Tuesday, January 17, 2017, 9:54 AM

Swiss-US Privacy Shield Will Replace Swiss-US Data Protection Safe Harbor

By Ted Claypoole
Ted Claypoole

On January 11, 2017, the Swiss Federal Council announced that a new framework will govern the transfer of personal data from Switzerland to the US. According to the Federal Council, the Swiss-US Privacy Shield Framework “will apply the same conditions as the European Union.” The International Trade Administration stated that the US Department of Commerce will begin accepting certifications on April 12. Certification will allow companies to comply with Swiss data protection requirements, facilitating transatlantic commerce.

The Federal Council made note of several changes from the Swiss-US Safe Harbor to the Swiss-US Privacy Shield, including:

• “Stricter application of data protection principles by participant companies”
• Heightened administration and supervision requirements by US authorities
• Enhanced cooperation between the Swiss Federal Data Protection and Information Commissioner and the US Department of Commerce
• A new arbitration body to handle claims
• Introduction of an ombudsperson in the US Department of State, who will address the concerns of Swiss citizens about the processing of their personal data by US intelligence services

Because the Swiss-US Privacy Shield aligns with the EU-US Privacy Shield, the self-certification process should not be overly burdensome.

However, in light of this change, it is important to reassess current business practices to determine whether a company is participating in the transfer of personal data from Switzerland to the US. If so, companies should remove any references to the Safe Harbor, and should be ready to apply for self-certification. Further, companies should prepare for changes to internal policies to comply with the new requirements under the Swiss-US Privacy Shield.

Ted Claypoole is a Partner in the firm’s Intellectual Property Practice Group where he leads the firm’s IP Transaction Team, as well as the Data Privacy and Cybersecurity Team. Ted counsels clients on managing information security risk and cross-border data transfer issues, including those involving the European Union and the Data Protection Safe Harbor.

Labels: , , ,


Post a Comment

<< Home

back to top