08.09 Transmission of personal data abroad

08 Data Protection

Under FADP 6, personal data may only be transferred abroad if the level of data protection in the country in question is similar to that in Switzerland. To this end, the Federal Data Protection and Information Commissioner (FDPIC) draws up a list of countries which, from a Swiss perspective, have an adequate level of data protection (s. www.edoeb.admin.ch/dam/edoeb/de/dokumente/2017/04/staatenliste.pdf.download.pdf/staatenliste.pdf).

As the EU in particular does not consider the level of data protection in the very important trading partner USA to be sufficiently high, the EU and Switzerland have created a special solution with the USA. In the «Privacy Shield» framework, the EU, Switzerland and the USA have defined data protection standards. When US companies accede to this agreement, they commit themselves to comply with the relevant standards. This means that the similarly high level of data protection required by FADP is guaranteed when personal data is transferred to these companies. To find out which US companies have acceded to the agreement, click on the following link: www.privacyshield.gov/list.

With its decision of 16 July 2020, the European Court of Justice declares the Privacy Shield Decision 2016/1250 of the European Commission and thus the application of the «Privacy Shield» framework in the EU invalid. In the relationship between Switzerland and the USA, the «Privacy Shield» framewokr will continue to apply until further notice. However, Switzerland will have to think about this independently and will probably have to follow a new EU solution in the future. (see also article in Tages-Anzeiger Online of 16.07.2020).

08 Data Protection