Following EU, U.S. and Swiss Regulators Reach New ‘Privacy Shield’ Data Transfer Agreement
By Daniel L. Farris
The United States and Switzerland finalized a new “Privacy Shield” Agreement on Wednesday that mirrors the existing U.S.-EU Privacy Shield framework. The new deal will allow multinationals to continue to transfer data between the U.S. and Switzerland while complying with Swiss data protection requirements.
The new deal replaces the existing U.S.-Swiss Safe Harbor Agreement, the validity of which has been in question since the Schrems decisionwas issued in October of 2015. Companies that have maintained their Swiss Safe Harbor certification may begin certifying under the new U.S.-Swiss Privacy Shield framework on April 12th. The 90 day delay is intended to provide companies with time to review the new Swiss principles and the commitments they entail.
Acting Under Secretary of Commerce for International Trade, Ken Hyatt, praised the new accord, saying it “will enhance transatlantic data protection and support the continued growth of U.S.-Swiss commercial ties, which included two-way direct investment totaling more than $410 billion in 2015.” Swiss officials echoed the sentiment, highlighting that the new U.S.-Swiss deal aligns with the U.S.-EU Privacy Shield framework, and imposes stronger obligations on U.S. companies to protect the personal data of Europeans. Like the U.S.-EU framework, this new deal also requires more stringent monitoring and enforcement by the Department of Commerce and the Federal Trade Commission. “The fact that the two frameworks are similar is highly significant, as it guarantees the same general conditions for persons and businesses in Switzerland and the EU/EEA area in relation to trans-Atlantic data flows," the Swiss Federal Council said.
For assistance in understanding how the U.S.-Swiss Privacy Shield, U.S.-EU Privacy Shield, or GDPR may affect your company, auditing privacy and data security compliance programs, drafting model agreements, or preparing Binding Corporate Rules, please contact the author or a Polsinelli Privacy and Data Security practice member.