With the new E-Government Act (EGovG), the Canton of Lucerne aims to structurally advance the digital transformation of public administration. During its May 2026 session, the Cantonal Parliament clearly endorsed the Government Council’s counterproposal to the popular initiative “Digitalisation Now!”, while simultaneously emphasising that digitalisation must not result in a “digital only” administration. Public authorities must remain accessible through analogue channels. This political consensus is both correct and necessary.

The proposed legislative framework — in particular the new E-Government Act (EGovG) — is intended to form the foundation of a modern, digitally interconnected administration. At the same time, the debate demonstrates that the real legal and strategic challenges are only beginning. The key question is no longer whether public administration should be digitalised, but how. Concepts such as “digital first” and “once only” raise significant concerns relating to data protection and fundamental rights which must be addressed more precisely during the legislative process.

Digitalisation Is Not an End in Itself

The Lucerne proposal pursues understandable objectives: more efficient administrative procedures, standardised core services, digital workflows and the reduction of repeated data entry. In particular, the so-called “once-only principle” initially appears both citizen-friendly and economically sensible.

From a legal perspective, however, this principle is highly sensitive. If citizens and businesses are expected to provide data only once, this inevitably means that different administrative units will gain access to data already collected elsewhere. This gives rise to the central constitutional question: which authority may access which data, for what purpose, and on the basis of which statutory provision?

At present, the proposal remains too vague in this respect. Swiss public law continues to be governed by the principle of purpose limitation: personal data may only be processed for the purpose for which it was originally collected or where a sufficiently clear legal basis exists. Any serious approach to digital government therefore requires an equally serious assessment of which authorities genuinely require access to which categories of data. Transparency towards affected individuals is essential. Citizens must be able to understand which public bodies access their data and for what reason.

Generalised interconnection of administrative data without a clearly identified operational need creates the risk that data will be used beyond its original purpose. Such an approach would be difficult to reconcile with the constitutional right to informational self-determination under Article 13 paragraph 2 of the Swiss Federal Constitution. Under Swiss data protection law, it is not sufficient that data is merely technically accessible. What matters is whether its use is proportionate, transparent and sufficiently defined by law.

Digital Sovereignty: Switzerland Must Not Repeat the Cloud Mistake

The debate surrounding the EGovG also raises a strategic issue extending far beyond Lucerne: digital sovereignty.

For many years, Switzerland underestimated the implications of dependencies in the cloud sector. Today, both public institutions and private organisations face the reality that critical digital infrastructures increasingly depend on a small number of international technology providers. This dependency cannot easily be reversed.

From the perspective of the Cantonal Government, there appears to be little immediate regulatory need in this area. Yet developments surrounding artificial intelligence suggest that history may repeat itself. Because technological progress is complex and dynamic, there is a real risk that regulatory and strategic decisions will once again be taken too late. This makes it all the more important to establish technologically neutral and sustainable principles at an early stage.

Depending on the criticality of the systems involved, such principles may include:

• clear interoperability requirements,
• avoidance of unnecessary vendor lock-ins,
• transparent governance structures,
• and consideration of a “second source” principle in order to reduce critical dependence on individual IT service providers.

Digital sovereignty does not mean technological isolationism. Rather, it means retaining effective control over data, systems and strategic decision-making capabilities. Genuine digital sovereignty requires more than organisational coordination alone.

Digital Administration (“Digital First”) — A Paradigm Shift

The EGovG follows a clear approach: public services are to be delivered primarily through digital channels (“digital first”), based on a centralised e-government infrastructure. User accounts, authentication systems and standardised interfaces are intended to facilitate seamless interaction between administrative entities. The Government’s commitment not to pursue a “digital only” approach demonstrates a welcome degree of proportionality.

Nevertheless, the constitutional right to privacy and protection of personal data under Article 13 paragraph 2 of the Federal Constitution requires state data processing activities to be clearly defined, proportionate and purpose-specific. In this regard, the Lucerne proposal remains partially too broad. In particular, concerns arise as to whether the planned interconnection of administrative data is sufficiently limited by law. Combined with pilot projects developed without an explicit statutory basis, this risks undermining public trust. Without clearly defined purposes, there is a danger of gradual expansion of state data use, with corresponding implications for informational self-determination.

