Swiss‑U.S. Pri­va­cy Shield: Self-cer­ti­fi­ca­ti­ons are pos­si­ble as of today

Begin­ning today (April 12, 2017), U.S. com­pa­nies can initia­te the cer­ti­fi­ca­ti­on pro­cess under the Swiss‑U.S. Pri­va­cy Shield with the DOC.

The Pri­va­cy Shield (see our Over­view and our pre­vious con­tri­bu­ti­ons on the sub­ject) replaces the Safe Har­bor Agree­ment, which was deemed inva­lid by the ECJ in the “Schrems” ruling, as the basis for trans­fer­ring per­so­nal data to the USA. The USA is other­wi­se con­si­de­red to have an ina­de­qua­te level of data protection.

Cer­ti­fi­ca­ti­on under the EU-US Pri­va­cy Shield has been pos­si­ble sin­ce August 1, 2016. Howe­ver, U.S. com­pa­nies that are only cer­ti­fied under the EU‑U.S. Pri­va­cy Shield do not pro­vi­de suf­fi­ci­ent pro­tec­tion from a Swiss per­spec­ti­ve. As a basis for the trans­fer of per­so­nal data from Switz­er­land to the U.S., a sepa­ra­te cer­ti­fi­ca­ti­on under the Swiss‑U.S. Pri­va­cy Shield is requi­red. Fur­ther infor­ma­ti­on can be found at here.