-
- Art. 5a FC
- Art. 6 FC
- Art. 10 FC
- Art. 16 FC
- Art. 17 FC
- Art. 20 FC
- Art. 22 FC
- Art. 29a FC
- Art. 30 FC
- Art. 32 FC
- Art. 42 FC
- Art. 43 FC
- Art. 43a FC
- Art. 55 FC
- Art. 56 FC
- Art. 60 FC
- Art. 68 FC
- Art. 75b FC
- Art. 77 FC
- Art. 96 para. 2 lit. a FC
- Art. 110 FC
- Art. 117a FC
- Art. 118 FC
- Art. 123b FC
- Art. 136 FC
- Art. 166 FC
-
- Art. 11 CO
- Art. 12 CO
- Art. 50 CO
- Art. 51 CO
- Art. 84 CO
- Art. 143 CO
- Art. 144 CO
- Art. 145 CO
- Art. 146 CO
- Art. 147 CO
- Art. 148 CO
- Art. 149 CO
- Art. 150 CO
- Art. 701 CO
- Art. 715 CO
- Art. 715a CO
- Art. 734f CO
- Art. 785 CO
- Art. 786 CO
- Art. 787 CO
- Art. 788 CO
- Transitional provisions to the revision of the Stock Corporation Act of June 19, 2020
- Art. 808c CO
-
- Art. 2 PRA
- Art. 3 PRA
- Art. 4 PRA
- Art. 6 PRA
- Art. 10 PRA
- Art. 10a PRA
- Art. 11 PRA
- Art. 12 PRA
- Art. 13 PRA
- Art. 14 PRA
- Art. 15 PRA
- Art. 16 PRA
- Art. 17 PRA
- Art. 19 PRA
- Art. 20 PRA
- Art. 21 PRA
- Art. 22 PRA
- Art. 23 PRA
- Art. 24 PRA
- Art. 25 PRA
- Art. 26 PRA
- Art. 27 PRA
- Art. 29 PRA
- Art. 30 PRA
- Art. 31 PRA
- Art. 32 PRA
- Art. 32a PRA
- Art. 33 PRA
- Art. 34 PRA
- Art. 35 PRA
- Art. 36 PRA
- Art. 37 PRA
- Art. 38 PRA
- Art. 39 PRA
- Art. 40 PRA
- Art. 41 PRA
- Art. 42 PRA
- Art. 43 PRA
- Art. 44 PRA
- Art. 45 PRA
- Art. 46 PRA
- Art. 47 PRA
- Art. 48 PRA
- Art. 49 PRA
- Art. 50 PRA
- Art. 51 PRA
- Art. 52 PRA
- Art. 53 PRA
- Art. 54 PRA
- Art. 55 PRA
- Art. 56 PRA
- Art. 57 PRA
- Art. 58 PRA
- Art. 59a PRA
- Art. 59b PRA
- Art. 59c PRA
- Art. 62 PRA
- Art. 63 PRA
- Art. 67 PRA
- Art. 67a PRA
- Art. 67b PRA
- Art. 75 PRA
- Art. 75a PRA
- Art. 76 PRA
- Art. 76a PRA
- Art. 90 PRA
-
- Vorb. zu Art. 1 FADP
- Art. 1 FADP
- Art. 2 FADP
- Art. 3 FADP
- Art. 5 lit. f und g FADP
- Art. 6 Abs. 6 and 7 FADP
- Art. 7 FADP
- Art. 10 FADP
- Art. 11 FADP
- Art. 12 FADP
- Art. 14 FADP
- Art. 15 FADP
- Art. 19 FADP
- Art. 20 FADP
- Art. 22 FADP
- Art. 23 FADP
- Art. 25 FADP
- Art. 26 FADP
- Art. 27 FADP
- Art. 31 para. 2 lit. e FADP
- Art. 33 FADP
- Art. 34 FADP
- Art. 35 FADP
- Art. 38 FADP
- Art. 39 FADP
- Art. 40 FADP
- Art. 41 FADP
- Art. 42 FADP
- Art. 43 FADP
- Art. 44 FADP
- Art. 44a FADP
- Art. 45 FADP
- Art. 46 FADP
- Art. 47 FADP
- Art. 47a FADP
- Art. 48 FADP
- Art. 49 FADP
- Art. 50 FADP
- Art. 51 FADP
- Art. 54 FADP
- Art. 57 FADP
- Art. 58 FADP
- Art. 60 FADP
- Art. 61 FADP
- Art. 62 FADP
- Art. 63 FADP
- Art. 64 FADP
- Art. 65 FADP
- Art. 66 FADP
- Art. 67 FADP
- Art. 69 FADP
- Art. 72 FADP
- Art. 72a FADP
-
- Art. 2 CCC (Convention on Cybercrime)
- Art. 3 CCC (Convention on Cybercrime)
- Art. 4 CCC (Convention on Cybercrime)
- Art. 5 CCC (Convention on Cybercrime)
- Art. 6 CCC (Convention on Cybercrime)
- Art. 7 CCC (Convention on Cybercrime)
- Art. 8 CCC (Convention on Cybercrime)