There is also a structural transparency problem: the greater the flow of data between authorities, the more difficult it becomes for affected individuals to understand who processes which information and at what time. This places one of the central pillars of data protection law under pressure: the individual’s ability to retain control over their personal data.

Criticism by the Data Protection Authority: Correctly Focused

The Cantonal Data Protection Commissioner has identified several key weaknesses:
unclear purpose limitations, insufficient legal specificity, lack of transparency and inadequately defined security requirements.

From a constitutional and rule-of-law perspective, this criticism is entirely justified. It reflects core principles of Swiss data protection law: legality, purpose limitation, proportionality and data security. In a system designed around extensive data interconnection, these principles must not merely be referenced politically; they must be precisely codified and technically implemented.

Digitalisation Requires Democratic Debate — Not Merely Technical Implementation

It is encouraging that the political debate within the Lucerne Cantonal Parliament has recognised the risks of purely technocratic digitalisation. Several parliamentarians stressed that digitalisation must not lead to the exclusion of analogue access channels. This principle is fundamental: digitalisation must serve people — not the other way around.

The EGovG therefore provides an important basis for discussion. Not because it already contains all the answers, but because it opens the necessary debate: where does digitalisation create genuine added value? Where does it create new risks? And what constitutional safeguards are required for a modern digital administration?

Particularly in data-driven administrative processes, efficiency alone is insufficient. What matters is that digitalisation is implemented transparently, proportionately and in compliance with fundamental rights. Only then can long-term trust be established among both citizens and businesses.

Where the Legislature Must Tighten the Framework

The Cantonal Parliament now faces an important strategic choice. If digitalisation of public administration is to succeed in a sustainable and legally compliant manner, the following issues require particular attention:

• clear statutory limits on data use instead of broad general clauses,
• binding rules governing the once-only principle combined with transparency obligations,
• traceable data flows and effective control rights for citizens,
• concrete safeguards for digital sovereignty, particularly in relation to cloud services and IT outsourcing,
• mandatory privacy and security standards, including Privacy by Design.

Conclusion: Efficiency Requires the Rule of Law

The Lucerne proposal represents an important step towards a modern digital administration. Politically, it is more realistic and balanced than a rigid constitutional “digital first” obligation. At the same time, it demonstrates how closely digitalisation, data protection and fundamental rights are interconnected.

Efficiency gains must not come at the expense of informational self-determination. Sustainable digital transformation can only succeed if it rests on a clear legal foundation — transparent, controllable and technologically sovereign. It must not result in core questions of data protection and digital sovereignty remaining unresolved.

The upcoming legislative debates provide an opportunity to transform a pure digitalisation project into a constitutionally robust model of modern governance. This requires clear limits on data use, transparent data flows and strategic safeguards against new technological dependencies. Digitalisation should not occur merely because it is technically possible, but because it is proportionate, meaningful and democratically legitimate.

The issue of awarding damages in cases of media reports that infringe personal rights raises not only theoretical but also very practical questions: can a sum of money actually be determined on the basis of such an infringement, to be paid to the person concerned? The decision of the Zug Cantonal Court of 22 January 2025 provides a remarkable answer to this question, but it remains to be seen whether a settled line of reasoning for future cases can already be derived from it.

This article examines the decision of the Zug Cantonal Court of 22 January 2025 and its potential signal effect, despite the fact that it is not yet legally binding. Jolanda Spiess-Hegglin brought an action against Ringier AG seeking the payment of profits from various articles that infringed her personality rights in connection with the Zug Landammann celebration on 20 December 2014.

Protection of personality rights Art. 28 Abs. 1 ZGB

If a person’s personality rights are violated, they can defend themselves on the basis of Art. 28 Abs. 1 ZGB. This protection applies to any person or company that contributes to the violation through publication, distribution or technical support.

Not every infringement of personality rights is automatically unlawful. According to Art. 28 para. 2 of the Swiss Civil Code, an infringement of personality rights is only considered unlawful if there are no grounds for justification. Such grounds for justification include, in particular:

• consent of the subject.
• overriding private interest.
• overriding public interest.

