The termination of an employment relationship is rarely a purely legal matter. Particularly at senior management level, it also involves reputation, tact, and the question of how to structure a professional transition without leaving lasting damage. In this sensitive phase—before positions harden and disputes escalate—Swiss employment law offers considerable flexibility.

Two instruments are central in this context: termination with an offer of modified terms (Änderungskündigung) and mutual termination agreements. While the former is often perceived as a pressure tool, the latter enables a consensual, flexible, and often significantly more elegant solution.

Termination with Offer of Modified Terms: A Risk-Laden Instrument

From an employer’s perspective, termination with an offer of modified terms allows contractual conditions to be redefined unilaterally—by threatening termination if the employee does not agree. For employees, this typically presents a difficult choice: accept less favorable terms or face dismissal.

While legally permissible, this approach quickly approaches the boundaries of bad faith. Abusive scenarios are not uncommon, particularly where financial pressure is applied. For senior professionals, such terminations are therefore rarely the preferred route—they tend to signal conflict rather than alignment.

Mutual Termination Agreement: Structuring Instead of Escalating

In contrast, the mutual termination agreement reflects a modern separation culture. It is based on mutual consent and allows both parties to structure the end of the employment relationship in a tailored manner.

This approach is particularly suitable where trust has been weakened but the working relationship has not entirely broken down. It combines key advantages: planning certainty for the employer and a controlled, orderly transition for the employee.

In practice, the focus is not only on whether the employment ends, but on how it ends.

Release from Duties, Garden Leave, and Transition Phase

A key element is the period between negotiating and signing the agreement and the effective termination date. This phase offers significant flexibility.

This phase is often decisive in shaping whether a departure is perceived as disruptive or as a professional transition.

Severance: More Than a Payment

Severance is often a central issue. Beyond the amount, its legal characterization is critical and has tangible consequences.

The decisive factor is the nature of the payment: whether it constitutes compensation for loss of employment, settlement of claims, or a discretionary benefit. This distinction directly affects

Care is required in drafting. Poorly structured agreements may lead to suspension periods under unemployment insurance rules if they create the impression that the employee contributed to or accepted the risk of unemployment.

Unemployment Insurance and Suspension Periods

For many individuals—including senior executives—unemployment insurance remains a relevant consideration. Authorities do not automatically treat mutual termination agreements as neutral.

Risks arise in particular where

Careful structuring and clear justification of the agreement can help avoid or mitigate suspension periods, highlighting the value of early legal advice.

Pension Considerations

Occupational pension aspects are often underestimated. Depending on how the termination is structured, several questions may arise:

These issues can have significant financial implications, particularly for individuals in their mid-forties and above with substantial accumulated pension assets.

Outplacement and Reputation Management

For senior professionals, future career positioning is a key consideration. Many termination agreements therefore include elements such as

These “soft” factors are often as important as financial terms. They help ensure that the next career step is actively shaped rather than left to chance.

Conclusion: Timing Is Critical

The primary strength of a mutual termination agreement lies in its timing. It delivers the greatest value before a conflict escalates—not after. Once positions have hardened or legal proceedings are underway, the scope for constructive solutions is significantly reduced.

For qualified employees, this means that those who act early and understand their negotiating position can not only secure but actively shape their exit. For employers, it is a tool to minimize risk while demonstrating professionalism.

A well-structured termination agreement is therefore more than a contract—it is a strategic instrument for a smooth, discreet, and forward-looking transition.

A data breach does not begin only when data is being misused. It begins the moment it becomes accessible to unauthorised parties. It is precisely this realisation that makes the recently publicised case involving the parking monitoring companies Funkwache AG and Unisecur GmbH a cautionary tale for businesses with digital business models.

According to media reports, databases containing several hundred thousand entries were accessible via the internet for an extended period. The data reportedly included names, addresses, vehicle details, locations, as well as information on criminal proceedings and penalty orders. The Federal Data Protection and Information Commissioner (FDPIC) has announced that it will investigate the matter.

Regardless of the outcome of the investigation in this specific case, the incident serves as a prime example of where the greatest risks of digital business models lie today: less in spectacular hacker attacks and more in organisational weaknesses, a lack of governance and inadequate information security.

Data protection starts with senior management – not with IT

Many companies still view data protection primarily as a legal obligation or as the responsibility of the IT department. This is not enough.

Companies that offer digital services or process personal data bear responsibility for the entire lifecycle of that data – from collection and storage to deletion. Data protection, information security and governance are not separate disciplines, but are interlinked.

Companies whose business models are based on digital processes or platforms, in particular, should therefore view this case not so much as an isolated incident but as an opportunity to critically examine their own organisation.

