Privacy Shield: We’ve Lost the EU but We’ve Still Got Switzerland!

In the wake of the Schrems II decision invalidating the the EU-US Privacy Shield, the US Department of Commerce has decided it should make lemonade out of the Schrems lemons.  The Department recently issued a set of FAQs, which go on at length about how the Swiss-US Privacy Shield is still in place and the steps that businesses can take to participate:

The Swiss-U.S. Privacy Shield Framework remains a valid mechanism to comply with Swiss data protection requirements when transferring personal data from Switzerland to the United States. On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring as “invalid” the European Commission’s Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield. On that same day the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland issued a statement noting, among other things, that the “FDPIC has taken note of the CJEU ruling. This ruling is not directly applicable to Switzerland. The FDPIC will examine the judgement in detail and comment on it in due course.”

Or, as the immortal Carl Spackler once said in a slightly different context, “So I got that goin’ for me, which is nice.”

Leave a Reply

Your email address will not be published. Required fields are marked *