• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

Swiss-U.S. Privacy Shield Finalized

January 16, 2017 By Privacy, Cyber & Data Strategy Team

On January 11, U.S. and Swiss authorities announced final agreement on the Swiss-U.S. Privacy Shield Framework. The Framework defines standards for handling personal data exported from Switzerland to the U.S. and enables U.S. companies to meet Swiss legal requirements to protect personal data transferred from Switzerland. The Framework is a successor to the former Swiss-U.S. Safe Harbor framework, which was declared invalid by the Swiss data protection commissioner following the invalidation of Safe Harbor by the European Court of Justice.  

U.S. companies may participate in the Framework through an application to the International Trade Association in the U.S. Department of Commerce. Starting April 12, U.S. companies may make an application self-certifying their compliance with Swiss-U.S. Framework Principles. More information will be provided at https://www.privacyshield.gov.  

The Swiss-U.S. Privacy Shield Framework is modelled off of the EU-U.S. Privacy Shield Framework approved by the EU Commission in July last year. The Swiss and EU Privacy Shield Framework principles are largely identical. However, the principles reflect a slight difference in the definition of “sensitive information,” an important concept under both the EU and Swiss Frameworks. Unlike the EU-U.S. Framework, the Swiss Framework expressly includes within its definition of “sensitive information” any “information on social security measures or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings.” This expanded Swiss definition could impact companies who certify their compliance under the Swiss-U.S. Framework. For example, these companies may need to implement further measures to secure opt-in consent if such “sensitive information” is shared with third parties or used for purposes which were not clear at the time of original collection.

The formerly adopted EU-U.S. Privacy Shield Framework extended only to members of the European Economic Area (EEA). U.S. and Swiss officials sought a separate Privacy Shield agreement since Switzerland is not a member of the EEA. As explained previously on this blog, the EU-U.S. Privacy Shield now faces legal challenge before European courts. It is not clear whether the new Swiss-U.S. Privacy Shield framework could eventually face a similar legal challenge.

Filed Under: Data Protection, Data Security, International Tagged With: European privacy, Max Schrems decision, Privacy Shield 2.0

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • The California Privacy Protection Agency Solicits Public Input on Forthcoming Privacy Regulations
  • U.S. Department of Commerce Announces the Establishment of a Global CBPR Forum
  • Colorado Issues Pre-Rulemaking Considerations for the Colorado Privacy Act
  • Recent Updates in Two Closely-Watched Cybersecurity and Privacy-Related Securities Fraud Class Actions
  • EU and U.S. Reach Agreement In Principle on a Replacement for the EU-U.S. Privacy Shield
Copyright © 2022 · Alston & Bird · All Rights Reserved. Privacy.