Transfer of data to the USA

Policy Paper of the FDPIC

Second Swiss-US Privacy Shield Review

First Swiss-US Privacy Shield Review

The FDPIC’s has published his first annual joint review report (in German, English version will follow within mid-March). It corresponds largely with the European Data Protection Board (EDPB)’s second annual joint review report which was published on January 22 2019.


List of Privacy Shield arbitrators

If a complaint against a US company certified under the Privacy Shield remains unsettled after recourse to all other legal remedies, a binding arbitration procedure is available as a last resort. It must be initiated personally by the individual concerned and is binding on the certified company. The arbitration takes place in the USA. For more information, see pages 13-14 of our guide.

Officially appointed arbitrators are available to conduct the procedure. The first five have been appointed specifically for the Swiss-US Privacy Shield. However, all the arbitrators listed are available.

To the list of arbitrators.

Guide to the Swiss-US Privacy Shield

24.08.17 - The FDPIC has elaborated a practical brochure to the Swiss-US Privacy Shield. It provides information on the company's obligations and the rights of persons whose data is processed as well as how they can complain.

Complaint forms

If a US Privacy Shield certified company does not process personal data correctly, data subjects can file their complaint directly to the company or via the FDPIC. He will forward the complaint form to the appropriate US authority.

Complaints regarding the processing of personal data by US authorities are submitted through the US Ombudsperson Mechanism. The request must be submitted to the FDPIC in writing.

You can find appropriate forms in German or French on this website.

Privacy Shield – a brief overview

02.05.17 - Since 12 April 2017, US companies have been able to self-certify for the Swiss-US Privacy Shield. To do so, they must register on the Department of Commerce (DOC) website and meet the certification requirements.

If a particular US company is not registered, other measures must be taken to transfer personal data in accordance with data protection rules. These may include contractual guarantees or Binding Corporate Rules (cf. Art. 6 para. 2 of the Federal Data Protection Act, FDAP).

Swiss companies should follow our advice.

Swiss-US Privacy Shield: new legal framework for the transfer of data to the USA

11.01.17 - At its meeting today, the Federal Council took note that a new framework, Privacy Shield, has been established for the transfer of personal data from Switzerland to the USA. Privacy Shield replaces the Safe Harbor Agreement between Switzerland and the USA, which the FDPIC had declared inadequate and which the Federal Council has now formally terminated. The FDPIC welcomes the introduction of the new framework.

Swiss-U.S. Privacy Shield FAQs

Swiss-US Privacy Shield Framework

US-Swiss Safe Harbor Framework