Data protection and data governance

Data protection and data governance

Discretion, confidentiality and data protection are and will remain core competencies of Swiss banking. Here is an overview of the relevant legal provisions in Switzerland as well as current developments.

Developments in data protection

Data protection

The protection of privacy is a fundamental right. According to Art. 13 of the Swiss Federal Constitution,

every person therefore has the right to privacy in their private and family life and in their home, and in relation to their mail and telecommunications and – in the broader sense – the right to be protected against the misuse of their personal data.

In our increasingly digital world, data shape our lives, at all times and everywhere. Once saved, data remain on the internet for a very long time and can therefore potentially also be used for purposes that do not correspond to the wishes of the user. Consequently, both companies and private individuals have a strong interest in the protection of their data being respected and ensured. Banks, which have a long tradition of discretion and confidentiality, are acutely aware that detailed information about a person’s financial situation is among the most sensitive forms of personal data.

Data Protection Act

In Switzerland, the Federal Act on Data Protection (FADP) protects the privacy and the fundamental rights of natural and legal persons when their data are processed. It sets out the requirements for permissible data processing in accordance with the rule of law and therefore protects against possible abuses. It lays down the principle that no more personal information than is required may be collected (principle of proportionality and data minimisation).

Data protection serves to protect the right to informational self-determination: the concept that every citizen should be able to define for themselves how their own data are disclosed and used. Data protection law therefore gives citizens various ways to exercise their privacy rights.

Bank-client confidentiality

Bank-client confidentiality (Art. 47 of the Banking Act) is a professional duty of confidentiality comparable to that imposed on doctors or lawyers. It aims to protect financial privacy and covers all conclusions of fact, value judgements and other information (including personal evaluation results) that can be attributed to a bank customer. Bank-client confidentiality therefore goes further than data protection law. Contrary to a widely held belief, however, it does not apply without limitation. Criminals in particular are not protected by bank-client confidentiality, which dates back to 1934. Since then, banks have been required to disclose information about customers

  • in civil proceedings (for example pertaining to inheritances or divorces),
  • in debt recovery and compulsory liquidation proceedings,
  • in criminal proceedings (especially where tax fraud is involved),
  • in proceedings by the financial market supervisory authority, and
  • in proceedings relating to the cross-border exchange of information.

Nevertheless, bank-client confidentiality has been fundamentally transformed in recent years, particularly as it relates to tax matters. Developments at the international level have also prompted Switzerland to accord greater importance to transparency vis-à-vis tax and supervisory authorities.