Coronavirus and data protection in Switzerland

The pandemic we are living is affecting different fields: from employment to tax, from real estate to litigation. Another specific aspect to be considered is data protection. Indeed, due to the enormous risks of Covid19, companies will have to process highly sensitive health data of employees. This situation generates lots of questions on how data protection compliance can be ensured in these exceptional circumstances, and, in particular, after Swiss government has adopted strict measures to curb the spread and to protect the public.

Let’s analyze the main points in Switzerland according some Swiss law firms, focusing on three key points of the issue: the type of data that can be collected, the amount of time that this data can be stored and its disclosure to third parties. All this considering that the situation concerns different actors: “Employers, contract partners, insurance companies as well as authorities”, Walder Wyss writes in its Coronavirus information hub, a project they have launched to cope with the pandemic, where a specific section is indeed dedicated to data protection. All these parties “must regularly deal with questions relating to the processing of data concerning health in relation with the coronavirus”.

Niederer Kraft Frey has written a client note which specifies, among others things, that companies should only collect the necessary personal data, such as the existence of Coronavirus symptoms, information on recent professional and non-professional travel to risk countries and close contact to persons who have recently been to risk countries and/or show Coronavirus symptoms. It’s important to notice that the legal basis for collecting health and travel data is the legal obligation basis. Anyway, “if companies introduce new employee related data processing activities or adapt existing ones, the employees must be informed in advance based on GDPR and Swiss law”, EY Law underlines. Still according to EY, “Data protection law does not restrict employers from checking body temperatures of their employees as long as no identifying information of the employees is collected”.

As Pestalozzi points out, “data can be stored as long as it is required for the purpose at stake. At the latest when the impact of the Covid-19 pandemic has ceased to exist, the data must be deleted”. Furthermore, “companies not having designated a data protection officer might have to declare their newly established data files related to Covid-19 measures to the Federal Data Protection and Information Commissioner (Fdpic)”. In any case, it’s important to remark that employees should receive a privacy notice prior or at the moment of collection setting out the type of data that will be collected, the purpose, whether it will be shared with third parties. a data protection privacy impact assessment (Dpia) might be required under the GDPR, but this currently not yet necessary under the Swiss Data Protection Act.

Finally, “collections with sensitive personal data disclosed to third parties need to be registered with the Swiss Federal Data Protection and Information Commissioner”, Nkf specifies. “With regard to medical data required to assess an employee’s vulnerability, the Covid-19 Ordinance can be invoked as statutory obligation”, Pestalozzi writes. Eventually, without justification and notification, sensitive personal data should not be disclosed to third parties, including other group companies in Switzerland or abroad.

Coronavirus and data protection in Switzerland

FabioAdmin

Legalcommunity.ch

Launched in 2020 by LC Publishing Group, it is the first digital portal addressed to the Swiss legal market.
In terms of contents, the website focuses on both law firms and in-house legal departments, covering the latest news and rumors on deals and operations (and the related advisors) as well as on lateral hires, moves and new appointments and providing insights, analytical data and opinions on the professions’ main trends and topics (Ai, innovation, etc.).

For further information, please visit the Group’s website www.lcpublishinggroup.com

LC Publishing Group S.p.A. – Via Tolstoi 10 – 20146 Milano – Tel. 0236727659 – C.F./P.IVA 07619210961
REA 1971432 Registro delle Imprese di Milano – Cap. Soc. Euro 50.000,00 i.v.

Copyright 2022 © All rights Reserved. Design by Origami Creative Studio

SHARE

Share on linkedin
Share on twitter
Share on facebook
Share on whatsapp
Share on email
Share on telegram