Swiss-U.S. Privacy Shield Finalized

Alston & Bird
Contact
LinkedIn
Facebook
X
Send
Embed

On January 11, U.S. and Swiss authorities announced final agreement on the Swiss-U.S. Privacy Shield Framework. The Framework defines standards for handling personal data exported from Switzerland to the U.S. and enables U.S. companies to meet Swiss legal requirements to protect personal data transferred from Switzerland. The Framework is a successor to the former Swiss-U.S. Safe Harbor framework, which was declared invalid by the Swiss data protection commissioner following the invalidation of Safe Harbor by the European Court of Justice.  

U.S. companies may participate in the Framework through an application to the International Trade Association in the U.S. Department of Commerce. Starting April 12, U.S. companies may make an application self-certifying their compliance with Swiss-U.S. Framework Principles. More information will be provided at https://www.privacyshield.gov 

The Swiss-U.S. Privacy Shield Framework is modelled off of the EU-U.S. Privacy Shield Framework approved by the EU Commission in July last year. The Swiss and EU Privacy Shield Framework principles are largely identical. However, the principles reflect a slight difference in the definition of “sensitive information,” an important concept under both the EU and Swiss Frameworks. Unlike the EU-U.S. Framework, the Swiss Framework expressly includes within its definition of “sensitive information” any “information on social security measures or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings.” This expanded Swiss definition could impact companies who certify their compliance under the Swiss-U.S. Framework. For example, these companies may need to implement further measures to secure opt-in consent if such “sensitive information” is shared with third parties or used for purposes which were not clear at the time of original collection.

The formerly adopted EU-U.S. Privacy Shield Framework extended only to members of the European Economic Area (EEA). U.S. and Swiss officials sought a separate Privacy Shield agreement since Switzerland is not a member of the EEA. As explained previously on this blog, the EU-U.S. Privacy Shield now faces legal challenge before European courts. It is not clear whether the new Swiss-U.S. Privacy Shield framework could eventually face a similar legal challenge.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Alston & Bird | Attorney Advertising

Written by:

Alston & Bird
Alston & Bird
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Alston & Bird on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide