The U.S. and Swiss governments finalized an agreement allowing multinationals to transfer personal data between the two countries. The agreement parallels the Privacy Shield currently in place between the European Union and the United States.
The U.S.–Swiss Privacy Shield provides the framework for companies to adhere to Swiss data protection laws and regulations when transferring personal data from Switzerland to the U.S. as part of commercial dealings. Companies can begin certifying their compliance on April 12.
This agreement replaces the U.S.–Swiss safe harbor framework, which follows the same fate of its U.S.–E.U. safe harbor—the European Court of Justice struck down the U.S.–E.U. safe harbor in October 2015 after determining that it failed to offer adequate protections to E.U. citizens. Specifically, the European Court of Justice believed that the safe harbor did not protect against the U.S. intelligence officials’ access to European Union citizens’ personal data.
The U.S.–Swiss Privacy Shield imposes stricter obligations on U.S. companies to protect Swiss citizens’ personal data and on the Commerce Department and the Federal Trade Commission to enforce. Like its E.U. counterpart, this Privacy Shield also establishes various channels for Swiss citizens to lodge complaints regarding data misuse. The Privacy Shield creates a privacy ombudsman to handle concerns about data misuse. Further, this Privacy Shield contains written assurances from the U.S. government that there will not be unrestricted access by U.S. law enforcement and intelligence officials.
The U.S.–E.U. Privacy Shield has taken off, with more than 700 companies certifying their compliance. American companies that transact business in or employ citizens of Switzerland should analyze their current personal data transfers to ensure compliance and certify on April 12.
Jenny L. Holmes is associate at Nixon Peabody. Read more Nixon Peabody blogs here.