications of origin. However, this obligation only applies if information is actually available, as there is no obligation to retain this information.

However, this is different for banks, as the duty to provide information is based, among other things, on Art. 16 of the Ordinance of 3 June 2015 of the Swiss Financial Market Supervisory Authority on Combating Money Laundering and Terrorist Financing in the Financial Sector (Money Laundering Ordinance-FINMA). According to this ordinance, banks may obtain information in writing or orally. In addition, visits to the client are also possible. Information obtained in this way may also be subject to the right to information if it is objectively available and specific. The lower court assumed that the relevant information in this case fulfilled these requirements. However, the Federal Supreme Court ruled that this information could not be requested, as it was not available in the case at hand. Therefore, the disclosure of the origin of information could not be requested by the complainants.

The Federal Supreme Court ruled therefore that the decision is going to be sent back for reconsideration. In addition, the complainants are not going to be heard as witnesses or respondents.

 

Article provided by: Nicole Beranek Zanon (de la cruz beranek, Switzerland)

 

 

Discover more about INPLP, the INPLP-Members and the GDPR-FINE database

Dr. Tobias Höllwarth (Managing Director INPLP)

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

VIEW STREAM

About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.

{$page.footerData}