Workplace Investigations

Workplace investigations in Sweden are governed by several rules and regulations. Listed below are the central legislation and regulations that govern a workplace investigation related to alleged employee misconduct.

• The Swedish Discrimination Act (2008:567).
• The Swedish Work Environment Act (1977:1160), which is complemented by the Swedish Work Environment Authority’s other statutes.[1]
• The Swedish Whistleblowing Act (2021:890).

If a workplace investigation has been initiated after the receipt of a report filed through a reporting channel established under the Swedish Whistleblowing Act, that law applies provided that the report has been filed by a person who may report under the Act and provided that the subject of the report falls under the material scope of the Act. The Swedish Whistleblowing Act implements Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law and has been given a wide material scope in Sweden. The Swedish Whistleblowing Act may apply if the reported irregularity concerns breaches of certain EU laws or if the reported irregularity is of public interest.

In addition to the regulations mentioned above, certain data protection legislation may affect workplace investigations by restricting what personal data may be processed. Such data protection legislation includes the following:

• Regulation (EU) 2016/679 on the protection of natural persons concerning the processing of personal data and the free movement of such data (the GDPR);
• the Swedish Supplementary Data Protection Act (2018:218);
• the Swedish Supplementary Data Protection Regulation (2018:219);

• Regulation DIFS:2018:2 on the processing of personal data relating to criminal convictions or offences. This regulation governs the processing of personal data relating to criminal convictions or suspected criminal offences in internal workplace investigations that are not governed by the Swedish Whistleblowing Act.[2]

The above-mentioned legislation and regulations may overlap in many aspects and it is therefore important before starting an investigation, as well as during an investigation, to assess which rules and regulations apply to the situation at hand. Another aspect of this is that many issues that can arise during an investigation are not regulated by law or other legislation. If the investigation is a non-whistleblowing investigation there are limited rules on exactly how and by whom the investigation should be carried out.

A Swedish law firm that undertakes a workplace investigation also has to adhere to the Swedish Bar Association’s Code of Conduct. The Code of Conduct includes additional considerations, mainly ethical, which will not be addressed in this submission. Furthermore, this submission will not focus on investigations following an employee’s possible misappropriation of proprietary information or breach of the Swedish Trade Secrets Act (2018:558). Investigations into such irregularities are often conducted to gather evidence and these investigations include the same or similar investigative measures used in other investigations, such as interviews with employees and IT-forensic searches, but also infringement investigations carried out by the authorities or other measures by the police.

There is no specific legal regulation for internal investigations in Switzerland. The legal framework is derived from general rules such as the employer's duty of care, the employee's duty of loyalty and the employee's data protection rights. Depending on the context of the investigation, additional legal provisions may apply; for instance, additional provisions of the Swiss Federal Act on Data Protection or the Swiss Criminal Code.

If the Swedish Whistleblowing Act applies, the persons or entities handling the investigation have a duty of confidentiality and may not, without permission, disclose any information that could reveal the identity of the reporting person, any person subject to the report or any other person mentioned in the report or during the investigation of the report. Access to personal data is limited to designated competent entities or persons. Investigative material including personal data may not be shared with other persons or entities during the investigation. Once the investigation has reached actionable conclusions, investigative material may be shared with other persons or entities, such as HR or the police, provided that such sharing is necessary to take action on the outcome of the investigation. Investigative material may also be shared if it is necessary for the use of reports as evidence in legal proceedings or under the law or other regulations.

If the Swedish Whistleblowing Act does not apply, there are no particular confidentiality obligations for employers. Yet, an employer needs to consider what information is suitable to share during an investigation, how this is done and to whom it is shared. An employer must also respect employees’ privacy in line with what is generally considered good practice in the labour market. This means that an employer should be careful as to what sensitive and personal information is shared during an investigation. Furthermore, the spreading of damaging information (even if true) about an employee to a wider group may be a criminal offence under the Swedish Criminal Code.

Besides the employee's duty of performance (article 319, Swiss Code of Obligations), the employment relationship is defined by the employer's duty of care (article 328, Swiss Code of Obligations) and the employee's duty of loyalty (article 321a, Swiss Code of Obligations). Ancillary duties can be derived from the two duties, which are of importance for the confidentiality of an internal investigation.[1]

In principle, the employer must respect and protect the personality (including confidentiality and privacy) and integrity of the employee (article 328 paragraph 1, Swiss Code of Obligations) and take appropriate measures to protect the employee. Because of the danger of pre-judgment or damage to reputation as well as other adverse consequences, the employer must conduct an internal investigation discreetly and objectively. The limits of the duty of care are found in the legitimate self-interest of the employer.[2]

In return for the employer's duty of care, employees must comply with their duty of loyalty and safeguard the employer's legitimate interests. In connection with an internal investigation, employees must therefore keep the conduct of an investigation confidential. Additionally, employees must keep confidential and not disclose to any third party any facts that they have acquired in the course of the employment relationship, and which are neither obvious nor publicly accessible.[3]