Good news on the data protection front

15 August 2024

The Swiss Government has decided on August 14 that the Swiss-U.S. Data Privacy Framework would be effective as of September 15, 2024:

https://www.admin.ch/gov/en/start/documentation/media-releases.msg-id-102054.html

In practical terms, this means that, from this date, the transfer (including the access) of personal data from Switzerland to “certified organizations” in the US will be possible without the implementation of additional guarantees (such as the Standard Contractual Clauses (SCC) and a Transfer Impact Assessment (TIA)). Nevertheless, it is recommended to require the US-based data importer to commit to maintaining this self-certification, which must be annually renewed by the “certified organizations”.

The list of “certified organizations” in the United States is available here: https://www.dataprivacyframework.gov/list. It includes the main cloud service providers (Microsoft, Google, Amazon and Salesforce).

There is now a level-playing field with the EU: the legal situation is identical in the “EU-US” relationship (the EU equivalent of the Swiss-U.S. Data Privacy Framework came into force in July 2023) and in the “CH-US” relationship. It should be noted, however, that the EU-U.S. Data Privacy Framework is under attack within the EU, and any annulment could have a mirror effect in Switzerland. It is therefore recommended to continue securing data protection commitments from the US-based data importers.

OA SA
Esplanade de Pont-Rouge 5
1211 Genève 12
T 058 258 88 88
F 058 258 88 89
OA SA
Avenue de la Gare 12A
1003 Lausanne
T 058 258 86 00
F 058 258 86 01
OA SA
Place Pury 3
2000 Neuchâtel
T 058 258 86 00
F 058 258 86 24
OA SA
Place du Midi 29
1951 Sion
T 058 258 86 80
F 058 258 86 89