One of the key lessons concerns the definition of a personal data breach. Under Swiss law, a breach exists as soon as unauthorised access cannot reasonably be excluded. It is not necessary to demonstrate that personal data has actually been viewed, copied or misused. The mere exposure of confidential information through an unsecured administrative interface may already constitute a personal data security breach.

Side note: What is a data breach?

Under the Swiss Data Protection Act, a data security breach does not only occur when personal data is stolen or disclosed. Article 8 of the DPA requires that appropriate measures be taken to prevent data security breaches.

For instance, a breach is deemed to have occurred simply if,

  • that personal data could become accessible to unauthorised third parties,
  • that administrator areas are accessible without adequate protection,
  • that data is inadvertently disclosed, or
  • that the availability, integrity or confidentiality of personal data is compromised.

Whether abuse actually took place is not, for the time being, decisive for the legal assessment.

Seven lessons for businesses from the data breach

1. Information security is a legal obligation

This case clearly demonstrates that fundamental security measures are not merely technical recommendations.

Under the Data Protection Act, personal data must be protected by appropriate technical and organisational measures. These include, amongst other things, access controls, authentication, secure system architectures, and up-to-date vulnerability and patch management. For public authorities, organisations subject to specific obligations and certain companies, applicable laws such as the ISG or standards such as ISO 27001 or BSI IT Grundschutz apply to information security.

The much-cited principle of ‘security through obscurity’ – that is, the hope that no one will ever find a technical vulnerability – does not meet today’s requirements.

The incident further illustrates that technical and organisational measures must be implemented consistently throughout the entire lifecycle of digital systems. Secure authentication, access management, encryption, software maintenance, vulnerability management, logging, penetration testing and secure system configuration are no longer optional—they represent fundamental elements of responsible data governance.

2. Sensitive data requires a particularly high level of protection

It is particularly significant that, according to media reports, information relating to criminal proceedings and summary penalties is also said to have been affected.

Under the Data Protection Act, such information is classified as personal data requiring special protection. Consequently, the requirements regarding access control, encryption, logging and organisational controls are significantly heightened.

The more sensitive the data, the higher the requirements for its protection.

3. Outdated systems pose a compliance risk

Another issue concerns the software platform apparently in use, the development and support for which are said to have been discontinued years ago.

Outdated software does not automatically constitute a data protection breach. However, if known security risks are no longer addressed or security updates are permanently unavailable, this can lead to legal complications.

Lifecycle management and regular security updates are therefore just as much a part of compliance today as traditional data protection policies.

4. Data must not be collected indefinitely

The scope of the information stored also raises questions regarding data minimisation.

According to the reports, some data records are said to date back as far as 2001. Whether such a long period of storage was necessary and proportionate in each case will have to be assessed on a case-by-case basis.

However, the Data Protection Act requires adherence to a simple principle: personal data may only be processed and retained for as long as is necessary for the specific purpose.

5. Data protection does not end with outsourcing

The case is particularly interesting because it appears that the same software platform or technical infrastructure was used by several companies.

A common misconception often arises, particularly in relation to cloud solutions, SaaS offerings or outsourced IT services: outsourcing IT does not mean that responsibility for data protection is also outsourced.

Even when using external providers, companies remain responsible for compliance with data protection regulations. This includes, in particular, the careful selection of the service provider, clear contractual arrangements, appropriate technical and organisational measures, and ongoing monitoring of the outsourced services.

You can find out more on our ICT outsourcing page and in our specialist article on ICT outsourcing.

6. Incident response is part of corporate governance

Equally noteworthy is the statement by the FDPIC that, at the time of the media reports, it had apparently not received any notification of the data breach.

Where there is a high risk to the privacy or fundamental rights of data subjects, the Data Protection Act generally requires companies to inform the FDPIC of the data breach as soon as possible.

Whether these conditions were met in this specific case will be the subject of further investigations.

Regardless of this, the case highlights how important effective incident response processes are today. Companies should not wait until a crisis arises to clarify who decides whether there is a reporting obligation and how quickly the relevant procedures must be triggered.

7. Data protection also safeguards reputation and trust

Perhaps the most important lesson, however, lies outside the text of the law.

Even if a technical incident can be resolved quickly, the loss of trust often persists for much longer. Today, customers, business partners and investors assess not only products or services, but increasingly also how data is handled professionally.

Data protection and information security have therefore long since become an integral part of responsible corporate governance and effective risk management.

Key takeaways for management

The case of Funkwache AG and Unisecur GmbH serves as a prime example of how data breaches today are often not caused by highly complex cyberattacks, but by avoidable organisational and technical weaknesses. For companies with digital business models, this points to clear areas for action:

Companies that integrate data protection, information security and digital governance at an early stage do more than simply meet legal requirements. They build trust among customers, employees and business partners – thereby strengthening the long-term resilience of their digital business model.