Media’s duty to inform

The media fulfil an important informational role as ‘guardians of democracy’, but this does not justify every violation of personal rights. Reporting must be supported by compelling reasons and remains bound by strict guidelines.

The media may disseminate true facts, provided that these can be proven by means of evidence. In addition, there must be a significant public interest in the information. However, even true facts are not covered if they are unnecessarily hurtful or originate from the private or secret sphere.

The media are free to express reasonable value judgements. However, these must not be unobjective or offensive. Objective and well-founded expressions of opinion remain permissible as long as they are not primarily defamatory.

Special considerations for public figures

A different standard applies to public figures than to ordinary citizens. Their protected private sphere is narrower because there is a legitimate public interest in information. According to Federal Supreme Court case law, reporting is only permissible to the extent that it is justified by the need for information. The protection of privacy is therefore also upheld in the case of public figures.

Unlawful infringement of personality rights

In the event of unlawful violations of personal rights, Article 28a ZGB provides the affected person with various legal remedies. These include, in particular, injunctive relief, removal and declaratory relief, as well as – depending on the circumstances – claims for damages, compensation and surrender of profits.

Distribution of profits Art. 28a Abs. 3 ZGB

If a violation of personality rights results in a profit, the injured party may demand that this profit be paid in full. The aim is to ensure that the profit does not accrue to the infringer, but is paid to the injured party.

Requirements for the claim for distribution of profits

Two conditions must be cumulatively fulfilled for the distribution of profits.

• A demonstrable profit made by the infringer.

• A causal link between the infringement of personality rights and the profit.

According to federal court rulings, it is sufficient for the causal link to be established if the article enables the existing readership to be retained. An increase in readership therefore does not have to be proven.

Judgment of the Cantonal Court of Zug dated 22. January 2025

The Cantonal Court of Zug ordered Ringier AG to pay Ms Jolanda Spiess-Hegglin CHF 309,531.00 plus 5% interest. The court largely agreed with Ms Jolanda Speiss-Hegglin, who had demanded a profit distribution of CHF 430,000.00.

The cantonal court’s ruling is not yet final and has been appealed by Ringier AG to the High Court of the Canton of Zug.

Profit calculation for media articles in infringement of personality rights

The ruling follows an earlier ruling by the Zug Cantonal Court in 2022, in which Ringier AG was ordered to disclose information relating to four articles that violated personal rights. The disclosure obligation included:

• Number of subscribers and sales of issues.
• Website visits.
• Average number of advertisements displayed per article.

Based on this information, the court calculated the amount to be over CHF 309,531.00 (for the exact calculation, see A1 2020 56 dated 22 January 2025).

Impact of the decision on future reporting?

Despite not yet being legally binding, the ruling sends a strong signal. This is the first time that a court in Switzerland has ordered a media company to surrender profits from unlawful violations of personal rights – including a specific calculation and quantification.

In future, media companies will have to ask themselves whether borderline reporting is economically viable. Serious violations of personal rights can be expensive if courts order the surrender of profits. The ruling enforces the principle that ‘wrongdoing must not pay’.

Our law firm provides advice on personality rights and infringement of personality rights. Please feel free to contact us with any questions you may have about personality rigths.

Data protection law protects individuals – but not every individual who invokes data protection law. The ECJ has made it clear: anyone, that does not use the right of access to monitor their own data, but instead deliberately uses it as a lever to pursue claims for damages, forfeits that protection. 

CJEU JUDGMENT (Brillen Rottler) C-526/24 OF 19 MARCH 2026 

Facts of the case 

In March 2023, TC subscribed to the newsletter of a German optician (Brillen Rottler). Just 13 days later, he submitted a request for access under Article 15 of the GDPR. The company refused to provide the information, citing publicly available information purportedly demonstrating a systematic approach on the part of TC: signing up for services -> request for information -> claim for damages. TC brought an action seeking payment of at least EUR 1,000 in compensation. 

Key Holdings 

• Even a first request for information may be deemed “excessive”: Article 12(5) GDPR permits refusal not only in the case of repeated requests, but also in respect of a single initial request, provided that an abusive intent can be established. What matters is not the frequency of requests, but the intent of the applicant.  

