The FDPIC’s has published his first annual joint review report (in German, English version will follow within mid-March). It corresponds largely with the European Data Protection Board (EDPB)’s second annual joint review report which was published on January 22 2019.
Policy Paper of the FDPIC
Policy paper on the transfer of personal data to the USA and other countries lacking an adequate level of data protection within the meaning of Art. 6 Para. 1 Swiss Federal Act on Data Protection (PDF, 205 kB, 04.12.2020)
Second Swiss-US Privacy Shield Review
First Swiss-US Privacy Shield Review
List of Privacy Shield arbitrators
If a complaint against a US company certified under the Privacy Shield remains unsettled after recourse to all other legal remedies, a binding arbitration procedure is available as a last resort. It must be initiated personally by the individual concerned and is binding on the certified company. The arbitration takes place in the USA. For more information, see pages 13-14 of our guide.
Officially appointed arbitrators are available to conduct the procedure. The first five have been appointed specifically for the Swiss-US Privacy Shield. However, all the arbitrators listed are available.
To the list of arbitrators.
Guide to the Swiss-US Privacy Shield
24.08.17 - The FDPIC has elaborated a practical brochure to the Swiss-US Privacy Shield. It provides information on the company's obligations and the rights of persons whose data is processed as well as how they can complain.
If a US Privacy Shield certified company does not process personal data correctly, data subjects can file their complaint directly to the company or via the FDPIC. He will forward the complaint form to the appropriate US authority.
Complaints regarding the processing of personal data by US authorities are submitted through the US Ombudsperson Mechanism. The request must be submitted to the FDPIC in writing.
Privacy Shield – a brief overview
02.05.17 - Since 12 April 2017, US companies have been able to self-certify for the Swiss-US Privacy Shield. To do so, they must register on the Department of Commerce (DOC) website www.privacyshield.gov/PrivacyShield/ApplyNow and meet the certification requirements.
If a particular US company is not registered, other measures must be taken to transfer personal data in accordance with data protection rules. These may include contractual guarantees or Binding Corporate Rules (cf. Art. 6 para. 2 of the Federal Data Protection Act, FDAP).
Swiss companies should follow our advice.
Swiss-US Privacy Shield: new legal framework for the transfer of data to the USA
11.01.17 - At its meeting today, the Federal Council took note that a new framework, Privacy Shield, has been established for the transfer of personal data from Switzerland to the USA. Privacy Shield replaces the Safe Harbor Agreement between Switzerland and the USA, which the FDPIC had declared inadequate and which the Federal Council has now formally terminated. The FDPIC welcomes the introduction of the new framework.
Swiss-U.S. Privacy Shield FAQs
Swiss-US Privacy Shield Framework
US-Swiss Safe Harbor Framework