The governments of Switzerland and the United States finalised
the Swiss-U.S. Privacy Shield Framework on 11 January. The
Framework is similar in many respects to the EU-U.S. Privacy
Shield, and replaces the U.S.-Swiss Safe Harbor Framework with
The new Swiss-U.S. Privacy Shield Framework (Framework) will
enable certified companies to carry out data transfers between the
two countries in compliance with Swiss data protection laws. The
Framework deliberately mirrors the EU-U.S. Privacy Shield to
provide consistency – with the Swiss Federal Council pointing
to this as a significant measure as "it guarantees the same
general conditions for persons and businesses in Switzerland and
the EU/EEA area in relation to trans-Atlantic data flows."
The Framework replaces the U.S.-Swiss Safe Harbor Framework, the
validity of which has been doubted following the invalidation of
the U.S.-EU Safe Harbor regime by the Court of Justice of the
European Union in October 2015.
The Framework is designed to be more robust than its predecessor
in a number of ways. In particular:
Certified companies will be under
stricter obligations to protect data, and to provide certain
information to data subjects
There will be greater cooperation
between the U.S. Commerce Department and the Swiss data protection
Certified companies must provide free
and accessible dispute-resolution mechanisms, including the ability
for data subjects to raise complaints directly with the company, or
to submit them to binding arbitration
U.S. companies wishing to certify under the new U.S.-Swiss
Privacy Shield can begin the certification process from 12 April
this year. Once certified, Switzerland will recognise these
companies as having adequate data protection standards. In turn,
this will allow most Swiss companies to transfer the personal data
that they collect to certified U.S. business partners without
requiring additional contractual guarantees.
The Swiss-U.S. Privacy Shield Framework will ensure that Swiss
data subjects benefit from the same level of protection as their
European counterparts. Meanwhile, the future of the EU-U.S. Privacy
Shield hangs in the balance, with challenges to its adequacy pending before the
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In light of the much anticipated ICO draft GDPR (the General Data Protection Regulation) Consent Guidance being published yesterday, 2 March 2017, we will be running a mini-series on the guidelines under consultation and the impact the GDPR will have on the much vexed position of consent and the impact on your business.
The first of our four discussions on the ICO guidelines for Consent will focus on the meaning of consent under the GDPR (General Data Protection Regulation) and how this change enhances the previous law on consent to data processing.
The fourth and final part of our mini-series on the draft ICO guidance on Consent, published on 2 March 2017, focuses on the practical impact the GDPR (General Data Protection Regulation) will have on how your organisation records and manages consent.
A fundamental aspect of all fair and lawful processing of personal data under the current data protection rules is the requirement for the party who is the data controller to meet one or more conditions ("the conditions for processing").
The second in our mini-series on the ICO guidance on Consent, published on 2 March 2017, focuses on how the changes to be introduced by the GDPR (General Data Protection Regulation) will impact upon your business and what you can do to pre-empt the changes before their introduction in May 2018.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).