• Burden of proof lies with the controller: If the company wishes to reject a request for information on the grounds that it is abusive, it bears the full burden of proof – and this is a two-stage process. First, it must objectively demonstrate that, despite being formally correct, the request does not serve the actual purpose of the right to information, namely the monitoring and verification of its own data processing. It must then subjectively prove that the applicant intended from the outset to artificially create the conditions for a claim for damages. 

• Public sources as evidence: The company may use publicly available information (e.g. media reports, blog posts about known ‘data protection trolls’) to support its case, provided such information is corroborated by further evidence.   

• Compensation even without unlawful data processing: Article 82(1) of the GDPR grants a right to compensation not only in the event of unlawful data processing, but also in the event of a mere breach of the right of access under Article 15 of the GDPR. The infringement of procedural rights in itself gives rise to liability. 

• Non-material damage – not automatic: The loss of control over data or uncertainty regarding its processing may constitute non-material damage. However, compensation is not payable if the causal link is broken by the data subject’s own conduct – in particular, if they have deliberately provoked the breachin order to generate a claim.   

SCOPE OF THE RIGHT OF ACCESS (Art. 15 GDPR) – WHAT IS COVERED, WHAT IS NOT? 

Covered by the right of access (Art. 15 GDPR) 

• The right to know whether personal data is being processed at all.   

• Where data is being processed: information regarding the data itself, the purposes of processing, categories of data, recipients, retention period, the origin of the data, and any automated decision-making. 

• The right to exercise access free of charge and, as a rule, within one month. 

• Compensation for non-material damage resulting from the infringement of the right of access (including loss of control and uncertainty regarding processing) 

Not covered by the right of access or not worthy of protection 

• Requests for information that do not serve the purpose of monitoring one’s own data processing, but are made abusively to obtain compensation. 

• Compensation where the data subject has caused the damage (e.g. loss of control) through their own abusive conduct – the causal link is broken.   

• Compensation without proof of actual damage incurred – no automatic entitlement arising from the mere infringement. 

CONSEQUENCES FOR SWITZERLAND AND ITS JUDICIAL PRACTICE 

Relevance for Switzerland 

Although the GDPR does not apply directly in Switzerland, the revised Data Protection Act (FADP, in force since 1 September 2023) is closely aligned with European requirements. Swiss courts regularly refer to the GDPR and ECJ case law as an aid to interpretation for the EU-compatible application of the FADP.   

Strengthening of the prohibition of abuse of rights (Art. 2 of the Swiss Civil Code) 

The judgment confirms and reinforces the application of Art. 2(2) of the Swiss Civil Code (“The manifest abuse of a right shall not be protected by law”) in data protection law. Swiss courts are likely to adopt the logic of the ECJ: it is not the number of requests, but the improper intention that is decisive.  

Art. 26(1)(c) FADP permits the refusal of access in the case of ‘manifestly vexatious’ requests or those with a purpose contrary to data protection. The ECJ judgment provides valuable criteria for the practical application of this provision. 

Key difference: Higher threshold for compensation (Art. 32(3) FADP) 

Whilst the ECJ recognises the loss of control as a potentially compensable non-pecuniary loss, Art. 32(3) FADP requires a serious infringement of personal rights for a claim for compensation. The mere refusal to provide information or the associated uncertainty is unlikely to meet this threshold in Switzerland in most cases. 

This represents a significantly higher hurdle for ‘data protection trolls’ in Switzerland than under EU law and is likely to render the business model of systematic requests for information for the purpose of obtaining damages largely unattractive in Switzerland. 

Consistency regarding the causal link   

The ECJ’s comments on the interruption of the causal link by the conduct of the person concerned are fully consistent with the principles of Swiss tort law (contributory negligence). Anyone who deliberately provokes a breach forfeits their claim.   

CONSEQUENCES FOR BUSINESSES 

The judgment is not a free pass to reject requests for information across the board – the burden of proof for misuse lies entirely with the company. Incorrect or delayed information opens the door to claims for damages – regardless of whether the request was made in good faith or abusively.    

For Swiss companies, there is the additional factor that the revised FADP has imposed comparable disclosure obligations since September 2023. Whilst the threshold for claims for compensation is higher than under EU law, this does not relieve companies of the obligation to provide timely and complete information. 

