Adequacy
If it has been formally decided that a country or an international body offers an adequate level of data protection, data may be sent to that country or international body without the need to ensure adequate data protection by contract or other guarantees.
Foreign adequacy decisions concerning Switzerland
EU
The EU deemed Switzerland to provide an adequate level of data protection in a decision issued in 2000. This adequacy decision was based on the old Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. This has been replaced by the GDPR. The EU is currently examining the level of data protection in Switzerland on the basis of the GDPR. In the meantime, the previous adequacy decision continues to apply.
In its report of 15 January 2024, the EU determined that Switzerland has an adequate level of data protection based on the GDPR as well.
Commission staff working document on adequacy decisions (PDF, 2 MB, 15.01.2024)Country reports on the functioning of the adequacy decisions adopted under Directive 95/46/EC Accompanying the document Report from the Commission to the European Parliament and the Council
on the first review of the functioning of the adequacy decisions adopted pursuant to Article 25(6) of Directive 95/46/EC
UK
Following Brexit, the UK also recognised Switzerland as a state that offers an adequate level of data protection.
Adequacy decisions by Switzerland
Under the revised FADP, the Federal Council is responsible for deciding whether the legislation of a country or an international body guarantees adequate protection (see Art. 16 para. 1 FADP). The states, territories, specific sectors in a country and international bodies with adequate data protection are listed in Annex 1 of the Data Protection Ordinance (O-FADP).
Further topics
Last modification 15.08.2024