Switzerland: Swiss-US Privacy Shield for data transmission to the US
In 2008, Switzerland concluded a bilateral framework agreement with the US, the Safe Harbour Agreement, on data transmission to the US. The Agreement was contested in a judgement of the European Court of Justice on 6 October, 2015. The Swiss Federal Council did not, however, rescind the agreement. It was necessary, however, for Switzerland to swiftly conclude an agreement corresponding to the EU-US Privacy Shield.
On 11 January, 2017, the Federal Council took note of the creation of a new framework for transmission of personal data from Switzerland to the US. The Swiss Federal Data Protection and Information Commissioner (FDPIC) substitutes the rescinded Safe Harbour Agreement with the Swiss-US Privacy Shield.
Pursuant to Art. 6 Para. 1 of the Swiss Data Protection Act (DSG), personal data shall not be transmitted from Switzerland to a foreign country and processed, unless appropriate data protection is guaranteed in such third country. The US has no legislation to guarantee suitable data protection as required by DSG (as also pursuant to (BDSG)). Under the Swiss-US Privacy Shield, Switzerland recognises the adequacy of data protection of US firms certified under the Swiss-US Privacy Shield (analogous to Safe Harbour).
Federal Council member Johann Schneider-Ammann intends to officially confirm this in the next couple of days in a letter to US Secretary of Commerce, Penny S. Pritzker.
The Swiss Federal Council considers the Swiss-US Privacy Shield an improvement on Safe Harbour: The data protection principles applied by the participating companies and the administration and supervision of the framework by US authorities have been strengthened. Cooperation between the US Department of Commerce and the FDPIC will also be intensified. An arbitration body will furthermore be nominated to settle disputes.
Experts are critical about the Swiss-US Privacy Shield: They consider it almost as inadequate as the 2008 Safe Harbour Agreement.
The “Swiss-US Privacy Shield” (virtually) corresponds to the “EU-US Privacy Shield” in substance, which likewise attracts criticism.