Law strictly restricts the transfer of personal data and data protected by banking secrecy, especially outside of Switzerland. Personal data is defined as all information relating to an identified or identifiable person. Similarly, legal scholarship and case law hold that banking secrecy protects only client identifying data. The ability to identify the relevant person is thus core to both data protection and banking secrecy.
In practice, Swiss banks regularly share anonymized or pseudonymized data with third parties, including third parties located abroad. In this contribution, the authors discuss the circumstances in which the data subject is considered « identifiable », i.e. in which client data is protected by banking secrecy and the Swiss Federal Data Protection Act. Furthermore they analyze the implications for pseudonymized client data.