If you have any questions regarding your digital business model, data protection or ICT outsourcing, please do not hesitate to contact us for an initial, no-obligation discussion.

Many parents transfer their assets to the next generation at an early stage – for example, through gifts, advance inheritances, or as part of estate planning. What ist often overlooked is that if their own assets are no longer sufficient later on, children may be required to provide financial support under certain circumstances. The legal basis for this is Art. 328 of the Civil Code.

Article 328(1) of the Swiss Civil Code requires “anyone living in comfortable circumstances” to support their relatives if the latter would otherwise fall into hardship. However, this obligation applies only to lineal ascendants. Cantonal legislation, such as § 37 Social Assistance Act of the Canton of Lucerne, also refers to the provisions of the Civil Code.

What does this obligation to provide support mean?


The obligation to support relatives, which is enshrined in the Civil Code, is based on family law. It is supplementary to social insurance benefits. If these benefits are insufficient, support from relatives may be considered. In practice, however, the local government typically grants social assistance first and then assesses whether it is possible to seek support from relatives who are obligated to provide it.

What are the requirements for the obligation to provide support under Article 328 Civil Code?


A duty to provide support requires that the person in question be in a state of financial distress. This means that, without financial assistance, the person would find themselves in financial distress – that ist, if they cannot cover theri living expenses from their own resources (income and liquid assets). The subsistence minimum under debt enforcement law, whicht the person in question can no longer cover – for examplfe, through the sale of assets or through employment – serves as a benchmark for determining financial need; however, an overall assessment is always conducted. The financial hardship is denied if the person could cover their living expenses but maliciously fails to do so. Another decisice factor in the assessment is whether the person in question has access to sufficient social security benefits.

Secondly, there must be a relative in ascending or descending line of the person in need who is in a favorable financial position. According to Federal Supreme Court case law, this is only the case if a high standard of living is possible and the support can be provided withour significantly impairing the relatice’s own standard of living. It is irrelevant whether the relative feels connected through a family community or does not maintain a family relationship.

It can therefore be concluded that the obligation to provide support is therefore determined by the beneficiary’s need and the obligor’s financial capacity.

How much is the obligation to provide support?


Under Article 329(1) of the Civil Code, spousal support is limited to what is necessary for the maintenance of the recipient, taking into account the circumstances of both parties. In practice, the upper limit is often based on the lebel of social assitance. In the event of a dispute, the specific amount is determined by the court at its discretion.

Asserting the claim


If no voluntary agreement can be reached, the obligation to provide support must be enforced through civil proceedings before the competent court (Art. 329(3) Civil Code). In the meantime, the local governement my provide social assistance and – where permitted by law – seek reimbursement from relatives who are obligated to provide support. However, it is not authorized to impose a binding obligation to provide support. It may, however, attempt to reach a solution with the relatives regarding financial support.

Real-life example: If a parent gives away their home – will the children have to pay for nursing home costs later on?


If a person disposes of assets (e.g., through a gift), this may result in a reduction or loss of supplementary benefits. This is because, in order to be eligible for supplementary benefits, a person must be receiving an AHV or IV pension and must not be able to cover their living expenses with their income and assets. If assets in the calculation, which may negate entitlement to supplementary benefits. The person in need still has the otion of applying for social assistance, provided their assets are less than CHF 4’000.00 (CHF 8’000.00 for married couples). In such cases, the authorities would assess, after benefits have been paid, whether relatives are required to contribute based on their duty of support.

A common scenario involves individuals in nursing homes who require care and have exhsausted their assets. In such situations, the question of seeking recourse from children regularly arises.

Please feel free to contact us with any questions you may have about the obligation to support relatives.

With the new E-Government Act (EGovG), the Canton of Lucerne aims to structurally advance the digital transformation of public administration. During its May 2026 session, the Cantonal Parliament clearly endorsed the Government Council’s counterproposal to the popular initiative “Digitalisation Now!”, while simultaneously emphasising that digitalisation must not result in a “digital only” administration. Public authorities must remain accessible through analogue channels. This political consensus is both correct and necessary.

The proposed legislative framework — in particular the new E-Government Act (EGovG) — is intended to form the foundation of a modern, digitally interconnected administration. At the same time, the debate demonstrates that the real legal and strategic challenges are only beginning. The key question is no longer whether public administration should be digitalised, but how. Concepts such as “digital first” and “once only” raise significant concerns relating to data protection and fundamental rights which must be addressed more precisely during the legislative process.

Digitalisation Is Not an End in Itself

The Lucerne proposal pursues understandable objectives: more efficient administrative procedures, standardised core services, digital workflows and the reduction of repeated data entry. In particular, the so-called “once-only principle” initially appears both citizen-friendly and economically sensible.