In practical terms, it is therefore advisable to streamline information processes and assign responsibilities clearly within the organisation, to formulate responses in a comprehensible manner rather than simply providing raw data, and to structure data management in such a way that information can be provided quickly and in full. 

CONCLUSION 

With its ruling, the ECJ has drawn an important line against the abuse of the right of access under data protection law: anyone who requests information under Article 15 of the GDPR not to monitor their own data processing, but specifically to construct claims for damages, is acting abusively – and forfeits both the right to access and the right to compensation. ForSwitzerland, the ruling confirms the application of the prohibition of abuse of rights (Art. 2 of the Swiss Civil Code) in data protection law. At the same time, the Swiss Data Protection Act (FADP) sets the bar even higher than EU law by requiring a serious infringement of personal rights for claims for compensation, which makes the business model of “data protection trolls” unattractive.    

A remarkable piece of Swiss cinema: «The Narrative» tells a story that moves, surprises, and resonates.

We are proud to have made a small contribution to this major project as legal advisors – and would like to thank the entire production team for their trust and for the appreciative mention in the film and at the preview screening.

This is a film that you don’t just watch, you experience. We congratulate the entire team on this successful work and wish them every success for the theatrical release on March 12, 2026!

In its ruling of 6 October 2025, the Federal Administrative Court upheld the FDPIC’s decision on the ‘Pfarrer-Check’ database and clarified the application of the revised Data Protection Act (DPA) to publicly accessible personal data.

The decision provides important clarity for operators of online platforms, directories and campaign websites when dealing with personal data from the internet.

An overview of the Federal Administrative Court ruling A-2941/2024

In its ruling of 6 October 2025, A-2941/2024, the Federal Administrative Court upheld the decision of the Federal Data Protection and Information Commissioner (FDPIC) in the so-called ‘Pfarrer-Check’ case. In the court’s opinion, the public recording of over 6,000 church officials in an online database without their consent violates the revised Federal Act on Data Protection (FADP).

Facts of the ‘Pfarrer-Check’ case

The association ‘Bürgerforum Schweiz’ operated a publicly accessible database on its website containing personal data on over 6,000 individuals from the church community. The database contained names, places of residence and postcodes, employers or religious denominations, fields of activity, positions and a status (‘recorded’, “requested”, ‘responded’) in connection with a questionnaire on religious views.

According to the operator, the purpose of the database was to enable a distinction to be made between ‘genuine’ and ‘watered-down’ churches. In its ruling of 9 April 2025, the FDPIC ordered the deletion of the entries published without the consent of the persons concerned. The association lodged an appeal against this ruling, which the Federal Administrative Court did not admit.

Applicable law & procedure

The court first confirmed that the revised Federal Data Protection Act (FADP, in force since 1 September 2023) is applicable. The decisive factor is the date on which the formal investigation was opened; mere informal preliminary investigations and responses to enquiries do not constitute a pending investigation within the meaning of transitional law.

The complainant alleged that the lower court had violated her right to inspect the files by only making the reports available to her in anonymised form. However, the court considered the EDÖB’s action to be lawful: the public interest in effective data protection supervision outweighs the operator’s interest in the identity of the whistleblowers.

Key material points (data protection principles and justification)

Proportionality

In the court’s opinion, publishing the status ‘recorded’ or ‘requested’ was neither appropriate nor necessary to achieve the purpose stated by the association (distinguishing between “genuine” and ‘fake’ churches). The information that someone has received a questionnaire but has not answered it leaves room for interpretation without offering any objective added value for the purpose of data processing.

Limitation of Purpose

The individuals concerned had published their contact details on their institutions’ websites so that they could be contacted in connection with their professional activities. The mere fact that the data is publicly accessible does not mean that it may be used for any purpose, in particular for an evaluative campaign database. The court qualifies the use for the ‘Pfarrer-Check’ as a change of purpose that was not apparent to the persons concerned.

Transparency

The persons concerned must be actively and clearly informed about the actual data processing. This did not happen. In particular, the persons concerned were not sufficiently informed that their data would be published even if they did not complete the questionnaire. A mere reference to the operator’s website does not satisfy the transparency requirements of the DPA. Active, comprehensible information about the nature, purpose and scope of the data processing is required.