- Art. 9 CCC (Convention on Cybercrime)
- Art. 11 CCC (Convention on Cybercrime)
- Art. 12 CCC (Convention on Cybercrime)
- Art. 25 CCC (Convention on Cybercrime)
- Art. 29 CCC (Convention on Cybercrime)
- Art. 32 CCC (Convention on Cybercrime)
- Art. 33 CCC (Convention on Cybercrime)
- Art. 34 CCC (Convention on Cybercrime)
FEDERAL CONSTITUTION
CODE OF OBLIGATIONS
FEDERAL LAW ON PRIVATE INTERNATIONAL LAW
LUGANO CONVENTION
CODE OF CRIMINAL PROCEDURE
CIVIL PROCEDURE CODE
FEDERAL ACT ON POLITICAL RIGHTS
CIVIL CODE
FEDERAL ACT ON CARTELS AND OTHER RESTRAINTS OF COMPETITION
FEDERAL ACT ON INTERNATIONAL MUTUAL ASSISTANCE IN CRIMINAL MATTERS
DEBT ENFORCEMENT AND BANKRUPTCY ACT
FEDERAL ACT ON DATA PROTECTION
SWISS CRIMINAL CODE
CYBERCRIME CONVENTION
- In a nutshell
- I. General
- II. Violation of Professional Confidentiality
- III. Illegality and culpability
- IV. Delimitation and competition
- Bibliography
- Materials
In a nutshell
The provision of Art. 62 deals with the so-called "minor professional secrecy". It criminalizes the intentional disclosure of secret personal data learned during the exercise of a profession. Compared to the previous law, the offense of "breach of professional secrecy" is considerably expanded. A fine of up to 250,000 Swiss francs may be imposed if this offense is committed.
I. General
1 The provision of Art. 62 builds on Art. 35 aDSG, but considerably expands the elements of the offense of "breach of professional secrecy". It is no longer merely a matter of disclosing "secret personal data or personality profiles requiring special protection", but rather "secret personal data" in general. The Federal Council has justified this extension of the protection of secrets to all types of personal data with the further development of information and communication technology and the accompanying massive expansion of the collection of data. Art. 62 aims to protect the secrecy of those persons who entrust their personal data to third parties.
2 The penal provision of Art. 62 is an application offense.
3 According to the Federal Council, Art. 62 is intended to close gaps "that arise due to the restricted circle of offenders under Articles 320 and 321 SCC (special offences)". The duty of confidentiality should also apply to persons who do not fall under Art. 320 or 321 SCC. The legislator preferred this solution to an expansion of the (general) criminal law provisions, as he did not consider it expedient to also expand the right to refuse to testify, which the procedural laws generally provide for the professions mentioned in Art. 321 SCC. Terminologically, however, the "minor professional secrecy" is based on the "major" professional secrecy pursuant to Art. 321 StGB (which applies in particular to doctors, lawyers, clergy, etc.) and on banking secrecy pursuant to Art. 47 BankG.