From a legal perspective, however, this principle is highly sensitive. If citizens and businesses are expected to provide data only once, this inevitably means that different administrative units will gain access to data already collected elsewhere. This gives rise to the central constitutional question: which authority may access which data, for what purpose, and on the basis of which statutory provision?

At present, the proposal remains too vague in this respect. Swiss public law continues to be governed by the principle of purpose limitation: personal data may only be processed for the purpose for which it was originally collected or where a sufficiently clear legal basis exists. Any serious approach to digital government therefore requires an equally serious assessment of which authorities genuinely require access to which categories of data. Transparency towards affected individuals is essential. Citizens must be able to understand which public bodies access their data and for what reason.

Generalised interconnection of administrative data without a clearly identified operational need creates the risk that data will be used beyond its original purpose. Such an approach would be difficult to reconcile with the constitutional right to informational self-determination under Article 13 paragraph 2 of the Swiss Federal Constitution. Under Swiss data protection law, it is not sufficient that data is merely technically accessible. What matters is whether its use is proportionate, transparent and sufficiently defined by law.

Digital Sovereignty: Switzerland Must Not Repeat the Cloud Mistake

The debate surrounding the EGovG also raises a strategic issue extending far beyond Lucerne: digital sovereignty.

For many years, Switzerland underestimated the implications of dependencies in the cloud sector. Today, both public institutions and private organisations face the reality that critical digital infrastructures increasingly depend on a small number of international technology providers. This dependency cannot easily be reversed.

From the perspective of the Cantonal Government, there appears to be little immediate regulatory need in this area. Yet developments surrounding artificial intelligence suggest that history may repeat itself. Because technological progress is complex and dynamic, there is a real risk that regulatory and strategic decisions will once again be taken too late. This makes it all the more important to establish technologically neutral and sustainable principles at an early stage.

Depending on the criticality of the systems involved, such principles may include:

Digital sovereignty does not mean technological isolationism. Rather, it means retaining effective control over data, systems and strategic decision-making capabilities. Genuine digital sovereignty requires more than organisational coordination alone.

Digital Administration (“Digital First”) — A Paradigm Shift

The EGovG follows a clear approach: public services are to be delivered primarily through digital channels (“digital first”), based on a centralised e-government infrastructure. User accounts, authentication systems and standardised interfaces are intended to facilitate seamless interaction between administrative entities. The Government’s commitment not to pursue a “digital only” approach demonstrates a welcome degree of proportionality.

Nevertheless, the constitutional right to privacy and protection of personal data under Article 13 paragraph 2 of the Federal Constitution requires state data processing activities to be clearly defined, proportionate and purpose-specific. In this regard, the Lucerne proposal remains partially too broad. In particular, concerns arise as to whether the planned interconnection of administrative data is sufficiently limited by law. Combined with pilot projects developed without an explicit statutory basis, this risks undermining public trust. Without clearly defined purposes, there is a danger of gradual expansion of state data use, with corresponding implications for informational self-determination.

There is also a structural transparency problem: the greater the flow of data between authorities, the more difficult it becomes for affected individuals to understand who processes which information and at what time. This places one of the central pillars of data protection law under pressure: the individual’s ability to retain control over their personal data.

Criticism by the Data Protection Authority: Correctly Focused

The Cantonal Data Protection Commissioner has identified several key weaknesses:
unclear purpose limitations, insufficient legal specificity, lack of transparency and inadequately defined security requirements.

From a constitutional and rule-of-law perspective, this criticism is entirely justified. It reflects core principles of Swiss data protection law: legality, purpose limitation, proportionality and data security. In a system designed around extensive data interconnection, these principles must not merely be referenced politically; they must be precisely codified and technically implemented.

Digitalisation Requires Democratic Debate — Not Merely Technical Implementation

It is encouraging that the political debate within the Lucerne Cantonal Parliament has recognised the risks of purely technocratic digitalisation. Several parliamentarians stressed that digitalisation must not lead to the exclusion of analogue access channels. This principle is fundamental: digitalisation must serve people — not the other way around.

The EGovG therefore provides an important basis for discussion. Not because it already contains all the answers, but because it opens the necessary debate: where does digitalisation create genuine added value? Where does it create new risks? And what constitutional safeguards are required for a modern digital administration?

Particularly in data-driven administrative processes, efficiency alone is insufficient. What matters is that digitalisation is implemented transparently, proportionately and in compliance with fundamental rights. Only then can long-term trust be established among both citizens and businesses.

