Intellectual property and data protection
Fintech and software may be protected under patent law or copyright law, depending on the specific details of the technology or software. Unlike in the EU, there is no specific protection of the creator's rights in a database. However, databases and software may be protected under copyright law, if and to the extent they are intellectual creations with individual character with regard to their selection and arrangement. To qualify for patent law protection, a technology or software must be an invention that is new and applicable in the industry, and that solves a technical problem (which is usually not the case in standard software). A technical reproduction process of someone else's market-ready work is prohibited.
If an employee creates a computer program in the course of discharging professional duties or fulfilling contractual obligations, the employer alone shall be entitled to exercise the exclusive rights of use. Inventions and designs produced by the employee alone or in collaboration with others in the course of his or her work for the employer and in performance of his or her contractual obligations belong to the employer, whether or not they may be protected. By written agreement, the employer may reserve the right to acquire inventions and designs produced by the employee in the course of his or her work for the employer but not in performance of his or her contractual obligations. Business models, as a rule, cannot be subject to intellectual property rights under Swiss law.
Under the Swiss Data Protection Act, protected data are not only data relating to persons but equally data relating to legal entities. Personal data must be protected against unauthorised processing by adequate technical and organisational measures. Processing of data is any operation with personal data, irrespective of the means applied and the procedure, and in particular the collection, storage, use, revision, disclosure, archiving or destruction of data. Thus, merely providing information or comparing products on a website may fall within the scope of Swiss data protection law (unless the data are public). In addition, such a comparison may be considered unfair under the UCA if the services, prices or business situation were reduced by incorrect, misleading or unnecessarily infringing statements. The storage of personal data on a server in Switzerland may be sufficient to trigger application of Swiss data protection law.
Digital profiling may be considered as a personality profile or even include sensitive personal data within the meaning of the data protection act; in other words, a collection of data that permits an assessment of essential characteristics of the personality of a natural person. Consent must be expressly given before processing such data and personality profiles (and sensitive personal data) must not be disclosed to a third party without justification. In addition, the data processor must inform the person concerned of:
- the controller of the data file;
- the purpose of the processing; and
- the categories of data recipients (if disclosure were planned).
The Swiss Data Protection Act is under review and it is expected that a revised Act aligned to the EU General Data Protection Regulation will become effective by 2021.