A case currently before two Swiss prosecutors, Alice de Chambrier and Nicolas Bottinelli, in the Swiss Attorney-General’s office, might signal the end of Switzerland’s famed standard for privacy and data protection and have significant international business ramifications. The case, relating to data protection and theft, could significantly hurt the Swiss corporate reputation as being a secure, confidential, and protected place to do business.
This reputation, first codified for businesses and individuals by Switzerland’s Banking Act of 1934, makes it a crime to disclose client information to third parties without a client’s consent, could be irreparably damaged as this law and the many legal precedents created since could be cast aside. This is especially true, as this infraction goes beyond the realm of banking, and into the underlying ecosystem of how businesses operate in the Alpine nation-state.
This may cause major financial institutions and industries to reconsider placing their corporate headquarters in Switzerland, thus upending the relative safe reputation Switzerland has augmented in Europe as a place to do business, and in the process, send shockwaves that will reverberate negatively for Swiss business interests around the world.
The case at hand, Switzerland vs. Obaid, revolves around a key question of whether information obtained through illegal means, contrary to the Swiss Federal Criminal Code, could be used as admissible evidence in a court of law.
The question should not even be asked as the law is very clear, but nonetheless should be even more glaring as the same Swiss Attorney General’s office has been investigating and prosecuting Xavier Andre Justo, a Swiss citizen, for the crime of “economic espionage” since the end of 2018. Justo has admitted to stealing information the prosecutors want to use as evidence.
During 2011, Justo, a mid-level employee at PetroSaudi, stole 90 gigabytes from his employer. All of this is not in contention and has been openly admitted to by Justo himself on various occasions.
According to various sources, as he was being relieved of his position, Justo decided that with hundreds of thousands of personal and business emails in his hands he would blackmail and extort his former boss for millions of dollars. At first, as is usual in these types of scenarios, his former employer decided to pay Justo off to the tune of $4.5 million rather than risk sensitive information being released into the public domain. Justo then decided to ask for a further $2 million but his former employer declined to be extorted further.
While on the run in Thailand, Justo was arrested and charged by Thai authorities on the serious charges of blackmail and extortion. After a detailed confession, he received a three-year sentence but was released after serving only 18 months along with 150,000 Thai and foreign inmates who were granted a royal amnesty by Thailand’s king. Justo was deported back to Switzerland upon his release.
The pending case against Justo is now delayed as the Attorney General’s office wants to use the data stolen by him in Switzerland vs. Obaid. This would be in opposition to laws that have been in place for 90 years thus putting at risk the Swiss legal practice of fiercely fighting data leaks and theft, and not accepting stolen data as evidence.
Traditionally, Switzerland prosecuted those who leak corporate and banking information. For example, in 2008, Herve Falciani, a French-Italian systems engineer was credited with the biggest banking leak in history when he released the data of more than 130,000 suspected tax evaders. In 2014, Falciani was indicted in absentia by the Swiss government for violating the country’s banking secrecy laws and for industrial espionage.
The rights or wrongs of Falciani’s act was deemed irrelevant, as the case clearly demonstrated how zealously Swiss data protection laws are implemented and the severe consequences for those who leak stolen data.
The Swiss authorities have acted this way in every single case in its judicial history because illegal procurement of information cannot be treated as evidence, but is bound by the doctrine of unclean hands, and cannot be used in a court of law. This protects banks and businesses from the constant threat of theft and extortion, as is the case with Justo.
The prosecutors in this instance have to consider that using this stolen data is not just against the Swiss legal system, but it also puts Switzerland at risk of losing its competitive advantage, especially as the EU implements the General Data Protection Regulation (GDPR) to enhance data protection and privacy.
The difference between Europe and Switzerland is that the former just protects individuals, and the latter also protects and guarantees corporate privacy.
This case ensures that the position of Switzerland as one of the largest offshore financial centers and tax havens in the world is placed in doubt and the reverberations could be immense.
In 2018, the Swiss Bankers Association (SBA) estimated that Swiss banks held $6.5 trillion in assets or 25% of all global cross-border assets.
If Swiss prosecutors continue to insist on the use of stolen data as evidence, it will be a pyrrhic victory. The real motivations as to why Alice de Chambrier and Nicolas Bottinelli are so adamant about upending decades of precedent is subject to great speculation. Some have argued that it is about professional ambition, others about domestic politics, while others have pointed to accusations of the willingness to use tainted evidence in order for the prosecution to have an easier time litigating its case.
Regardless, the effect will be the same. The hundreds of billions of dollars of economic inputs currently flowing through the Swiss economy by firms deciding to have their tax domicile exist in the country will suddenly dry up if they no longer feel protected by Swiss privacy norms and guarantees anchored in law. The beeline to remove their headquarters from Swiss jurisdiction will be speedy, painful, and costly.