Where the Legislature Must Tighten the Framework

The Cantonal Parliament now faces an important strategic choice. If digitalisation of public administration is to succeed in a sustainable and legally compliant manner, the following issues require particular attention:

Conclusion: Efficiency Requires the Rule of Law

The Lucerne proposal represents an important step towards a modern digital administration. Politically, it is more realistic and balanced than a rigid constitutional “digital first” obligation. At the same time, it demonstrates how closely digitalisation, data protection and fundamental rights are interconnected.

Efficiency gains must not come at the expense of informational self-determination. Sustainable digital transformation can only succeed if it rests on a clear legal foundation — transparent, controllable and technologically sovereign. It must not result in core questions of data protection and digital sovereignty remaining unresolved.

The upcoming legislative debates provide an opportunity to transform a pure digitalisation project into a constitutionally robust model of modern governance. This requires clear limits on data use, transparent data flows and strategic safeguards against new technological dependencies. Digitalisation should not occur merely because it is technically possible, but because it is proportionate, meaningful and democratically legitimate.

The issue of awarding damages in cases of media reports that infringe personal rights raises not only theoretical but also very practical questions: can a sum of money actually be determined on the basis of such an infringement, to be paid to the person concerned? The decision of the Zug Cantonal Court of 22 January 2025 provides a remarkable answer to this question, but it remains to be seen whether a settled line of reasoning for future cases can already be derived from it.

This article examines the decision of the Zug Cantonal Court of 22 January 2025 and its potential signal effect, despite the fact that it is not yet legally binding. Jolanda Spiess-Hegglin brought an action against Ringier AG seeking the payment of profits from various articles that infringed her personality rights in connection with the Zug Landammann celebration on 20 December 2014.

Protection of personality rights Art. 28 Abs. 1 ZGB

If a person’s personality rights are violated, they can defend themselves on the basis of Art. 28 Abs. 1 ZGB. This protection applies to any person or company that contributes to the violation through publication, distribution or technical support.

Not every infringement of personality rights is automatically unlawful. According to Art. 28 para. 2 of the Swiss Civil Code, an infringement of personality rights is only considered unlawful if there are no grounds for justification. Such grounds for justification include, in particular:

Media’s duty to inform

The media fulfil an important informational role as ‘guardians of democracy’, but this does not justify every violation of personal rights. Reporting must be supported by compelling reasons and remains bound by strict guidelines.

The media may disseminate true facts, provided that these can be proven by means of evidence. In addition, there must be a significant public interest in the information. However, even true facts are not covered if they are unnecessarily hurtful or originate from the private or secret sphere.

The media are free to express reasonable value judgements. However, these must not be unobjective or offensive. Objective and well-founded expressions of opinion remain permissible as long as they are not primarily defamatory.

Special considerations for public figures

A different standard applies to public figures than to ordinary citizens. Their protected private sphere is narrower because there is a legitimate public interest in information. According to Federal Supreme Court case law, reporting is only permissible to the extent that it is justified by the need for information. The protection of privacy is therefore also upheld in the case of public figures.

Unlawful infringement of personality rights

In the event of unlawful violations of personal rights, Article 28a ZGB provides the affected person with various legal remedies. These include, in particular, injunctive relief, removal and declaratory relief, as well as – depending on the circumstances – claims for damages, compensation and surrender of profits.

Distribution of profits Art. 28a Abs. 3 ZGB

If a violation of personality rights results in a profit, the injured party may demand that this profit be paid in full. The aim is to ensure that the profit does not accrue to the infringer, but is paid to the injured party.

Requirements for the claim for distribution of profits

Two conditions must be cumulatively fulfilled for the distribution of profits.

According to federal court rulings, it is sufficient for the causal link to be established if the article enables the existing readership to be retained. An increase in readership therefore does not have to be proven.

Judgment of the Cantonal Court of Zug dated 22. January 2025

The Cantonal Court of Zug ordered Ringier AG to pay Ms Jolanda Spiess-Hegglin CHF 309,531.00 plus 5% interest. The court largely agreed with Ms Jolanda Speiss-Hegglin, who had demanded a profit distribution of CHF 430,000.00.

The cantonal court’s ruling is not yet final and has been appealed by Ringier AG to the High Court of the Canton of Zug.

Profit calculation for media articles in infringement of personality rights

The ruling follows an earlier ruling by the Zug Cantonal Court in 2022, in which Ringier AG was ordered to disclose information relating to four articles that violated personal rights. The disclosure obligation included:

Based on this information, the court calculated the amount to be over CHF 309,531.00 (for the exact calculation, see A1 2020 56 dated 22 January 2025).

Impact of the decision on future reporting?

Despite not yet being legally binding, the ruling sends a strong signal. This is the first time that a court in Switzerland has ordered a media company to surrender profits from unlawful violations of personal rights – including a specific calculation and quantification.

