NEW SWISS-U.S. PRIVACY SHIELD FRAMEWORK

Dmytro Pichugin

Managing PartnerAttorney at Law

January 31, 2017News


NEW SWISS-U.S. PRIVACY SHIELD FRAMEWORK

The Swiss Government and the U.S. Department of Commerce announced their agreement on Swiss-U.S. Privacy Shield framework (the “Swiss Privacy Shield”), a new transatlantic personal data framework that aimed to establish comparable protections for data transferred or accessed by the U.S. as those secured by the European Union under the European Union (EU)-U.S. Privacy Shield framework.
The Swiss Privacy Shield supersedes the U.S.-Swiss international agreement called “U.S.-Swiss Safe Harbor”, legitimacy of which has been in question since the Court of Justice of the EU rendered a judgment invalidating the U.S.-EU Safe Harbor Agreement. Following the mentioned judgment, the framework was revised and EU-U.S. Privacy Shield framework, adopted on July 12, 2016, replaced U.S.-EU Safe Harbor Agreement.

As similarity of the Swiss Privacy Shield and EU-U.S. Privacy Shield framework was intended to guarantee “the same general conditions for persons and businesses in Switzerland and the EU/EEA area in relation to trans-Atlantic data flows”, Principles of these two frameworks are aligned. The Swiss Privacy Shield is more comprehensive than its predecessor, the U.S.-Swiss Safe Harbor, and following changes should be highlighted:

• New commitments are introduced to limit access of the U.S. Government to personal data for national security purposes;
• It is required to annually prove compliance with the Swiss Privacy Shield principles;
• Existence of new arbitration body that is empowered to provide individual remedies;
• Switzerland will be able to address enquiries relating to the processing of their data by US intelligence services to an ombudsperson in the US State Department.

According to the Swiss Government, American companies that process data can obtain certification under the Swiss-US Privacy Shield regime and thereby make themselves subject to its rules. Switzerland will recognise such companies as having adequate data protection standards. Swiss companies will thus be able in most cases to transmit personal data to certified business partners in the USA again without requiring additional contractual guarantees.

  • Legal disclaimer. This article does not constitute legal advice and does not establish an attorney-client relationship. The article should be used for informational purposes only.

Follow us: