September 18, 2020
Just months after the EU high court invalidated the EU-U.S. Privacy Shield for not adequately protecting the privacy of EU citizens’ personal data, a Swiss privacy regulator arrived at the same conclusion for the Swiss-U.S. Privacy Shield.
BEERG’s Derek Mooney writes: "Though Switzerland is outside the EU, it has adopted data protection rules that closely mirrored the EU’s GDPR. Following the July Schrems II decision, the Swiss Federal Data Protection and Information Commissioner (FDPIC) undertook its own review and arrived at the same conclusion."
The paper the FDPIC published last week advised Swiss data controllers that the Swiss-U.S. Privacy Shield does not provide an adequate level of protection for personal data transferred from Switzerland to the United States.
In practice, companies cannot now rely on the Swiss-U.S. Privacy Shield framework and comply with Swiss law. In Switzerland, this is an administrative process rather than a judicial one.
On September 22nd, 2020, at 12:00 PM EDT, HR Policy will host a discussion with major HR vendors about what can be done now to protect data flows from the EU and avoid liability, and what the next steps may look like. You can register for the webinar here.