Moti­on Qua­dri (12.3993): Imme­dia­te­ly stop dis­clo­sure of data of bank employees or for­mer bank employees to for­eign authorities
Rejec­ted (19.06.2013)

Sub­mit­ted text

The Fede­ral Coun­cil is instructed:

1. to enact legal pro­vi­si­ons that pre­vent data on employees or for­mer employees of Swiss com­pa­nies from being trans­mit­ted to for­eign aut­ho­ri­ties in packa­ges or automatically;

2. imme­dia­te­ly enact clear and bin­ding legis­la­ti­on repe­al­ing the pre­vious aut­ho­rizati­ons impro­per­ly gran­ted by the Fede­ral Council;

3. pro­vi­de legal and finan­cial assi­stance to per­sons affec­ted by the impro­per trans­fer of their data to for­eign authorities.

Justi­fi­ca­ti­on

As is well known, the Fede­ral Coun­cil has allo­wed data on more than 10,000 employees and for­mer employees of ele­ven banks to date to be trans­fer­red to the U.S. inve­sti­ga­ti­ve authorities.

Wit­hout the aut­ho­rizati­on of the Fede­ral Coun­cil, this data trans­fer would have been punis­ha­ble under Artic­le 271 of the Cri­mi­nal Code. Howe­ver, the Fede­ral Council’s aut­ho­rizati­on is jud­ged to be abu­si­ve by various par­ties, inclu­ding the Data Pro­tec­tion Commissioner.

Per­sons who­se names appear on the cor­re­spon­ding lists are not even infor­med about this.

The aut­ho­rizati­on is valid until March 31, 2014. It is easy to ima­gi­ne that by that date, thou­sands more bank employees and for­mer bank employees will be sacri­fi­ced on the altar of a finan­cial cen­ter poli­cy that is cha­rac­te­ri­zed at the fede­ral level by a con­stant imme­dia­te yiel­ding to for­eign sta­tes and authorities.

The data trans­fers to date have also resul­ted in cri­mi­nal com­plaints by indi­vi­du­als who dis­co­ver­ed they were on the lists trans­fer­red to Washington.

By aut­ho­ri­zing the trans­fer of data, the Fede­ral Coun­cil has dis­re­gard­ed its duty to pro­tect the rule of law and Swiss sove­reig­n­ty. It has thus given the green light for a “mass sell­out” of the data of thou­sands of Swiss citi­zens to a for­eign authority.

The per­sons who­se names appear on the lists han­ded over to the United Sta­tes and their fami­ly mem­bers must fear serious con­se­quen­ces if they tra­vel to the United Sta­tes. Nor can it be ruled out that such con­se­quen­ces will one day arri­ve imme­dia­te­ly after lea­ving Switz­er­land, for exam­p­le as a result of requests for admi­ni­stra­ti­ve assistance.

State­ment of the Fede­ral Council 

Under Swiss labor law and the Fede­ral Data Pro­tec­tion Act (FADP), the employer has a duty to pro­tect data about employees. With regard to the grounds for justi­fi­ca­ti­on of data pro­ce­s­sing, the DPA is appli­ca­ble (Art. 328b of the Code of Obli­ga­ti­ons, CO). Accor­ding to the OR and the DSG, per­so­nal data may only be pro­ce­s­sed lawful­ly. Their pro­ce­s­sing must be car­ri­ed out in good faith, must be pro­por­tio­na­te and may only be car­ri­ed out for the pur­po­se that was sta­ted when the data was obtai­ned, is evi­dent from the cir­cum­stances or is pro­vi­ded for by law (Art. 4 para. 1 – 3 DPA). Data may only be dis­c­lo­sed abroad if this is neces­sa­ry for the per­for­mance of the employment con­tract of the data sub­jects (Art. 328b OR). If this is not the case, the­re must be an over­ri­ding public or pri­va­te inte­rest for dis­clo­sure (Art. 6 para. 1 and 2 let. d, Art. 13 FADP). The­se pro­vi­si­ons are clear and offer employees suf­fi­ci­ent protection.

The Fede­ral Coun­cil has gran­ted the banks affec­ted by U.S. pro­ce­e­dings a per­mit pur­su­ant to Artic­le 271 item 1 of the Cri­mi­nal Code to ensu­re that they can exer­cise their par­ty rights wit­hout com­mit­ting the cri­mi­nal offen­se of pro­hi­bi­ted acts on behalf of a for­eign sta­te. The aut­ho­rizati­on does not con­sti­tu­te a car­te blan­che for data trans­fers to the USA. In the actu­al trans­fer of data, the banks must com­ply with appli­ca­ble Swiss law.

In Octo­ber 2012, the Fede­ral Data Pro­tec­tion and Infor­ma­ti­on Com­mis­sio­ner (FDPIC) review­ed the deli­very of employee data from Swiss banks to the US aut­ho­ri­ties. He con­duc­ted seve­ral fact-fin­ding inve­sti­ga­ti­ons and issued recom­men­da­ti­ons to five affec­ted banks. He explai­ned that he could under­stand the public inte­rests asser­ted by the banks as justi­fi­ca­ti­ons for the trans­fer of employee data to the US. At the same time, he stres­sed the need to ensu­re that the inte­rests of the employees con­cer­ned in trans­pa­rent infor­ma­ti­on were respec­ted. Accor­ding to the recom­men­da­ti­ons, the banks must grant the affec­ted per­sons a right to infor­ma­ti­on pur­su­ant to Artic­le 8 FADP about data trans­fers that have alre­a­dy taken place. In future, the banks must inform the data sub­jects in advan­ce of the scope and natu­re of the docu­ments to be sup­plied so that they can assert their right to infor­ma­ti­on. If a data sub­ject objects to the trans­fer of his or her name, the bank must weigh up the inte­rests invol­ved. If it nevert­hel­ess wis­hes to trans­fer the docu­ments, it must inform the data sub­ject of this and of his or her rights. All five banks con­cer­ned have accept­ed the recom­men­da­ti­ons issued by Edöb.

The stake­hol­ders of bank staff are working with the Ban­kers Asso­cia­ti­on to find solu­ti­ons to pro­tect bank staff and, if neces­sa­ry, to indem­ni­fy them. The Fede­ral Coun­cil sees no legal basis that would allow it to pro­vi­de legal or finan­cial assi­stance to bank employees.