4 The Federal Council already refrained from mentioning the disclosure of data processed for commercial purposes in the preparation of the draft. This was retained by the parliamentary chambers.
5 The preliminary draft still provided for a prison sentence of up to three years or a fine in the event of a breach of professional secrecy (Art. 52 VE-FADP). According to the explanatory report VE-FADP, the tightening was intended because a fine would no longer correspond to the severity of possible infringements, especially with regard to Art. 321 SCC. In the consultation, however, various participants found the penalty to be too high, which is why a fine of 250,000 Swiss francs was introduced. The maximum fine of 250,000 Swiss francs was ultimately retained, as this amount was considered by the majority to be proportionate and sufficiently deterrent.
6 Overall, it is astonishing that the provision of Art. 62, which is unusually harsh in view of the broad scope of application and the range of fines, especially in international comparison, was hardly discussed (in terms of content) in the parliamentary deliberations.
II. Violation of Professional Confidentiality
A. Circle of Offenders
7 Art. 62 FADP does not cover all persons who disclose secret personal data of another. According to the wording, it covers persons who exercise a profession that requires the disclosure of secret personal data. Art. 62 FADP is thus designed as a special offense. In contrast to Art. 321 StGB, however, no specific professional affiliation is required. In order to be subject to a duty of confidentiality (which goes beyond business and manufacturing secrets within the meaning of Art. 321a para. 4 of the Swiss Code of Obligations), since the introduction of Art. 62 employees no longer have to have a special status such as that of lawyers, doctors, bank employees or civil servants: it is sufficient that they have gained knowledge of "secret personal data" in the course of their professional activities. By virtue of Art. 2 para. 1, the penal provision of Art. 62 also covers members of federal authorities.
8 According to Art. 62 para. 3, not only the current exercise of the profession is covered, but the protection of the secret also lasts if the obligated persons have given up the profession or have completed their corresponding training. This corresponds to the provision of Art. 35 para. 3 aDSG. It can be assumed that this means (by analogy with Art. 321 SCC) that the professional duty of confidentiality continues to exist until the death of the person bound to secrecy, irrespective of the continuation of the business relationship.
9 According to Art. 62 para. 2, auxiliary persons (employees; commissioned data processors) and trainees (including interns) are also subject to criminal liability. This extension corresponds to the provision of Art. 35 para. 2 aDSG. Third parties who act in place of the primary holder of secrets are, according to the view expressed here, subject to the obligation to maintain secrecy as auxiliary persons.
10 Not liable to prosecution under Art. 62 is anyone who discloses secret personal data that the person holding the secret or an auxiliary person has disclosed to him or her in violation of Art. 62.
11 Art. 62 FADP does not provide for direct criminal liability of the company. In order to counteract this, the criminal liability of the governing bodies was increased by applying Art. 6 of the Criminal Code in addition to Art. 29 of the Penal Code.
B. Objective elements of the offence
12 According to Art. 62 para. 1, "[w]hoever intentionally discloses secret personal data of which he or she has become aware in the exercise of his or her profession which requires knowledge of such data" is liable to prosecution. The objective element of the offense first requires that it be "secret" personal data. Personal data is any information relating to an identified or identifiable natural person (Art. 5 lit. a). Art. 62 itself does not define which personal data is considered "secret", but the message refers to the material concept of secrecy in criminal law. A secret protected by criminal law exists if (i) the fact is not generally known or accessible, (ii) the person keeping the secret has an interest worthy of protection in the limited knowledge, and (iii) he also has the will to do so.
13 Furthermore, the perpetrator must have gained knowledge of the personal data in the course of exercising his profession. This includes, on the one hand, data that the client/secret owner has entrusted to the person holding the secret and, on the other hand, data that the person holding the secret has obtained himself in the course of exercising his profession.
