On January 11, 2017, the U.S. Department of Commerce, the Swiss Federal Council and the Swiss Federal Data Protection and Information Commissioner (FDPIC) issued press releases announcing that an agreement has been reached on a new cross-border data transfer mechanism, the Swiss-U.S. Privacy Shield Framework (the Swiss Privacy Shield).
The Swiss Privacy Shield replaces its predecessor, the U.S.-Swiss Safe Harbor Framework, more than a year after the European Court of Justice (the “EJC”) invalidated the U.S.-EU Safe Harbor agreement. The ECJ’s decision led the Swiss government to conclude that the analogous U.S.-Swiss Safe Harbor program no longer provided a sufficient legal basis to protect Swiss personal data being transferred to the United States.
According to the FDPIC’s announcement, the new Swiss Privacy Shield applies the same standards to the transfer of personal data to the U.S. as are applied under the EU-U.S. Privacy Shield, which is “highly significant, as it guarantees the same general conditions for persons and businesses in Switzerland and the EU/EEA area in relation to trans-Atlantic data flows.” Companies that previously were certified under both the EU and Swiss Safe Harbor Frameworks are likely to find the sibling Privacy Shield certification procedures similarly familiar.
Like the EU-U.S. Privacy Shield, the Swiss Privacy Shield includes stricter data protection requirements for participants, increased supervision by U.S. and Swiss regulators, and the ability for Swiss residents to lodge complaints about the processing of their personal data.
The Department of Commerce will start accepting self-certification applications for the Swiss Privacy Shield on April 12, 2017.