Workplace Investigations

From an Italian employment law perspective, there is no specific body of legislation that governs investigations. However, several legal and case-law principles may be relevant concerning various specific aspects of investigations, and to which reference will be made below (eg, provisions under Law No. 300 of 1970, the so-called Workers’ Statute regarding “controls on employees”, both physical and “remote”, or regarding “disciplinary proceedings”).

In addition, and outside of the specific scope of employment law, other law provisions may have an impact on investigations, including those regarding privacy law (eg, Italian Legislative Decree No. 196 of 2003 and the Regulation (EU) No. 679 of 2016 (GDPR), regarding data protection and the related policies), whistleblowing (Law No. 179 of 2017 and Directive (EU) No. 1937 of 2019, regarding whistleblower protection) and criminal law (eg, Italian Criminal Procedure Code, providing rules for criminal investigation and Italian Legislative Decree No. 231 of 2001, regarding the corporate (criminal) liability of legal entities).

Workplace investigations in Sweden are governed by several rules and regulations. Listed below are the central legislation and regulations that govern a workplace investigation related to alleged employee misconduct.

• The Swedish Discrimination Act (2008:567).
• The Swedish Work Environment Act (1977:1160), which is complemented by the Swedish Work Environment Authority’s other statutes.[1]
• The Swedish Whistleblowing Act (2021:890).

If a workplace investigation has been initiated after the receipt of a report filed through a reporting channel established under the Swedish Whistleblowing Act, that law applies provided that the report has been filed by a person who may report under the Act and provided that the subject of the report falls under the material scope of the Act. The Swedish Whistleblowing Act implements Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law and has been given a wide material scope in Sweden. The Swedish Whistleblowing Act may apply if the reported irregularity concerns breaches of certain EU laws or if the reported irregularity is of public interest.

In addition to the regulations mentioned above, certain data protection legislation may affect workplace investigations by restricting what personal data may be processed. Such data protection legislation includes the following:

• Regulation (EU) 2016/679 on the protection of natural persons concerning the processing of personal data and the free movement of such data (the GDPR);
• the Swedish Supplementary Data Protection Act (2018:218);
• the Swedish Supplementary Data Protection Regulation (2018:219);

• Regulation DIFS:2018:2 on the processing of personal data relating to criminal convictions or offences. This regulation governs the processing of personal data relating to criminal convictions or suspected criminal offences in internal workplace investigations that are not governed by the Swedish Whistleblowing Act.[2]

The above-mentioned legislation and regulations may overlap in many aspects and it is therefore important before starting an investigation, as well as during an investigation, to assess which rules and regulations apply to the situation at hand. Another aspect of this is that many issues that can arise during an investigation are not regulated by law or other legislation. If the investigation is a non-whistleblowing investigation there are limited rules on exactly how and by whom the investigation should be carried out.

A Swedish law firm that undertakes a workplace investigation also has to adhere to the Swedish Bar Association’s Code of Conduct. The Code of Conduct includes additional considerations, mainly ethical, which will not be addressed in this submission. Furthermore, this submission will not focus on investigations following an employee’s possible misappropriation of proprietary information or breach of the Swedish Trade Secrets Act (2018:558). Investigations into such irregularities are often conducted to gather evidence and these investigations include the same or similar investigative measures used in other investigations, such as interviews with employees and IT-forensic searches, but also infringement investigations carried out by the authorities or other measures by the police.

There is no specific legal regulation for internal investigations in Switzerland. The legal framework is derived from general rules such as the employer's duty of care, the employee's duty of loyalty and the employee's data protection rights. Depending on the context of the investigation, additional legal provisions may apply; for instance, additional provisions of the Swiss Federal Act on Data Protection or the Swiss Criminal Code.

Yes, in principle the identity of the complainant, witnesses or sources of information for the investigation can be kept confidential.

On the other hand, if the employer – after having concluded the investigation – brings disciplinary action against the employee, the employer must send a letter to the employee in which the facts are described in detail, objectively and in a precise way, identifying when and where they have taken place, to allow a proper defence for the employee.

Even at this stage, however, the employer has no obligation to provide the employee with the evidence underlying the facts ascribed to him (ie, the employer has no obligation to specify the identity of the individuals through which they gained knowledge of the facts reported in the disciplinary letter).

However, if the employee subsequently challenges the disciplinary sanction before a judge, the employer bears the burden of proof, which may mean having to call the individuals interviewed within the internal investigation to stand as witnesses in court.

Moreover, in case of whistleblowing reports falling within the scope of the WB Decree, the employer is requested to generally keep the whistleblower’s identity confidential (according to art. 12 of the WB Decree). More specifically: (i) if the disciplinary charges are grounded on investigations which are different and additional to the whistleblowing report (although arising as a consequence of the report), the whistleblower’s identity may not be disclosed; (ii) if the disciplinary charges are grounded, in whole or in part, on the whistleblowing report, and knowing the identity of the whistleblower is indispensable for the defendant, such report may be used for the purpose of the disciplinary proceeding only if the whistleblower gives consent to his/her identity being revealed.

If the Swedish Whistleblowing Act applies, their identity must be kept confidential under the duty of confidentiality. If the Swedish Whistleblowing Act does not apply, their identity can to a large extent be kept confidential.

It can also be noted that a workplace investigation carried out in the public sector will often (eventually) become an official document, which means that the document can be requested by the public. There are, however, provisions on secrecy that may restrict the right to gain access to official documents. These provisions are found in the Public Access to Information and Secrecy Act (2009:400).

As mentioned under Question 10, the employer’s duty of care (article 328, Swiss Code of Obligations) also entails the employer’s duty to respect and protect the personality (including confidentiality and privacy) and integrity of employees (article 328 paragraph 1, Swiss Code of Obligations) and to take appropriate measures to protect them.

However, in combination with the right to be heard and the right to be informed regarding an investigation, the accused also has the right that incriminating evidence is presented to them throughout the investigation and that they can comment on it. For instance, this right includes disclosure of the persons accusing them and their concrete statements. Anonymisation or redaction of such statements is permissible if the interests of the persons incriminating the accused or the interests of the employer override the accused’ interests to be presented with the relevant documents or statements (see question 11; see also article 9 paragraphs 1 and 4, Swiss Federal Act on Data Protection). However, a careful assessment of interests is required, and these must be limited to what is necessary. In principle, a person accusing another person must take responsibility for their information and accept criticism from the person implicated by the information provided.[1]