Justification

The court denies the existence of a justification within the meaning of Article 31 of the FADP. Neither was there valid consent, nor could the association invoke a legal basis or an overriding public interest. A self-defined ‘public interest’ without any basis in law or the constitution is not sufficient to justify serious violations of privacy.

The appeal to Article 31 para. 2 of the FADP (person of public interest) is also unsuccessful. In weighing up the interests, the court considers the status ‘requested’ to have a high potential for infringement because it allows negative speculation about the attitude and integrity of the person concerned, while the status ‘recorded’ only has a medium intensity.

The court therefore concludes that the complainant has unlawfully infringed the personality rights of the persons concerned.

Significance of the judgment in practice

Since the new FADP came into force, the FDPIC has already carried out numerous low-threshold interventions and issued more than 14 formal investigations in the form of rulings. Only four of these rulings have been challenged before the Federal Administrative Court to date. The decision thus shows that the courts fundamentally support the FDPIC’s approach and consistently enforce the basic principles of data protection law, even in the case of publicly accessible online data.

The decision sends a clear signal to operators of online databases, directories, campaign and rating platforms: even if data is publicly accessible, proportionality, purpose limitation, transparency and a viable obligation to justify remain central.

Our experts in data protection and ICT law assist organisations in the legally compliant design of online platforms, websites and projects under the revised DPA.
Get in touch with us for an initial consultation on matters of Data Protection.

Under Swiss law, protection of privacy entails both civil and criminal law mechanisms to protect a person’s honour, reputation and integrity from unlawful attacks. The case involving the Swiss People’s Party (SVP) in Lucerne and former party member Yves Holenweger¹ illustrates how media reports can be legally relevant and what options those affected have to protect themselves.

Civil law protection of personality rights

Civil law provides comprehensive protection of personality rights in accordance with Art. 28 et seq. of the Swiss Civil Code. This protection covers physical and psychological aspects, as well as honour, privacy and economic reputation.

• A violation is considered unlawful if it is not justified by consent, higher interests or the law.
• Those affected may demand that the violation be stopped, remedied or determined by a court.
• Claims for damages, compensation or counterstatements are also often available, especially in the case of media publications.

In the case of media-effective criticism, as in the present case, the person concerned can, for example, demand a counterstatement or take legal action to prevent and remove a defamatory statement.

Criminal law protection of personal rights

Criminal law applies in cases of particularly serious violations of personal rights, such as defamation, slander or verbal abuse.

• Defamation (Art. 173 SCC): Anyone who accuses another person of dishonourable or reprehensible behaviour to third parties may be prosecuted if the statement is not proven or justified. A criminal offence is therefore committed when someone spreads false information about another person that damages their reputation. In such cases, the public prosecutor’s office may issue a penalty order, as was done in the case mentioned above.
• Willful Defamation (Art. 174 SCC): Anyone who, against their better judgement, accuses or suspects someone of dishonourable behaviour or spreads such accusations may be prosecuted if these accusations damage the person’s reputation. The deliberate dissemination of false facts that cast a person in a bad light is therefore punishable by law. This offence is more serious and can lead to higher penalties.
• Criminal prosecution protects the right to honour and reputation and also includes protection against damage to reputation in public and media reporting.
• Negligent or deliberate false statements are punishable by fines or even imprisonment.

Here too, the person affected can initiate civil proceedings in parallel in order to additionally mitigate the consequences of a criminal offence under civil law.

Effective protection of privacy: Legal action and recommended measures in cases of defamation, damage to reputation and media coverage

The example of the defamatory press release signed by Dieter Haller, then president of the Lucerne City SVP, and Timo Lichtsteiner, then and now vice-president, illustrates how personality rights protection works.

• Those affected by defamatory statements or media reports should promptly check whether there is a justifiable reason and, if not, consider seeking legal assistance for civil and criminal proceedings.
• Particularly in the case of political criticism or public reporting, it is essential to carefully weigh up the interests involved (freedom of expression vs. protection of personality rights) – courts often weigh up the public interest against the rights of the individual.