In future, media companies will have to ask themselves whether borderline reporting is economically viable. Serious violations of personal rights can be expensive if courts order the surrender of profits. The ruling enforces the principle that ‘wrongdoing must not pay’.

Our law firm provides advice on personality rights and infringement of personality rights. Please feel free to contact us with any questions you may have about personality rigths.

Data protection law protects individuals – but not every individual who invokes data protection law. The ECJ has made it clear: anyone, that does not use the right of access to monitor their own data, but instead deliberately uses it as a lever to pursue claims for damages, forfeits that protection. 

CJEU JUDGMENT (Brillen Rottler) C-526/24 OF 19 MARCH 2026 

Facts of the case 

In March 2023, TC subscribed to the newsletter of a German optician (Brillen Rottler). Just 13 days later, he submitted a request for access under Article 15 of the GDPR. The company refused to provide the information, citing publicly available information purportedly demonstrating a systematic approach on the part of TC: signing up for services -> request for information -> claim for damages. TC brought an action seeking payment of at least EUR 1,000 in compensation. 

Key Holdings 

SCOPE OF THE RIGHT OF ACCESS (Art. 15 GDPR) – WHAT IS COVERED, WHAT IS NOT? 

Covered by the right of access (Art. 15 GDPR) 

Not covered by the right of access or not worthy of protection 

CONSEQUENCES FOR SWITZERLAND AND ITS JUDICIAL PRACTICE 

Relevance for Switzerland 

Although the GDPR does not apply directly in Switzerland, the revised Data Protection Act (FADP, in force since 1 September 2023) is closely aligned with European requirements. Swiss courts regularly refer to the GDPR and ECJ case law as an aid to interpretation for the EU-compatible application of the FADP.   

Strengthening of the prohibition of abuse of rights (Art. 2 of the Swiss Civil Code) 

The judgment confirms and reinforces the application of Art. 2(2) of the Swiss Civil Code (“The manifest abuse of a right shall not be protected by law”) in data protection law. Swiss courts are likely to adopt the logic of the ECJ: it is not the number of requests, but the improper intention that is decisive.  

Art. 26(1)(c) FADP permits the refusal of access in the case of ‘manifestly vexatious’ requests or those with a purpose contrary to data protection. The ECJ judgment provides valuable criteria for the practical application of this provision. 

Key difference: Higher threshold for compensation (Art. 32(3) FADP) 

Whilst the ECJ recognises the loss of control as a potentially compensable non-pecuniary loss, Art. 32(3) FADP requires a serious infringement of personal rights for a claim for compensation. The mere refusal to provide information or the associated uncertainty is unlikely to meet this threshold in Switzerland in most cases. 

This represents a significantly higher hurdle for ‘data protection trolls’ in Switzerland than under EU law and is likely to render the business model of systematic requests for information for the purpose of obtaining damages largely unattractive in Switzerland. 

Consistency regarding the causal link   

The ECJ’s comments on the interruption of the causal link by the conduct of the person concerned are fully consistent with the principles of Swiss tort law (contributory negligence). Anyone who deliberately provokes a breach forfeits their claim.   

CONSEQUENCES FOR BUSINESSES 

The judgment is not a free pass to reject requests for information across the board – the burden of proof for misuse lies entirely with the company. Incorrect or delayed information opens the door to claims for damages – regardless of whether the request was made in good faith or abusively.    

For Swiss companies, there is the additional factor that the revised FADP has imposed comparable disclosure obligations since September 2023. Whilst the threshold for claims for compensation is higher than under EU law, this does not relieve companies of the obligation to provide timely and complete information. 

In practical terms, it is therefore advisable to streamline information processes and assign responsibilities clearly within the organisation, to formulate responses in a comprehensible manner rather than simply providing raw data, and to structure data management in such a way that information can be provided quickly and in full. 

CONCLUSION 

With its ruling, the ECJ has drawn an important line against the abuse of the right of access under data protection law: anyone who requests information under Article 15 of the GDPR not to monitor their own data processing, but specifically to construct claims for damages, is acting abusively – and forfeits both the right to access and the right to compensation. ForSwitzerland, the ruling confirms the application of the prohibition of abuse of rights (Art. 2 of the Swiss Civil Code) in data protection law. At the same time, the Swiss Data Protection Act (FADP) sets the bar even higher than EU law by requiring a serious infringement of personal rights for claims for compensation, which makes the business model of “data protection trolls” unattractive.    

Smartphones are now often the central evidence hub in criminal proceedings. Almost everyone carries one, which makes them one of the most important data carriers for investigators. That is precisely why access to them must never become a legal vacuum; an effective sealing procedure upon seizure is needed as a safeguard for privacy, personality rights, and professional secrecy.