14 The concept of "disclosure" of secret personal data corresponds to that in Art. 320 and 321 SCC: A disclosure occurs if the person who holds the secret brings secret personal data to the attention of a third party who is not authorized to do so or enables the third party to take note of the data, whereby it is irrelevant how this occurs (e.g. direct forwarding of secret personal data or insufficient file storage so that the third party is enabled to take note). If the data has been effectively anonymized, pseudonymized or encrypted prior to forwarding so that the third party cannot take note of the data, there is no disclosure in accordance with the offence.
On the other hand, disclosure is also deemed to have occurred if secret personal data is passed on to an internal employee or to an external service provider. Situations in which third parties disclose personal data to an employee in connection with a request for strict confidentiality can be problematic. One might think of an employee in the HR department of a company who is informed by another employee of a grievance within the company, with the latter demanding that his identity be kept secret. On the one hand, the employee in the HR department may be liable to prosecution if he (nevertheless) discloses the identity internally; on the other hand, the company will have to accept credit for the knowledge of certain employees. Here, clear regulations are needed in practice as to how such reports are handled and what is communicated, to whom, when and how.
15 It is not clear from the wording of Art. 62 or from the dispatch who is the owner of the secret protected by this provision. According to the dispatch, however, the provision of Art. 62 is explicitly linked to the professional secrecy of Art. 321 SCC, which is why it is justified to understand Art. 62 as "professional secrecy" and not as a purely data protection law norm: The owner of the secret is the person who has entrusted the professional person with his secret for the exercise of his profession. Accordingly, the trust of the owner of the secret in the confidentiality of the communication to the professional person is protected, and only the breach of this trust (i.e. not every data protection violation) is punishable. Article 62 protects the trust placed in a professional person that he or she will keep the secret entrusted to him or her for the purpose of exercising his or her profession - regardless of the existence of a direct contractual relationship with the person to whom the secret is entrusted. According to the view expressed here, only a disclosure of personal data that takes place in disappointment of a justified expectation of the owner of the secret that the same will be treated confidentially can constitute a criminal offense. A company can manage the customer's/secret owner's expectation by listing in its privacy policy the categories of third parties to whom the company discloses personal data. Provided that the reference in the privacy statement is "sufficiently clear," the secrecy owner will no longer be able to claim a "legitimate expectation" that the personal data in question will be treated confidentially.
16 Even if Art. 62 is understood in this narrower sense, this provision is still very broad and indeterminate: When a trust in confidentiality protected by criminal law can be assumed is not (and was not under Art. 35 aDSG) clarified. What is clear, however, is that not every fact disclosed to a professional person that is not generally known deserves this protection. With Rosenthal/Gubler (p. 61), it must be required (in view of the requirements for a criminal provision arising from the requirement of certainty under Art. 1 StGB) that (i) a justified expectation has been created in the owner of the secret that his will to keep the secret will be respected and (ii) the secret has been disclosed to the owner of the secret or his organization within this framework. Thus, an at least tacit agreement of confidentiality is required.
C. Subjective Elements of the Crime
17 From a subjective point of view, intent on the part of the perpetrator is required, i.e. the perpetrator must be aware of the duty of confidentiality, the secret nature of the personal data and the disclosure. It is sufficient if the perpetrator considers it possible that third parties could gain knowledge of the personal data, but nevertheless acts because he accepts this (contingent intent). In practice, it is not uncommon for criminal liability to fail because knowledge of the obligation to maintain secrecy and the confidential nature of the personal data cannot be proven, namely if there are no indications that the company in question has imparted the relevant knowledge to its employees.
III. Illegality and culpability
18 Cf. OC-Gassmann on Art. 60, n. 26 f. In particular, the disclosure may be justified by the consent of the owner of the secret, whereby the principles developed by case law and dogmatics in Art. 321 no. 2 SCC apply mutatis mutandis. Legal regulations that permit disclosure (Art. 14 StGB) or even make it obligatory may also be considered. One might think here of procedural duties to cooperate.
