Motion Quadri (12.3993): Immediately stop disclosure of data of bank employees or former bank employees to foreign authorities
Rejected (19.06.2013)
Submitted text
The Federal Council is instructed:
1. to enact legal provisions that prevent data on employees or former employees of Swiss companies from being transmitted to foreign authorities in packages or automatically;
2. immediately enact clear and binding legislation repealing the previous authorizations improperly granted by the Federal Council;
3. provide legal and financial assistance to persons affected by the improper transfer of their data to foreign authorities.
Justification
As is well known, the Federal Council has allowed data on more than 10,000 employees and former employees of eleven banks to date to be transferred to the U.S. investigative authorities.
Without the authorization of the Federal Council, this data transfer would have been punishable under Article 271 of the Criminal Code. However, the Federal Council’s authorization is judged to be abusive by various parties, including the Data Protection Commissioner.
Persons whose names appear on the corresponding lists are not even informed about this.
The authorization is valid until March 31, 2014. It is easy to imagine that by that date, thousands more bank employees and former bank employees will be sacrificed on the altar of a financial center policy that is characterized at the federal level by a constant immediate yielding to foreign states and authorities.
The data transfers to date have also resulted in criminal complaints by individuals who discovered they were on the lists transferred to Washington.
By authorizing the transfer of data, the Federal Council has disregarded its duty to protect the rule of law and Swiss sovereignty. It has thus given the green light for a “mass sellout” of the data of thousands of Swiss citizens to a foreign authority.
The persons whose names appear on the lists handed over to the United States and their family members must fear serious consequences if they travel to the United States. Nor can it be ruled out that such consequences will one day arrive immediately after leaving Switzerland, for example as a result of requests for administrative assistance.
Statement of the Federal Council
Under Swiss labor law and the Federal Data Protection Act (FADP), the employer has a duty to protect data about employees. With regard to the grounds for justification of data processing, the DPA is applicable (Art. 328b of the Code of Obligations, CO). According to the OR and the DSG, personal data may only be processed lawfully. Their processing must be carried out in good faith, must be proportionate and may only be carried out for the purpose that was stated when the data was obtained, is evident from the circumstances or is provided for by law (Art. 4 para. 1 – 3 DPA). Data may only be disclosed abroad if this is necessary for the performance of the employment contract of the data subjects (Art. 328b OR). If this is not the case, there must be an overriding public or private interest for disclosure (Art. 6 para. 1 and 2 let. d, Art. 13 FADP). These provisions are clear and offer employees sufficient protection.
The Federal Council has granted the banks affected by U.S. proceedings a permit pursuant to Article 271 item 1 of the Criminal Code to ensure that they can exercise their party rights without committing the criminal offense of prohibited acts on behalf of a foreign state. The authorization does not constitute a carte blanche for data transfers to the USA. In the actual transfer of data, the banks must comply with applicable Swiss law.
In October 2012, the Federal Data Protection and Information Commissioner (FDPIC) reviewed the delivery of employee data from Swiss banks to the US authorities. He conducted several fact-finding investigations and issued recommendations to five affected banks. He explained that he could understand the public interests asserted by the banks as justifications for the transfer of employee data to the US. At the same time, he stressed the need to ensure that the interests of the employees concerned in transparent information were respected. According to the recommendations, the banks must grant the affected persons a right to information pursuant to Article 8 FADP about data transfers that have already taken place. In future, the banks must inform the data subjects in advance of the scope and nature of the documents to be supplied so that they can assert their right to information. If a data subject objects to the transfer of his or her name, the bank must weigh up the interests involved. If it nevertheless wishes to transfer the documents, it must inform the data subject of this and of his or her rights. All five banks concerned have accepted the recommendations issued by Edöb.
The stakeholders of bank staff are working with the Bankers Association to find solutions to protect bank staff and, if necessary, to indemnify them. The Federal Council sees no legal basis that would allow it to provide legal or financial assistance to bank employees.