Swiss-U.S. Privacy Shield Opens for Self-Certifications

By Amanda J. Katzenstein

On April 12, 2017, the Department of Commerce will begin accepting self-certifications to the Swiss-U.S. Privacy Shield. The Swiss-U.S. Privacy Shield was approved to be an adequate legal mechanism for compliance with Swiss requirements to transfer personal data from Switzerland to the United States after the Swiss-U.S. Safe Harbor was declared invalid following the Schrems decision on October 6, 2015. 

Following approval by the Swiss government on January 12, 2017, the Swiss-U.S. Privacy Shield immediately replaced the Swiss U.S. Safe Harbor. However, to give organizations the time needed to self-certify, the Federal Data Protection and Information Commissioner announced that it would not take enforcement action during the three-month period leading up to the first day when U.S. companies could self-certify. This three-month period was critical because unlike the E.U.-U.S. Privacy Shield, there is no grace period after self-certification with the Swiss-U.S. Privacy Shield for companies to ensure their third-party contracts are aligned.

The Swiss-U.S. Privacy Shield is nearly identical to the E.U.-U.S. Privacy Shield, but there are important distinctions like the definition of sensitive information. To discuss compliance with the Swiss-U.S. Privacy Shield or other available alternatives, please contact a member of Polsinelli’s Privacy and Data Security practice.