Law enforcement is under pressure to review digital evidence quickly, while affected individuals often can only challenge a search with a significant delay. That tension is exactly what makes sealing so essential.

Why this issue matters now

Recent media reporting points to a marked rise in sealing-related proceedings involving smartphones; in Zurich alone, the number is said to have increased by 75 percent. At the same time, the federal authorities are working on more efficient procedures for securing electronic evidence while expressly emphasizing data protection and procedural rights.

This shows two things: digital evidence has become indispensable for criminal prosecutors, but the rule-of-law safeguards must operate with equal seriousness. If sealing and unsealing are not handled promptly and carefully, irreparable intrusions into highly sensitive personal data can follow.

The role of sealing

Sealing is not a technical footnote; it is a core procedural safeguard for sensitive information upon seizure. Anyone whose devices or documents are seized and who invokes confidentiality interests can request that the contents remain sealed until a court decides whether inspection is allowed.

This is especially important for smartphones, because they often contain an exceptionally broad digital footprint: chats, photos, health data, location history, work documents, and private communications. A search therefore almost inevitably interferes with privacy and must be justified with particular care.

What the court must assess

In unsealing proceedings, the question is not simply whether the public prosecutor would like to review the data. The compulsory measures court must also determine whether there is sufficient suspicion of an offence and whether the search is proportionate.

This review is crucial in digital cases because the interference is so far-reaching. Authorities must not access an entire device on a blanket basis if the relevant information can already be narrowed down more precisely, or if protected secrets outweigh the investigative interest.

Current developments and practical problems

The current debate around digital evidence reveals a structural problem: proceedings often take too long, even though digital data can quickly lose evidentiary value or appear in massive volumes. At the same time, the affected person’s duty to cooperate is sometimes applied too strictly in practice, although the Federal Supreme Court has stressed in relevant cases that substantiated disclosures can be sufficient.

Added to this is the new statutory three-day deadline for filing a sealing request after seizure, which has been described in legal commentary as a significant tightening and a potential trap. Missing that deadline, or failing to justify the request properly, can mean the irreversible loss of protection.

Why this matters for personality rights

The right to sealing protects not only lawyers, journalists, and other holders of professional secrecy, but ultimately every person whose most intimate life domains are stored on a device. A smartphone search often provides a comprehensive view of someone’s digital life, far beyond what is relevant to the criminal proceedings.

For that reason, the rule of law must not weaken the sealing mechanism simply because some courts have not yet fully adapted to the pace of technological change. The correct response is not less legal protection, but more precise procedures, faster judicial review, and stricter reasoning requirements for any intrusion.

Conclusion

In digital criminal proceedings, sealing is not a luxury; it is a rule-of-law necessity. Especially with smartphones and other data carriers, it determines whether privacy remains effectively protected or whether sensitive data are disclosed too early.

Anyone who wants to make searches of digital devices easier must not gradually dismantle the protection of affected persons. A functioning sealing procedure is the condition for keeping criminal prosecution, personality rights, and privacy in fair balance.

Decision 2C_47/2025 of 27 March 2026 – Labelling of vegan products

The Federal Supreme Court has ruled that the term ‘milk’ may not be used in connection with vegan drinks – not even in a modified or ironic form. In the case of an oat drink bearing the label ‘SHHH… THIS IS NOT M[*]LK’, the Federal Supreme Court upheld the ban imposed by the Zurich Cantonal Laboratory. Even the stylised spelling, with a drop symbol in place of the ‘i’, is sufficient to give the impression of a reference to milk.

The court based its decision on its 2025 case law (decision 2C_26/2023), according to which terms such as ‘milk’, ‘cream’ or ‘yoghurt’ are protected designations for animal products under the Federal Act

on Foodstuffs and Consumer Products (Foodstuffs Act, FSA) and the Foodstuffs Ordinances. Such terms may only be used for products that are actually made from milk of animal origin.

Focus on differentiation and consumer protection

The Federal Supreme Court emphasises that the term ‘milk’ raises clear expectations among consumers – particularly with regard to nutritional value, composition and origin. A ‘negative claim’ (‘this is not milk’) does not alter this, because the connection to real milk is deliberately established. The decision provides legal certainty for manufacturers, inspectors and consumers and sends a further signal in favour of transparent labelling in the growing market for vegan alternatives.

Administrative procedures for the placing of foodstuffs on the market

The authorisation and supervision of foodstuffs in Switzerland is governed by the Ordinance on Foodstuffs and Consumer Goods (LGV; SR 817.02). The Federal Food Safety and Veterinary Office (BLV) is responsible for coordinating enforcement, whilst the cantons (e.g. the Zurich Cantonal Laboratory) carry out enforcement.

