Search for:

On January 11, 2017, the US and Swiss authorities announced their agreement on a new cross-border data transfer framework, the Swiss-US Privacy Shield Framework, to allow US companies to meet the requirements for transfers of personal data from Switzerland to the US. 

This new Framework, which will replace the existing US-Swiss Safe Harbor program, will begin accepting self-certifications from US companies starting on April 12, 2017.

The Framework requirements were described by Swiss authorities as aligning with those agreed to between the US and EU authorities for the EU-US Privacy Shield Framework, and the Principles governing the two frameworks mirror each other: Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, Recourse, Enforcement and Liability.  This alignment should mean that companies that are eligible for EU-US Privacy Shield certification will likely also be eligible for US-Swiss Privacy Shield certification, provided that they perform appropriate due diligence and compliance on Swiss to US data flows, similar to what was accomplished by the twin Safe Harbor programs.

For companies that have existing US-Swiss Safe Harbor certifications, self-certification to this new Framework will also address the uncertainty related to personal data transfers under that program, the validity of which was called into question by the Swiss data protection authority shortly after the invalidation of the US-EU Safe Harbor program and which the Swiss Federal Council has just formally terminated.

The Swiss authorities stated in their announcement that US companies can start the certification process with the US Department of Commerce within a three month period (from now until April 12, 2017), during which the Swiss data protection authority will not undertake enforcement actions against them.

Author

Amy de La Lama is a partner in Baker McKenzie's Chicago office. She has assisted a wide array of companies (financial institutions, retail companies, sourcing providers, online businesses) in addressing legal issues related to global privacy and data collection, data security, information technology and related restrictions on data collection and movement.

Author

Author

Michael Egan is a partner at Baker & McKenzie´s Washington D.C. Office. He advises clients across various industries on global privacy and information management, data security and information technology matters. He formerly practiced in the Firm’s Compliance and Investigations group, assisting companies in multi-jurisdictional internal investigations and compliance matters, primarily related to anti-bribery and anti-money laundering compliance, and representing companies before government authorities on compliance matters.