Take-Aways (AI)
- Easier conditions for the transfer of personal data to the USA only apply to US companies with Swiss-US Privacy Shield certification.
- Swiss companies must check the Privacy Shield List before transferring data; otherwise alternative guarantees are required.
- Authorities cannot obtain Swiss-US Privacy Shield certification.
- Only private companies under FTC and DOT supervision can be certified; banks, insurance companies and telecommunications providers generally cannot.
In light of the fact that U.S. companies have been able to certify for the Swiss-US Privacy Shield since April 12, 2017, the FDPIC published guidance for Swiss companies on the Swiss-US Privacy Shield on May 2, 2017 (see here):
- The eased conditions for personal data transfers to the US apply with respect to US companies that are certified for the Swiss-US Privacy Shield. Certification for the EU-US Privacy Shield is not sufficient.
- Prior to transferring personal data to U.S. companies, Swiss companies should consult the Privacy Shield List check whether the companies concerned have been certified for the Swiss-US Privacy Shield. Otherwise, the transfer of personal data requires other sufficient safeguards (such as the EU standard contractual clauses or the binding corporate rules).
- Public authorities cannot be certified for the Swiss-US Privacy Shield.
- Private companies can only be certified if they are subject to the supervision of the Federal Trade Commission (FTC) and the Department of Transportation (DOT). Consequently, banks, insurance companies and telecommunications companies cannot be certified.