US and Switzerland sign Privacy Shield agreement

The United States and Switzerland, on 12 January 2017, agreed the Swiss-US Privacy Shield Framework as a valid legal mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the United States. The Swiss-US Privacy Shield Framework will replace the US Swiss Safe Harbor immediately, the US Department of Commerce says. To give organizations the time needed to review the Privacy Shield Principles and the commitments they entail, US Acting Under Secretary of Commerce Ken Hyatt announced that the Department will begin accepting Privacy Shield certifications on 12 April 12, 2017. The Department will maintain a list of the participants, and there will be an annual review, just like with the EU-US Privacy Shield.

The EU Commission decision of 26 July 2000 declared the Swiss framework to provide adequate protection as required by the EU DP Directive. The US had a Safe Harbor arrangement in place with Switzerland since December 2008. However, Switzerland's Data Protection Commission declared on 7 October 2015 that it was following Court of Justice of the European Union's decision that the EU-US Safe Harbor was an inadequate legal basis for transfers of personal data to the US. In effect it declared that the Swiss-US Safe Harbor was also inadequate. The strong Statement dated 7 October 2015 by Switzerland’s Data Protection Commission on recommended action following the CJEU decision: “If data has to be stored externally, it should wherever possible be stored by European providers on servers in Europe. Swiss businesses and authorities that use products and services provided by American companies should enter into additional agreements to secure better protection for the persons concerned and their data.”

See and