Cloud services are based on the fact that IT infrastructures, such as computing or network capacities, data storage or also software are made available directly via a network, in particular the Internet, and these can be obtained by a user as required. As a result, the user does not need to purchase the specific IT infrastructure locally and thus saves large acquisition costs.
For several years now, cloud computing has been experiencing an unstoppable demand – not only in the business environment, but also among private individuals. Nowadays, for example, almost everyone has a webmail account, e.g. at Bluewin or Gmail, or online storage at Dropbox or another provider. On these cloud providers are not only personal data, but in many cases other types of digital structured or unstructured data.
Insolvency proceedings can also be opened against cloud providers in the event of poor business performance. This creates an inherent risk for customers that they will no longer have access to computer data, systems or functions used for personal or business purposes.
In bankruptcy proceedings, the bankruptcy estate includes all attachable assets of the bankrupt (Art. 197 et seq. SchKG). Third-party property that is part of the bankruptcy estate may be segregated and reclaimed by the third party owner (Art. 242 para. 1 SchKG). However, this right only relates to real property. Data do not constitute physical objects and are subsequently not treated as objects to which legal ownership can be established.
Consequently, the Federal Debt Collection and Bankruptcy Act does not provide cloud providers’ customers with any assurance that they will be able to access or demand the return of their own data in the event of the provider’s bankruptcy. Under current law, companies and even private individuals lose all access and entitlement to access their own data in the event of the cloud provider’s insolvency because there is no legal basis for doing so. In the foreclosure proceedings, all assets, including in particular tangible assets such as the existing computers and storage media, are sold in silver. The data of the former customers located on the computers and storage media are only taken into account if they have an asset value and can also be silver-plated. Otherwise, the fate of the former customers’ data remains directly linked to that of the subject matter.
Contractual approaches to solutions do not have a safeguarding effect because a cloud provider in bankruptcy may not have any funds or personnel (any more) and may also no longer have a sustainable interest in meeting its contractual obligations. And there will also be little success in enforcing them in court at this point.
This state of affairs is intolerable in a modern, inevitably increasingly digitized (business) world. It is up to the Swiss legislator to make a de lege ferenda extension of the statutory rights to segregation in bankruptcy to data in Switzerland.
So far, only Luxembourg has addressed the problem and passed a law regulating the right to segregate data in the event of bankruptcy. Thus, a claimant has a claim against the bankrupt company to recover non-physical movable assets, provided that the data in question can be separated from the data of the other cloud users.
A comparable implementation on the handling of data in bankruptcy is also urgently needed in Switzerland for the sake of legal certainty.
For this reason, the law firm Suffert Neuenschwander & Partner(www.snplegal.com), which specializes in IT law and acts as advisor to the ICT umbrella association ICTswitzerland, has drafted a proposal that has been submitted as a parliamentary initiative by the association’s president, NR Marcel Dobler.
The motion proposes that the Federal Council be instructed to supplement Art. 242 of the Federal Debt Collection and Bankruptcy Act with an additional paragraph 1bis with the following content:
“The bankruptcy administration shall make an order for the surrender of non-physical assets which are claimed by a third party. The surrender requires that the non-physical assets can be separated and that the claimant can credibly show that they are only entrusted to the debtor.”
In support of this, it states:
In order for Switzerland to survive as a business location in the international ICT environment, it needs a sustainable foundation. This includes a stable and modern infrastructure, a well-trained workforce and progressive legal foundations for the protection of personal data as well as computer data.
The bankruptcy of a cloud provider poses major problems for customers and users today: The owner of data that he deposits with a cloud provider as a customer has no way of demanding it back if the cloud provider goes bankrupt. On the one hand, this is due to the fact that computer data do not constitute movable property under property law. On the other hand, there is no legal basis to apply to a bankruptcy administration for the return of the deposited data.
Jean Christophe Schwab’s parliamentary question No. 14.1064 of Sept. 16, 2014, to the Federal Council already asked whether bankruptcy law needs to be amended with regard to computer data so that customers can demand their data back from providers in the event of insolvency. The Federal Council answered the question in the negative, since in its opinion the data were already sufficiently protected and there was no need for a special rule for data in bankruptcy. The Federal Council seems to underestimate the explosive nature of the question, answering it only with regard to personal data in terms of data protection law, but without considering other digital data.
Because the current legal situation has extremely drastic consequences for the data owner in the event of the bankruptcy of a cloud provider and contractual regulations do not provide any protection, it is not only desirable but a long overdue necessity that the legislator addresses these counterproductive effects of bankruptcy. This would not only create a considerably clearer legal situation, providing legal certainty. On the contrary, this would also have a very positive impact on Switzerland as a business location for cloud services and for data and data centers.
The proposed extension of the provision in the SchKG creates a less burdensome regulation and practical solution for the segregation of non-physical movable assets, which must be implemented promptly.
In the meantime, the legal commission of the National Council has unanimously accepted the proposal, so that it is to be expected that the business will come before the councils, if not another federal office or another institution close to the federal government shoots across…
Dr. Peter K. Neuenschwander, Managing Director at KRM and Partner at snplegal.com
lic. iur. Simon Oeschger, Senior Associate at snplegal.com