If it has been formally decided that a country or an international body offers an adequate level of data protection, data may be sent to that country or international body without the need to ensure adequate data protection by contract or other guarantees.
Foreign adequacy decisions concerning Switzerland
The EU deemed Switzerland to provide an adequate level of data protection in a decision issued in 2000. This adequacy decision was based on the old Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. This has been replaced by the GDPR. The EU is currently examining the level of data protection in Switzerland on the basis of the GDPR. In the meantime, the previous adequacy decision continues to apply.
Following Brexit, the UK also recognised Switzerland as a state that offers an adequate level of data protection.
Adequacy decisions by Switzerland
Under the revised FADP, the Federal Council is responsible for deciding whether the legislation of a country or an international body guarantees adequate protection (see Art. 16 para. 1 FADP). The states, territories, specific sectors in a country and international bodies with adequate data protection are listed in Annex 1 of the Data Protection Ordinance (O-FADP).
Last modification 24.04.2023