The Holenweger affair shows how personal attacks can quickly turn into a legal dispute over honour and personality rights. A specialised law firm offers competent support in dealing with such complex cases and ensures that the rights and interests of those affected are protected in an objective and efficient manner.

Find out more about the protection of personality rights in civil and criminal law here.

1. https://www.luzernerzeitung.ch/zentralschweiz/stadt-region-luzern/artikel-ld.4016595 last visited on 23 September, 2025. ↩︎

In its ruling, the court refuses to unseal seized data carriers and documents belonging to a journalist, thereby strengthening freedom of press. The current decision of the Zurich District Court of 2 July 2025 deals with the unsealing of seized data carriers and documents in the case of Inside Paradeplatz journalist Lukas Hässig, after the journalist correctly filed for sealing on the grounds of protecting his sources. The decision of the Compulsory Measures Court shows the conditions under which a request for unsealing is approved or, as in this case, not approved.

Facts and background of the Hässig case

The focus is on an investigative journalist, editor of the Inside Paradeplatz platform. He is accused of sharing information and data from Bank Julius Bär & Co. AG, which is subject to banking secrecy and/or trade secrets, in his magazine ‘Inside Paradeplatz’. In connection with the resumption of criminal proceedings against the respondent for an offence under Article 47 Banking Act, a search was carried out at his home and place of work. Various items and data carriers were seized. Referring to the protection of journalistic sources, the respondent requested that all seized items be sealed.

The public prosecutor’s office then filed a request for unsealing with the Compulsory Measures Court of the Zurich District Court. The respondent commented on the request for unsealing and requested that it be dismissed.

Note: The judgment shows that the criminal investigation by the public prosecutor’s office had already been suspended twice. In the most recent suspension order, the public prosecutor’s office itself had denied the admissibility of a search on the grounds of source protection, which the court took up in its judgment.

Legal requirements for unsealing

A request for sealing is used to assert permissible confidentiality interests pursuant to Article 248 para. 1 of the Swiss Criminal Procedure Code when searching records. Once the request for sealing has been filed, the criminal authority first seals the seized data carriers and documents. In the unsealing proceedings, the Compulsory Measures Court is then obliged to examine any objections to the admissibility of the search. A general decision must therefore be made as to whether the search is admissible.

A search of records within the meaning of Article 246 ff. Swiss Criminal Procedure Code, i.e. ‘documents, audio, video and other recordings, data carriers and equipment for processing and storing information’, is permissible if:

• The items are subject to a seizure (Art. 246 Swiss Criminal Procedure Code)
• There is sufficient suspicion of a crime (Art. 197 para. 1 lit. b Swiss Criminal Procedure Code)
• It is proportionate with regard to the constitutionally protected sphere of intimacy and privacy (Art. 197 para. 1 lit. c Swiss Criminal Procedure Code)

According to Article 246 of the Swiss Criminal Procedure Code, documents, audio, video and other recordings, data carriers and equipment for processing and storing information may only be searched if there is reason to suspect that information subject to seizure is contained in these items. According to Article 263 para. 1 of the Swiss Criminal Procedure Code, items and assets that are used as evidence (lit. a) are subject to seizure if they are needed to secure procedural costs, fines, penalties and compensation (lit. b), if they are to be returned to the injured party (lit. c), confiscated (lit. d) or used to cover claims for compensation by the state in accordance with Article 71 of the Swiss Criminal Code.

Unlike the court of law, the Compulsory Measures Court does not have to exhaustively weigh up all incriminating and exonerating evidence. What is required is a sufficiently concrete probability that the alleged offence was actually committed. According to the highest court ruling, reasonable suspicion can be equated with the concept of initial suspicion pursuant to Article 309 para. 1 lit. a of the Swiss Criminal Procedure Code.
Compared to pre-trial detention (Art. 224 ff. Swiss Criminal Procedure Code), the unsealing and searching of records appears to be significantly less intrusive. The requirements for reasonable suspicion are therefore less stringent. Reference can be made to substantiated criminal complaints or reports. The grounds for suspicion must be examined on the basis of the results of the investigation to date.

