16 Jan US-SWISS PRIVACY SHIELD
Acting Under Secretary of Commerce for International Trade Ken Hyatt yesterday (January 11, 2017) announced the final approval of the Swiss-U.S. Privacy Shield Framework. The Department of Commerce will begin accepting certifications on April 12, 2017.The Swiss and EU laws on data protection are equivalent. Accordingly, the US- Swiss Privacy Shield Principles and Supplemental Principles are modeled on the Principles and Supplemental Principles developed for the US-EU Privacy Shield Framework. The US-Swiss Privacy Shield is intended for use solely by organizations in the United States receiving personal data from Switzerland for the purpose of qualifying for the Privacy Shield and thus benefitting from Switzerland’s recognition of adequacy.
An organization must self-certify its adherence to the Principles to the Department of Commerce (or its designee) to rely on the US-SWISS Privacy Shield for transfer of personal data from Switzerland. Organizations that self-certify should publicly declare their commitment to adhere to the Privacy Shield Principles and must comply fully with the Principles.
The US-SWISS Privacy Shield requires an organization to:
(a) be subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC), the Department of Transportation or another statutory body that will effectively ensure compliance with the Principles (other US statutory bodies recognized by Switzerland may be included as an annex in the future);
(b) publicly declare its commitment to comply with the Principles;
(c) publicly disclose its privacy policies in line with these Principles; and
(d) fully implement them. An organization’s failure to comply is enforceable under Section 5 of the Federal Trade Commission Act prohibiting unfair and deceptive acts in or affecting commerce (15 USC § 45(a)) or other laws or regulations prohibiting such acts.
The US-SWISS Privacy Shield affects neither the application of national provisions implementing the Federal Act on Data Protection (FADP) that apply to the processing of personal data in Switzerland nor privacy obligations that apply under the US law.
See the US-SWISS Privacy Shield; US-Swiss Privacy Shield: better protection for data transferred to the USA; US-Swiss Privacy Shield: new framework for the transfer of data to the USA; PRIVACY SHIELD OVERVIEW