We are a Swiss law firm, dedicated to providing legal solutions to business, tax and regulatory matters.
Life Sciences, Pharma, Biotech
Litigation and Arbitration
Our knowledge, expertise & publications
6 December 2021
Data Protection in US Civil Litigation
Pre-trial discovery is a standard procedure in US civil litigation: The parties to a dispute exchange data and documents – e-mails, files, paper documents, chats, server logs, etc. – that may be relevant to the matter at hand prior to the trial. Time and again, data and documents from Switzerland have to be provided for such purpose, either because a Swiss group company is involved in the dispute or it holds the requested data, or because a Swiss company is directly involved in the US litigation.
We regularly have clients, who find themselves in this situation, asking us whether they are allowed to simply deliver data and documents from Switzerland to their US counsel and ultimately to the opponent. The short answer: In the context of pre-trial discovery, this is usually possible if third-party privacy and trade secrets are respected. We have compiled the most important points that normally have to be considered. Similar rules apply to data deliveries under the GDPR.
Hence, if the following measures have been taken, Swiss law generally permits the collection, storage, review and production of data and documents for the US litigation of a company (or another company):
If the above rules are not complied with, this may have civil, criminal and administrative consequences. Data subjects may assert damages or other claims based on the violation of their personality rights (under Swis data protection law) by way of civil lawsuits. In addition, the Federal Data Protection and Information Commissioner may intervene, as he did, for example, in the case of the tax dispute between the U.S. and Switzerland (cf. his comments on the transfer of bank employee data from 2013). In regulated industries (e.g., the financial services industry), the regulator (e.g., FINMA) may also intervene. If secrecy obligations are violated, this can lead not only to civil law sanctions but also to the criminal liability of responsible individuals, be it for the violation of business secrets (Art. 162 SPC), due to the violation of professional secrecy obligations (e.g. Art. 321 SPC, Art. 47 Bank Act) or for economic espionage (Art. 273 SPC). Under the revised Data Protection Act (revDPA, expected in 2023), professional secrecy obligations will be extended to all professions (Art. 62 revDPA); the disclosure of personal data abroad in wilful disregard of the requirements of the revDPA on data exports will also be punishable by up to CHF 250,000 (Art. 61 revDPA), as will the outsourcing to a data processor without the necessary contract in place (ibid.). Finally, Art. 271 SPC must be observed: If this provision is violated intentionally, the offender faces up to three years imprisonment or a fine. This may not only be triggered by producing evidence on Swiss soil for a foreign proceeding under the threat of sanctions, but also in other cases where the production effectively deprives the persons affected of the protection of Swiss law, even where such data is produced voluntarily; according to the most recent case law of the Federal Tribunal, supplying data in violation of Swiss data protection law or of a contractual secrecy obligation may already be sufficient to trigger the provision; according to the Federal Tribunal, only the supply of data that the company can freely dispose of is permitted (cf. Federal Tribunal decision of November 1, 2021, 6B_216/2020). In the case of data of employees, it must be examined, for example, whether the disclosure of their personal data exposes them to a disadvantage.
If you also read German and want to learn more about how to handle internal investigations and eDiscovery, please download a copy of our comprehensive practice manual on the subject or order a printed copy from us (free of charge).
Author: David Rosenthal
Categories: Employment Law, Banking & Finance, Data & Privacy, Investigations & eDiscovery, Litigation and Arbitration
Das Modell Rosenthal berechnet, wie gross das Risiko der Datenherausgabe ist, wenn Unternehmen und...
At the end of December 2022 the transition period for checking and updating your con-tracts and...
New DPA from 1.9.2023 The essentials all on one page Limited effort required from SMEs
Opt-in for our regular updates, news, views, insights and more.