Behind the Scenes

Arent Fox's advertising law blog - latest news and trends in advertising, data security & privacy, and fashion & entertainment.

Behind the Scenes

Swiss-US Privacy Shield Trails EU-US Privacy Shield

alert

Swiss-US Privacy Shield Trails EU-US Privacy Shield

What’s New?

Companies transferring data from Switzerland to the US should take note: the Swiss-US Privacy Shield has arrived!

Why Should You Care?

Global companies that transfer personal information—specifically, the transfer of Swiss individuals’ personal information, from Switzerland to the US—must have a legal mechanism in place for doing so. The Privacy Shield provides an enforceable mechanism that the EU and Swiss governments have deemed adequate. The Swiss-US Privacy Shield complements the EU-US Privacy Shield, which applies only to European Economic Area (EEA) member countries.

What Do You Need to Know?

  1. The Swiss-US Privacy Shield largely mirrors the EU-US Privacy Shield. It has 7 main requirements surrounding the following familiar privacy principles: notice; choice; accountability for onward transfer; security; data integrity and purpose limitation; access; and recourse, enforcement and liability. For a summary of the EU-US Privacy Shield, please find our previous alert covering it here. US companies could be subject to an FTC or court order if they choose to participate in the Shield, but fail to comply with its requirements. 
  2. There is a major difference in the definition of sensitive information. Departing from the EU-US Privacy Shield, the Swiss-US Privacy Shield expressly includes within its definition of “sensitive information” any ideological views or activities, information on social security measures or administrative or criminal proceedings and sanctions. This expanded definition of sensitive information could affect companies that intend to certify their compliance under the Swiss-US Privacy Shield, as they may need to implement additional measures to safeguard the additional data types that are considered sensitive under the Swiss-US Privacy Shield.
  3. There are also minor differences between the EU and Swiss Privacy Shield. For example, the Swiss FDIC’s authority substitutes for that of the EU DPAs’ authority. Also, at the first annual review, the Department of Commerce will work with the Swiss Government to put in place the binding arbitration option that is available under the EU-US Privacy Shield.

The text of the Swiss-US Safe Harbor is available here.

What’s Next?

Organizations can begin self-certifying their compliance to the Swiss-US Privacy Shield on April 12, 2017, by going on privacyshield.gov. We note that as the Swiss-US Privacy Shield is being rolled out, the EU-US Privacy Shield faces at least two separate challenges, alleging that the new agreement fails to address the concerns that were raised by the ECJ during the US-EU Safe Harbor’s invalidation. It remains to be seen how these challenges will affect both the EU-US and Swiss-US Privacy Shields.
 
Arent Fox’s Cybersecurity & Data Protection group monitors developments in the data protection field. For more information, please do not hesitate to contact Sarah L. Bruno, Eva J. Pulliam, and Lourdes M. Turrecha.

SUBSCRIBE

Add this blog to your RSS feed reader.

Arent Fox In Your Inbox
To subscribe to Arent Fox Alerts and other news, click here.

ABOUT ARENT FOX LLP

Arent Fox LLP, founded in 1942, is internationally recognized in core practice areas where business and government intersect. With more than 350 lawyers, the firm provides strategic legal counsel and multidisciplinary solutions to clients that range from Fortune 500 corporations to trade associations. The firm has offices in Los Angeles, New York, San Francisco, and Washington, DC.