Data Protection at Work in Switzerland
The revised Swiss Data Protection Act (nDSG) entered into force in September 2023, significantly strengthening employee data rights. Employers who process personal data about their workers — from payroll data to performance monitoring — must comply with new transparency and proportionality rules.
- Swiss employment law explained for international professionals
- Legal basis, practical advice and what to do
- Relevant for expats, cross-border workers and newcomers
What Data Can Employers Collect?
Employers may only process employee data that is necessary for the employment relationship. This covers: payroll, social insurance contributions, attendance and time recording, performance data directly related to the role, and health data required for legal compliance (illness reporting, safety). Special categories (health, religion, political views) require a stronger justification. Employees have the right to request access to all data held about them (Art. 25 nDSG) — the employer must respond within 30 days.
Monitoring, Surveillance and Limits
The Labour Act (ArG Art. 26) prohibits using monitoring systems whose primary purpose is to control employee behaviour or performance. However: time recording systems (compliant), access logging for security, quality monitoring in call centres (with prior notice) are permitted. Video surveillance for safety or anti-theft purposes is allowed but camera footage cannot be used for routine performance assessment. Email and internet monitoring: permitted only for security or compliance reasons, with prior employee notice, and not systematically reviewing personal communications.
Employee Rights Under nDSG
Key employee rights: access right (see all data held about you, free, within 30 days), correction right (have inaccurate data corrected), objection right (object to processing for which no legitimate basis exists). Employers must provide a privacy notice explaining what data is collected, why, and for how long. Data breaches affecting employees must be reported to the Federal Data Protection and Information Commissioner (FDPIC) if there is a risk of harm.
Frequently Asked Questions
Can my employer read my work emails?
Only if they have informed you in advance and have a legitimate purpose (security, compliance). Systematic and undisclosed monitoring of personal communications in work accounts is unlawful. Many employers have a policy distinguishing between business and personal use of work email.
Do I have the right to know what personal data my employer holds about me?
Yes. The nDSG gives every person the right to request a copy of all personal data processed about them. The employer must respond within 30 days and cannot charge a fee for standard requests.
Can my employer share my data with a future employer?
Only with your consent or as legally required (e.g. confirming dates of employment). References given without your consent or containing inaccurate statements can give rise to claims under nDSG and general tort law.