October 21, 2020

Volume X, Number 295

October 21, 2020

Subscribe to Latest Legal News and Analysis

October 20, 2020

Subscribe to Latest Legal News and Analysis

October 19, 2020

Subscribe to Latest Legal News and Analysis

Impact of Swiss Privacy Shield Inadequacy Decision

In a much anticipated ruling, this month the Swiss Data Protection Authority concluded that the EU-US Swiss Privacy Shield was no longer an adequate method for transferring personal information from Switzerland to the US. In reaching this decision, the Swiss data protection authority agreed with the recent, similar, EU decision of inadequacy. Like the EU, Switzerland anticipates those transferring personal information from Switzerland to the US to rely on standard contractual clauses. However like the EU, Switzerland cautions that companies should assess “on a case-by-case basis” whether the recipient provides sufficient protection.

The policy paper from the Swiss authority provides not only a list of factors that Swiss companies can take when determining whether to transfer data to the US, but also outlines the interplay between Swiss and EU laws (keeping in mind, of course, that Switzerland is not a member of the EU). Noting that Switzerland is not bound to the recent Schrems II decision that resulted in the downfall of the EU-US Privacy Shield adequacy, it did indicate times where EU courts would expect Swiss companies to observe EU law. With this in mind, the Swiss data protection authority felt it necessary to reassess the US-Swiss Privacy Shield, and in doing so, reached the same conclusion as the EU (i.e., that it was not adequate).

Putting it Into Practice: This decision places transfers from Switzerland to the US on the same footing as those from the EU. Companies engaging in these activities will likely turn to Standard Contractual Clauses, but should keep in mind the suggestions raised by both the EU  and Switzerland when implementing them.

Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume X, Number 266


About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...