Misuse of Data Protection Act to procure evidence


Your contact

1. Introduction

These days everybody is talking about data protection, whether in connection with the contentious footage of Google (Google Street View) or the databases of the police and other public authorities. Although data protection laws undoubtedly make an important contribution to the protection of personal rights and privacy, they can also be used to justify abuse. In our office, for example, we have increasingly been seeing cases where attempts are made to use the legal remedies of the Data Protection Act to obtain evidence for court cases.

2. Application of Data Protection Act to companies

The Federal Data Protection Act safeguards the privacy and basic rights of individuals whose personal data is being processed. It applies inter alia to the processing of personal data by private persons, e.g. by companies or enterprises. The terms have consciously been formulated widely: “data” is defined as all information relating to a specific person. The “processing of data” means all activities that involve personal data, irrespective of the means and procedures used, for example when data is obtained, stored, used, altered, disclosed, archived or destroyed. A “data collection” is every collection of personal data that has been structured in a manner that allows the retrieval of data for a specific individual.

It is obvious that, in the era of electronic data management, the databases that companies use every day to manage their customer relationships can be classified as data collections without further ado. Even traditional “customer files” kept in file cabinets are clearly collections of data. Whoever uses such databases or customer files is therefore subject to the Data Protection Act.

3. Obligations when processing data

The Data Protection Act applies numerous principles to the processing of data. Personal data may only be processed in accordance with the law. Data must be processed in good faith and commensurately. Personal data may also only be processed for the reason that was provided when the data was obtained. The affected person must be aware of the collection of personal data and in particular the purpose of its processing. Whoever processes personal data must ascertain the accuracy of the data. And finally, personal data must be protected from unauthorised use by appropriate technical and organisational measures.

4. Rights of the persons concerned

But what are the rights of the persons whose data is collected? If it becomes clear that a collection of data contains incorrect data, the person concerned can request its correction or file a notice of contestation.

For an affected person to check whether his or her personal data is being collected and, if yes, whether this data is correct, the Data Protection Act provides inter alia that every person can request information from the owner of a data collection on whether any of his or her data is being processed. The information must generally be provided in writing, in the form of a print-out or photocopy, and free of charge.

5. Danger of misuse and recommendations

However, this right to information – which is in principle necessary and correct – can also be abused for unrelated purposes. In particular when a legal dispute seems unavoidable or when legal action has already been initiated people sometimes try to obtain additional evidence by invoking the right to receive information. For example, a party from the opposite side is instructed to provide copies of the complete customer file (sometimes even under threat of punishment for non-compliance). Must the request for information be answered in such a situation?

The legislator stipulated that the Data Protection Act does not apply to pending civil actions. Although the interpretation of this provision is open to dispute, we believe that this means that the Data Protection Act no longer applies at the latest from the date on which a procedure is initiated (i.e. by filing a request for conciliation or a complaint), at least not between the parties to the proceedings, and that there is then no longer any right to be given information. If this should not be the case, it would be easy to sidestep the provisions of the Code of Civil Procedure on the parties’ cooperation rights and obligations. It would also be possible for a litigating party to get a good idea of the evidence available to the opposing party outside the limits of the court case. A request for information from the opposing party in a court action who bases the request on the Data Protection Act therefore does not have to be met. As regards the other parties involved in a civil action (e.g. witnesses, expert witnesses), the applicability of the Data Protection Act must be investigated in more detail on an ad hoc basis.

In addition, information can already be refused, restricted or deferred before the formal initiation of an action if this is required to protect the overriding interests of a third party (e.g. because the disclosure of information would violate the secrets or the data protection rights of third parties) or to protect an overriding personal interest and the personal data is not disclosed to third parties. If information is not provided unconditionally, the person concerned must be informed of the reason for which information is refused, restricted or deferred. It might also be obvious from the circumstances that the request for information is submitted solely in view of an upcoming court action, in which case information can be refused because the improper use of a legal remedy is abusive.

It is therefore important for companies to always carefully review a request for information. However, if such a request is unrelated to an imminent or pending legal action and there are no justified overriding own or third-party interests to protect, the request must be satisfied. But caution is always needed as information cannot be taken back once it has been disclosed and it is impossible to control the use of the information once the data has been passed on.

A detailed discussion of this topic appeared in Allgemeinen Juristischen Praxis, issue 8/2010, under the title Das Auskunftsrecht nach DSG – eine unkonventionelle Art der Beschaffung von Beweismitteln?

DSG


Share post



most read


Highlights

MLL Legal

MLL Legal is one of the leading law firms in Switzerland with offices in Zurich, Geneva, Zug, Lausanne, London and Madrid. We advise our clients in all areas of business law and stand out in particular for our first-class industry expertise in technical-innovative specialist areas, but also in regulated industries.

MLL Meyerlustenberger Lachenal Froriep

Newsletter

Much is still unclear in relation to liability questions around AI tools.

Read our latest post about “Liability during the Lifecycle of an AI Tool” and download our white paper.

Show article.

Our Story

MLL Legal is a leading Swiss law firm with a history that dates back to 1885. The firm has grown both organically and by means of strategic mergers, the latest of which took place on 1st July 2021 between Meyerlustenberger Lachenal and FRORIEP.

The merger establishes MLL Legal, a combined new entity as one of the largest commercial law firms in Switzerland with 150 lawyers in four offices in Switzerland and two offices abroad, in London and Madrid serving clients seeking Swiss law advice.

Our firm has a strong international profile and brings together recognised leadership and expertise in all areas of law affecting commerce today, with a focus on high-tech, innovative and regulated sectors. 

About us

Publications

Click here for our latest publications

COVID-19

Read all our legal updates on the impact of COVID-19 for businesses.

COVID-19 Information

Job openings

Looking for a new challenge?

Our talented and ambitious teams are motivated by a common vision to succeed. We value open and straightforward communication accross all levels of the organisation in a supportive working environment.

Job openings

Firm News

Click here for our latest firm news.

Our Team

The regulatory and technological landscape continually require businesses to adapt and evolve.
Our 150+ lawyers are continuously innovating and striving for improvement in everything they do. We embrace new ideas and technologies, combining our wealth of expertise with creative thinking and diligence. With our hands-on approach, we implement viable solutions for the most complex legal challenges.

Our Team.

LexCast – the podcast series by MLL NexGen

Smart legal education on the go. The LexCast hosted by MLL NexGen provides legal insights in a short format that allows listeners to educate themselves on and about legal issues wherever they are and whenever they find the time.

Listen to our podcast series – stay tuned.

MLL Legal on Social Media

Follow us on LinkedIn.