The governments of Switzerland and the United States finalised
the Swiss-U.S. Privacy Shield Framework on 11 January. The
Framework is similar in many respects to the EU-U.S. Privacy
Shield, and replaces the U.S.-Swiss Safe Harbor Framework with
The new Swiss-U.S. Privacy Shield Framework (Framework) will
enable certified companies to carry out data transfers between the
two countries in compliance with Swiss data protection laws. The
Framework deliberately mirrors the EU-U.S. Privacy Shield to
provide consistency – with the Swiss Federal Council pointing
to this as a significant measure as "it guarantees the same
general conditions for persons and businesses in Switzerland and
the EU/EEA area in relation to trans-Atlantic data flows."
The Framework replaces the U.S.-Swiss Safe Harbor Framework, the
validity of which has been doubted following the invalidation of
the U.S.-EU Safe Harbor regime by the Court of Justice of the
European Union in October 2015.
The Framework is designed to be more robust than its predecessor
in a number of ways. In particular:
Certified companies will be under
stricter obligations to protect data, and to provide certain
information to data subjects
There will be greater cooperation
between the U.S. Commerce Department and the Swiss data protection
Certified companies must provide free
and accessible dispute-resolution mechanisms, including the ability
for data subjects to raise complaints directly with the company, or
to submit them to binding arbitration
U.S. companies wishing to certify under the new U.S.-Swiss
Privacy Shield can begin the certification process from 12 April
this year. Once certified, Switzerland will recognise these
companies as having adequate data protection standards. In turn,
this will allow most Swiss companies to transfer the personal data
that they collect to certified U.S. business partners without
requiring additional contractual guarantees.
The Swiss-U.S. Privacy Shield Framework will ensure that Swiss
data subjects benefit from the same level of protection as their
European counterparts. Meanwhile, the future of the EU-U.S. Privacy
Shield hangs in the balance, with challenges to its adequacy pending before the
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
While companies prepare for the EU General Data Protection Regulation (GDPR) to take effect in May 2018, another highly significant item on the agenda is arguably the current review process of the proposal for a Regulation on Privacy and Electronic Communications (ePrivacy Regulation).
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).