PH Privacy

Swiss Privacy Shield Approved; Applications Accepted April 12

January 12, 2017

James H. Koenig and Mary-Elizabeth M. Hadley

Yesterday, the U.S. International Trade Administration (“ITA”) and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) announced the final approval of a Swiss-U.S. Privacy Shield Framework (“Swiss Privacy Shield”), replacing the U.S.-Swiss Safe Harbor Framework (“U.S.-Swiss Safe Harbor”) for the transfer of data from Switzerland to the United States.

• Similar to EU-U.S. Privacy Shield.  The Swiss Privacy Shield is “modeled on” and aligns with its EU counterpart, the EU-U.S. Privacy Shield Framework (“EU-U.S. Privacy Shield”).  It will similarly require certifying organizations to have a conforming privacy policy, publicly commit to comply with the Privacy Shield Principles, annually recertify to the U.S. Department of Commerce (“Commerce”), provide free independent dispute resolution to Swiss individuals and be subject to the U.S. Federal Trade Commission (“FTC”), Department of Transportation or another enforcement agency.

• Improvements Noted.  Also like the EU-U.S. Privacy Shield, the Swiss Federal Counsel noted that the Swiss Privacy Shield provides better protections than the prior U.S.-Swiss Safe Harbor, including intensified cooperation between Commerce and the FDPIC, the establishment of an arbitration body to deal with unresolved claims and the ability of Swiss residents to address inquiries relating to U.S. intelligence agencies’ data processing to an ombudsman in the U.S. State Department.  Additionally, the FDPIC will serve as a point of contact for persons in Switzerland in the event of any problems related to U.S. data transfers. 

• FTC Support.  Today, FTC Chairwoman Edith Ramirez issued a statement of support, praising the Swiss-U.S. Privacy Shield’s ability to “facilitate[] continued transatlantic commerce” and “strengthen[] privacy protections for Swiss consumers.”

• Applications Accepted April 12.  Commerce will begin accepting applications in three months on April 12, 2017.  Although it appears the certification process will be very similar to the EU-U.S. Privacy Shield, the ITA has promised that additional information on next steps will be forthcoming on Commerce’s Privacy Shield website. 

• Get Ready to Certify.  Whether you have an existing U.S.-Swiss Safe Harbor certification and/or are interested in obtaining the new Swiss-U.S. Privacy Shield certification, you should begin preparations now to certify by the April 12 date to avoid any potential compliance gaps.
  PH Privacy is Paul Hastings’ Privacy, Cybersecurity and Data Governance blog. We welcome your feedback. Please contact our blog editor with any thoughts or suggestions.