A-34-01 FADP

The credit scoring company must explain to the person concerned the procedure and principles applied in practice to establish his or her solvency profile. Furthermore, the company's business secrecy does not preclude the communication of information to the authority or the court, which must weigh up the interests involved (judgment of the CJEU of 27 February 2025 in case C-203/22). A mobile phone operator refused to allow an Austrian national (CK) to conclude a mobile phone contract, which would have[...]

The RGPD also protects the banking data of legal entities when the beneficial owner objects to the transfer of the data to the Department of Justice (judgment no. 141/23-II-CIV of 6 December 2023 of the Luxembourg Superior Court of Justice). A person holds bank accounts with the Luxembourg branch of a Swiss bank. He is also the beneficial owner of a company which has two bank accounts with this branch. Another company, of which the customer's ex-wife and son are[...]

From 1 January 2025, banks, insurance companies and financial market infrastructures will have to report cyber attacks to the Federal Office for Cyber Security (FOCS) within 24 hours. The Federal Council has just put out to consultation the draft ordinance that implements art. 74a ff of the Federal Act on Information Security (obligation to report cyber attacks). As we explained earlier (see Hirsch, cdbf.ch/1261), banks will now have to inform the OFCS in the event of a cyber attack. The[...]

Obtaining the relevant extracts from the database needed to assess FINMA's guarantees of irreproachable activity (formerly Watchlist) is a real crossroads for an employee who has temporarily given up exercising an activity subject to FINMA. The Federal Administrative Court (FAT) has confirmed that art. 8 aLPD (now art. 25 LPD) does not allow access to the documents that justified inclusion on the Watchlist to the same extent as in a genuine procedure on the merits to determine whether an individual[...]