The CH-US Privacy Shield does not provide a suitable level of data protection either
The CH-US Privacy Shield between Switzerland and the USA corresponds to the EU-US Privacy Shield as a data protection agreement. After this was then declared invalid by the ECJ on 16 July 2020, the Swiss Federal Data Protection and Information Commissioner (FDPIC) re-evaluated the appropriateness of data protection in the USA again within the framework of the annual evaluation of the CH-US Privacy Shield.[1] According to the evaluation of the FDPIC as well, the USA is not believed to provide sufficient data protection since individuals from Switzerland do not enjoy any rights which would be comparable to data protection as defined in Swiss law in the USA. Among other things, there was said to be a lack of enforceable legal rights for data subjects in the event data is accessed by US authorities. The lack of transparency was also criticised. [2]
The FDPIC does not have the relevant jurisdiction, meaning that the effectiveness of the CH-US Privacy Shield remains dependent on future case law from the Swiss courts. However, the USA has now been recorded by the FDPIC on its list of states with insufficient protection. An addition can now be found there too with the comment on the CH-US Privacy Shield, which refers again to the lack of data protection level. What does this assessment mean now for Swiss companies? They should carry out checks in each individual case and documented risk assessments particularly carefully before transmitting any personal data to the USA.
[1]www.corderycompliance.com/swiss-privacy-shield-collapses/
