Workplace Investigations

Workplace investigations in Sweden are governed by several rules and regulations. Listed below are the central legislation and regulations that govern a workplace investigation related to alleged employee misconduct.

• The Swedish Discrimination Act (2008:567).
• The Swedish Work Environment Act (1977:1160), which is complemented by the Swedish Work Environment Authority’s other statutes.[1]
• The Swedish Whistleblowing Act (2021:890).

If a workplace investigation has been initiated after the receipt of a report filed through a reporting channel established under the Swedish Whistleblowing Act, that law applies provided that the report has been filed by a person who may report under the Act and provided that the subject of the report falls under the material scope of the Act. The Swedish Whistleblowing Act implements Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law and has been given a wide material scope in Sweden. The Swedish Whistleblowing Act may apply if the reported irregularity concerns breaches of certain EU laws or if the reported irregularity is of public interest.

In addition to the regulations mentioned above, certain data protection legislation may affect workplace investigations by restricting what personal data may be processed. Such data protection legislation includes the following:

• Regulation (EU) 2016/679 on the protection of natural persons concerning the processing of personal data and the free movement of such data (the GDPR);
• the Swedish Supplementary Data Protection Act (2018:218);
• the Swedish Supplementary Data Protection Regulation (2018:219);

• Regulation DIFS:2018:2 on the processing of personal data relating to criminal convictions or offences. This regulation governs the processing of personal data relating to criminal convictions or suspected criminal offences in internal workplace investigations that are not governed by the Swedish Whistleblowing Act.[2]

The above-mentioned legislation and regulations may overlap in many aspects and it is therefore important before starting an investigation, as well as during an investigation, to assess which rules and regulations apply to the situation at hand. Another aspect of this is that many issues that can arise during an investigation are not regulated by law or other legislation. If the investigation is a non-whistleblowing investigation there are limited rules on exactly how and by whom the investigation should be carried out.

A Swedish law firm that undertakes a workplace investigation also has to adhere to the Swedish Bar Association’s Code of Conduct. The Code of Conduct includes additional considerations, mainly ethical, which will not be addressed in this submission. Furthermore, this submission will not focus on investigations following an employee’s possible misappropriation of proprietary information or breach of the Swedish Trade Secrets Act (2018:558). Investigations into such irregularities are often conducted to gather evidence and these investigations include the same or similar investigative measures used in other investigations, such as interviews with employees and IT-forensic searches, but also infringement investigations carried out by the authorities or other measures by the police.

There is no specific legal regulation for internal investigations in Switzerland. The legal framework is derived from general rules such as the employer's duty of care, the employee's duty of loyalty and the employee's data protection rights. Depending on the context of the investigation, additional legal provisions may apply; for instance, additional provisions of the Swiss Federal Act on Data Protection or the Swiss Criminal Code.

According to article 14 of the GDPR, no information must be provided. The exemption in article 14.5(b) applies to the extent the obligation to provide such information is likely to render impossible or seriously impair the objectives of the processing of the personal data of the employee under investigation (ie, to diligently investigate the suspected irregularity).

If the Swedish Whistleblowing Act applies, information about where the personal data processed originates from may not be provided under article 14 of the GDPR, as the personal data must remain confidential subject to obligations under the Swedish Whistleblowing Act.

In addition to the above, an investigation should, to the extent possible and suitable, be characterised by the principles in ECHR (particularly articles 6 and 8). The employee under investigation should, among other things, be presented with sufficient information to safeguard his or her interests and be allowed to respond to the allegations. The investigation must also be compliant with the work environment responsibilities that the employer has concerning the involved parties (see questions 17 and 20).

As a result of the employer's duty of care (article 328, Swiss Code of Obligations), employees under investigation have certain procedural rights. These include, in principle, the right of the accused to be heard. In this context, the accused has the right to be informed at the beginning of the questioning about the subject of the investigation and at least the main allegations and they must be allowed to share their view and provide exculpatory evidence.[1] The employer, on the other hand, is not obliged to provide the employee with existing evidence, documents, etc, before the start of the questioning.[2]

Covert investigations in which employees are involved in informal or even private conversations to induce them to provide statements are not compatible with the data-processing principles of good faith and the requirement of recognisability, according to article 4 of the Swiss Federal Act on Data Protection.[3]

Also, rights to information arise from the Swiss Federal Act on Data Protection. In principle, the right to information (article 8, Swiss Federal Act on Data Protection) is linked to a corresponding request for information by the concerned person and the existence of data collection within the meaning of article 3 (lit. g), Swiss Federal Act on Data Protection. Insofar as the documents from the internal investigation recognisably relate to a specific person, there is in principle a right to information concerning these documents. Subject to certain conditions, the right to information may be denied, restricted or postponed by law (article 9 paragraph 1, Swiss Federal Act on Data Protection). For example, such documents and reports may also affect the confidentiality and protection interests of third parties, such as other employees. Based on the employer's duty of care (article 328, Swiss Code of Obligations), the employer is required to protect them by taking appropriate measures (eg, by making appropriate redactions before handing out copies of the respective documents (article 9 paragraph 1 (lit. b), Swiss Federal Act on Data Protection)).[4] Furthermore, the employer may refuse, restrict or defer the provision of information where the company’s interests override the employee’s, and not disclose personal data to third parties (article 9 paragraph 4, Swiss Federal Act on Data Protection). The right to information is also not subject to the statute of limitations, and individuals may waive their right to information in advance (article 8 paragraph 6, Swiss Federal Act on Data Protection). If there are corresponding requests, the employer must generally grant access, or provide a substantiated decision on the restriction of the right of access, within 30 days (article 8 paragraph 5, Swiss Federal Act on Data Protection and article 1 paragraph 4, Ordinance to the Federal Act on Data Protection).