The Swiss cabinet has established a new framework for transferring personal data from Switzerland to companies based in the United States.
On Wednesday, the cabinet announced that Switzerland would adopt the same conditions as the European Union, which set up a comparable system with the US last summer.
This new framework replaces the previous Safe Harborexternal link arrangement and improves the security of private data. As the Swiss authorities pointed out in a statementexternal link, the “Swiss-US Privacy Shield is needed for the secure, efficient and rapid transfer of data. The US does not have legislation on data protection that guarantees an adequate level of protection in terms of Swiss law”.
The privacy shield goes beyond Safe Harbor with stricter data protection principles on the part of companies as well as better administration and supervision on the part of the US authorities. Going forward, there will be increased cooperation between the US Department of Commerce and Switzerland’s Federal Data Protection and Information Commissioner (FDPIC).
In addition to a new arbitration body for unresolved claims, there will be an ombudsperson with the US State Department for people living in Switzerland with questions about how their data is being handled by US intelligence services.
The privacy shield will apply to data transfer between companies, said FDPIC spokesman Francis Meier, “for example if a Swiss online-shop transmits their customers’ data to US-services for marketing purposes or if the subsidiary of a US-enterprise sends data related to their employees to the holding company”.
American companies that process data can apply for certification under the Swiss-US Privacy Shield regime, and Switzerland will recognise these companies as having adequate data protection standards.
“Currently, companies based in Switzerland who plan to transmit personal data to US-companies have to ensure adequate data protection based on contractual clauses or other measures that comply with Swiss data protection law,” Meier told swissinfo.ch. “With the Privacy Shield framework, certified companies will be allowed to transfer data without taking these measures.”
The new regulatory system corresponds to the solution adopted by the US and the 31 states of the EU and the European Economic Areaexternal link. It will take effect in 90 days.
Also on Wednesday, the Swiss cabinet approved Switzerland’s participation in the US Global Entry Programexternal link. Starting on February 1, 2017, Swiss nationals can register with Switzerland’s Federal Office of Police (fedpol) to participate.
“The program facilitates entry to the USA following pre-clearance security checks by the Swiss and US police authorities,” stated fedpol in a media releaseexternal link.
Once accepted into the program, a traveller can enter the country via automatic kiosks at certain American airports. Aimed at frequent travellers, the program reduces the long waiting times for clearing customs. In order to participate, applicants must be classified as “low risk” travellers following pre-clearance checks.
While fedpol does not save or gather personal data, it does disclose the applicant’s name, date of birth and passport number to the appropriate US authorities with the applicant’s prior written consent. This personal data disclosed to the US authorities is then subject to American data protection regulations.