IV. Delimitation and competition
20 In addition to Art. 320 SCC (violation of official secrecy) and Art. 321 SCC (violation of professional secrecy), Art. 62 also protects the owner of a secret from unlawful disclosure of secret data to third parties. However, Art. 62 closes the loophole created by the limited perpetration and consequently is in unreal ideal competition with the two provisions of the Criminal Code. Analogous to Art. 35 aDSG, the violation of data secrecy is absorbed into Art. 320 and 321 SCC (consumption).
21 If the facts of Art. 47 BankG are also fulfilled, this takes precedence as a special norm.
The author would like to express his sincere thanks to MLaw Antonia Straden for her assistance in commenting on this article.
Bibliography
Niggli Marcel Alexander/Maeder Stefan, Kommentierung zu Art. 35 aDSG, in: Maurer-Lambrou Urs/Blechta Gabor-Paul (Hrsg.), Basler Kommentar, Datenschutzgesetz / Öffentlichkeitsgesetz, 3. Aufl., Basel 2014.
Oberholzer Niklaus, Kommentierung zu Art. 321 StGB, in: Niggli Marcel Alexander/Wiprächtiger Hans (Hrsg.), Basler Kommentar, Strafrecht (StGB/JStGB), 4. Aufl., Basel 2018.
Poledna Thomas/Berger Brigitte, Öffentliches Gesundheitsrecht, Bern 2002.
Rosenthal David, Das neue Datenschutzgesetz, in: Jusletter 16. November 2020; Rosenthal David/Gubler, Seraina, Die Strafbestimmungen des neuen DSG, SZW 1/2021, S. 52 ff.; Rosenthal David/Jöhri Yvonne, Handkommentar zum Datenschutzgesetz sowie weiteren, ausgewählten Bestimmungen, Zürich 2008.
Wohlers Wolfgang, Kommentierung zu Art. 62 DSG, in: Baeriswyl Bruno/Pärli Kurt/Blonski, Dominika (Hrsg.), Stämpflis Handkommentar, Datenschutzgesetz, 2. Aufl., Bern 2023.
Materials
Botschaft zum Bundesgesetz über die Totalrevision des Bundesgesetzes über den Daten-schutz und die Änderung weiterer Erlasse zum Datenschutz vom 23.3.1988, BBl 1988 II S. 413 ff. (zit. Botschaft 1988), abrufbar unter https://www.admin.ch/opc/de/federal-gazette/1988/II/413.pdf, besucht am 8.8.2023.
Botschaft zum Bundesgesetz über die Totalrevision des Bundesgesetzes über den Datenschutz und die Änderung weiterer Erlasse zum Datenschutz vom 15.9.2017, BBl 2017 S. 6941 ff. (zit. Botschaft 2017), abrufbar unter https://www.admin.ch/opc/de/federal-gazette/2017/6941.pdf, besucht am 8.8.2023.
Erläuternder Bericht des Bundesamts für Justiz BJ zum Vorentwurf für das Bundesgesetz über die Totalrevision des Datenschutzgesetzes und die Änderung weiterer Erlasse zum Datenschutz vom 21.12.2016, abrufbar unter https://www.bj.admin.ch/dam/bj/de/data/staat/gesetzgebung/datenschutzstaerkung/vn-ber-d.pdf.download.pdf/vn-ber-d.pdf (zit. Erläuternder Bericht VE-DSG), besucht am 8.8.2023.
Zusammenfassung des Bundesamts für Justiz BJ der Ergebnisse des Vernehmlassungsverfahrens vom 10.8.2017 betreffend Vorentwurf für das Bundesgesetz über die Totalrevision des Datenschutzgesetzes und die Änderung weiterer Erlasse zum Datenschutz vom 21.12.2016 (zit. Zusammenfassung Vernehmlassung VE-DSG), abrufbar unter https://www.bj.admin.ch/dam/bj/de/data/staat/gesetzgebung/datenschutzstaerkung/ve-ber-d.pdf.download.pdf/ve-ber-d.pdf, besucht am 8.8.2023.