On January 11, 2017, the Swiss Federal Council announced that a new framework will govern the transfer of personal data from Switzerland to the US. According to the Federal Council, the Swiss-US Privacy Shield Framework “will apply the same conditions as the European Union.” The International Trade Administration stated that the US Department of Commerce will begin accepting certifications on April 12. Certification will allow companies to comply with Swiss data protection requirements, facilitating transatlantic commerce.
- The Federal Council made note of several changes from the Swiss-US Safe Harbor to the Swiss-US Privacy Shield, including:
- “Stricter application of data protection principles by participant companies”
- Heightened administration and supervision requirements by US authorities
- Enhanced cooperation between the Swiss Federal Data Protection and Information Commissioner and the US Department of Commerce
- A new arbitration body to handle claims
- Introduction of an ombudsperson in the US Department of State, who will address Swiss persons’ concerns about the processing of their personal data by US intelligence services
Because the Swiss-US Privacy Shield aligns with the EU-US Privacy Shield, the self-certification process should not be overly burdensome.
However, in light of this change, it is important to reassess current business practices to determine whether a company is participating in the transfer of personal data from Switzerland to the US. If so, companies should remove any references to the Safe Harbor, and should be ready to apply for self-certification. Further, companies should prepare for changes to internal policies to comply with the new requirements under the Swiss-US Privacy Shield.