Furthermore, the Compulsory Measures Court must weigh up the interests involved and examine whether the house search and the search of the sealed data are proportionate to the constitutionally protected intimate and private sphere of the respondent.
The owner of the records or objects may request sealing if there are obstacles to seizure in accordance with Article 264 of the Swiss Criminal Procedure Code (Art. 248 Swiss Criminal Procedure Code). These obstacles to seizure also prevent the unsealing of previously sealed records and objects.

When assessing the proportionality of this compulsory measure, the severity of the offences under investigation is also taken into account (Art. 197 para. 1 lit. d Swiss Criminal Procedure Code).

Considerations of the coercive measures court in its ruling of 2 July 2025

No reasonable suspicion

The criminal investigation against the respondent has now been ongoing for six years. The investigation files do not indicate that the suspicion against the respondent has intensified in recent years or at least months. The Compulsory Measures Court finds that no suspicion against the respondent can be established, even to a minimal degree. Sufficient suspicion is denied.

Proportionality and source protection

The public prosecutor’s office argues that the respondent cannot invoke source protection under Art. 28a para. 1 of the Swiss Criminal Code and Art. 172 of the Swiss Criminal Procedure Code and thus a right to refuse to give evidence. The Compulsory Measures Court argues that the respondent acted in the interests of society and fulfilled his duty as an investigative journalist. It considers the priority given to criminal prosecution and possible punishment for a breach of banking secrecy over the legitimate right of the public to be informed about alleged far-reaching violations of the law in the financial sector to be manifestly wrong. According to the Compulsory Measures Court, the interest in prosecution in this case is not sufficiently weighty to outweigh the protection of sources. The proportionality of the search must also be denied.

Finally, the Compulsory Measures Court finds that the conditions for unsealing and searching the seized data carriers and documents are not met.

Significance for the media, lawyers and those affected

The ruling thus rightly emphasises the high hurdles for interference in journalistic work. Source protection enjoys strong protection in Switzerland, as it is enshrined in the Constitution and the ECHR. Finally, criminal proceedings such as the unsealing and searching of records require careful consideration of the interests involved – especially in the case of media professionals.

For affected journalists and media companies, this means that access to confidential data is only permitted in exceptional cases where there are concrete and serious grounds for suspicion of criminal activity.

Our law firm provides advice on criminal procedure law, media law, source protection and the enforcement of personal rights. Please feel free to contact us without obligation if you have any questions about criminal proceedings and the search of records.

FAQ Criminal proceedings and sealing:

1. How does the sealing of data carriers or documents occur in criminal proceedings?

Seized data carriers or documents are sealed if the person concerned claims that the contents of the records are subject to special protection, for example due to professional secrecy (e.g. protection of journalistic sources, lawyers, doctors). Sealed data may only be searched after a court decision has been made.

2. Under what conditions can a request for unsealing be successful?

To this end, the public prosecutor’s office submits a request for unsealing to the Compulsory Measures Court. Unsealing is possible if there is concrete and sufficient suspicion against the person concerned and the search appears proportionate to their fundamental rights. The Compulsory Measures Court always examines the proportionality and the suspicion.

3. What is the right to refuse to give evidence and who can invoke it?

The right to refuse to give evidence allows certain professional groups – e.g. lawyers, journalists, doctors – to refuse to testify and to keep their sources or client data confidential. This protection applies as long as they are not suspected of having committed serious crimes themselves.

The right to refuse to give evidence allows any person to refuse to testify during questioning for their own protection (Art. 169 Swiss Criminal Procedure Code) or to protect personal relationships such as their spouse or close relatives (Art. 168 Swiss Criminal Procedure Code). However, sealing is only protected under Art. 264 of the Swiss Criminal Procedure Code in cases of qualified confidentiality protection, e.g. items and documents from another person’s communications with their lawyer.

4. Is the protection of journalists’ sources also guaranteed in court?

Yes, journalists can invoke source protection. Courts and public prosecutors may only seize and unseal their data in exceptional cases – namely when there are clear indications of a criminal offence and public interests, namely in the criminal investigation, outweigh other considerations.

5. What can I do if I receive a summons to appear as a witness but wish to refuse to provide information?

You must attend the appointment, but you can exercise your right to refuse to give evidence if you are bound to secrecy as a relative or because of your profession. Inform the authorities of this in good time and seek legal advice if necessary.