In light of the fact that U.S. companies have been able to certify for the Swiss-US Privacy Shield since April 12, 2017, the FDPIC published guidance for Swiss companies on the Swiss-US Privacy Shield on May 2, 2017 (see here):
- The eased conditions for personal data transfers to the US apply with respect to US companies that are certified for the Swiss-US Privacy Shield. Certification for the EU-US Privacy Shield is not sufficient.
- Prior to transferring personal data to U.S. companies, Swiss companies should consult the Privacy Shield List check whether the companies concerned have been certified for the Swiss-US Privacy Shield. Otherwise, the transfer of personal data requires other sufficient safeguards (such as the EU standard contractual clauses or the binding corporate rules).
- Public authorities cannot be certified for the Swiss-US Privacy Shield.
- Private companies can only be certified if they are subject to the supervision of the Federal Trade Commission (FTC) and the Department of Transportation (DOT). Consequently, banks, insurance companies and telecommunications companies cannot be certified.