Anyone wishing to place a food product on the market must, in particular, ensure:

Special provisions apply to so-called ‘novel foods’. Breaches result in a ban on placing the product on the market, as in the present case, sometimes accompanied by administrative proceedings up to the Federal Supreme Court.

International trend towards clear labelling

The Federal Supreme Court’s ruling is part of a European and international trend calling for a clear linguistic distinction between animal-based and plant-based foods. In the European Union, the term ‘milk’ is reserved exclusively for animal products under EU Regulation No 1308/2013. The same applies to terms such as ‘cheese’ or ‘butter’.

The European Commission and national authorities – such as the Federal Ministry of Food and Agriculture (BMEL) in Germany – emphasise the importance of uniform and transparent product labelling so as not to mislead consumers. The recent EU dispute over the terms ‘veggie burger’ or ‘veggie schnitzel’ shows that whilst legislators are granting more leeway for plant-based products, they are simultaneously drawing clear boundaries as soon as protected terms such as ‘milk’ are involved.

Switzerland – albeit as a non-EU member – thus follows a similar line to the EU: Consumer protection and legal certainty take precedence over creative wordplay in marketing.

Conclusion

The new ruling makes it clear: creativity in the marketing of vegan products has legal limits. Anyone selling plant-based alternatives must adhere to the labelling rules of food law – even if playful wordplay appears attractive from a marketing perspective.

To work as a doctor in Switzerland and be able to invoice services covered by mandatory health insurance (OKP), one needs more than just a federal degree. The Federal Law on Health Insurance (KVG), specifically Articles 36 and 37, governs the professional and administrative licensing requirements at the federal level. In addition, cantonal authorizations are required, such as those in the Canton of Lucerne.

Overview of General Admission Requirements

According to Article 36 KVG, physicians may only provide services covered by the OKP if they:

For foreign diplomas, confirmation of recognition by MEBEKO is also required so that the degree is recognized as equivalent in Switzerland. In the Canton of Lucerne, this license to practice is issued by the Department of Health and Sport (DIGE). The required form, “Gesuch um Erteilung einer Bewilligung zur fachlich eigenverantwortlichen Berufsausübung und um Zulassung zur Tätigkeit zulasten der OKP” (Application for a License to Practice Independently and for Authorization to Provide Services Covered by Compulsory Health Insurance) is available online at gesundheit.lu.ch/bewilligungen. Once cantonal authorization has been granted, a ZSR number is required for billing health insurers; this number serves as a unique identifier for the service provider.

Admission restrictions under Art. 37 of the Health Insurance Act

Under Article 37 KVG, the federal government may require the cantons to introduce additional conditions for the licensing of physicians. These include, in particular, requirements regarding:

These requirements were tightened with the 2022 revision of the KVG to better control the number of licensed physicians and ensure the quality of medical care.

Key Issues and Current Developments

Since the amendment to the KVG on June 19, 2020, two points have become particularly relevant in practice:

Three years of practice at a recognized Swiss training institution

Only those who have worked for at least three years at a Swiss training institution in the requested specialty during the three years prior to submitting the application may be admitted. This rule is intended to ensure that physicians are familiar with the Swiss healthcare system. The Canton of Lucerne strictly applies these provisions as part of its licensing procedures.

General practitioners and Regional Underservice

A key issue in recent years has been ensuring primary care by general practitioners, particularly in rural areas. The growing shortage of family physicians means that many cantons — including Lucerne — can make use of the exceptions provided for in the KVG in cases of underservice. The same applies to the specialties of pediatric and adolescent medicine as well as child and adolescent psychiatry and psychotherapy.

This increased flexibility is intended to prevent entire regions from being left without primary care — a problem that particularly affects smaller municipalities. At the same time, the cantons’ responsibility remains significant: they must ensure that such special licenses are granted in a targeted and transparent manner.

Demand-Based Licensing

Cantons may restrict licensing if regional care provision is already secured. This applies in particular to specialties with excess capacity. The Canton of Lucerne has exercised this authority through its cantonal licensing ordinance and has limited the maximum number of full-time equivalents in the specialty of angiology to 11.5.

Conclusion

For physicians, this means that in addition to a medical degree and board certification, domestic experience, language proficiency, and quality assurance are now also decisive factors for admission under the KVG. Anyone seeking to practice in Lucerne should carefully review the cantonal requirements and submit a complete application—this will help avoid delays and follow-up inquiries.

A remarkable piece of Swiss cinema: «The Narrative» tells a story that moves, surprises, and resonates.

We are proud to have made a small contribution to this major project as legal advisors – and would like to thank the entire production team for their trust and for the appreciative mention in the film and at the preview screening.

This is a film that you don’t just watch, you experience. We congratulate the entire team on this successful work and wish them every success for the theatrical release on March 12, 2026!