Yes, sharing passwords is generally prohibited under Swiss law, with exceptions for narrowly defined contexts.
Sharing passwords in Switzerland violates the Federal Act on Data Protection (nDSG), effective September 2023, and the Criminal Code (Art. 147). The Swiss Federal Data Protection and Information Commissioner (FDPIC) enforces these rules, emphasizing that unauthorized access—even with consent—can constitute a data breach. Exceptions exist for legitimate business purposes (e.g., IT support with explicit authorization) or explicit legal mandates, but these are strictly scrutinized. The 2026 revision of the nDSG further tightens penalties, introducing fines up to CHF 250,000 for negligent violations.
Key Regulations for Sharing Passwords in Switzerland
- Federal Act on Data Protection (nDSG, Art. 6 & 32): Prohibits sharing login credentials unless required by law or with prior written consent from the data subject. Unauthorized sharing may trigger Art. 17 nDSG, mandating breach notifications to the FDPIC within 72 hours.
- Criminal Code (Art. 147): Classifies password sharing as unauthorized access to a data processing system, punishable by up to 3 years imprisonment or fines. Joint liability applies if shared credentials enable secondary breaches.
- FDPIC Guidelines (2024): Clarify that shared accounts (e.g., family subscriptions) must comply with contractual terms of service and data minimization principles. Employers risk vicarious liability if employees misuse shared credentials under Art. 7 nDSG.