EU confirms adequate level of data protection in Switzerland
On 15 January 2024, the European Commission issued its report on the sufficiency of data protection measures in certain third countries. It acknowledges that inter alia Switzerland continues to provide an adequate level of personal data protection. Henceforth, personal information originating from a European Union (EU) or European Economic Area (EEA) Member State may be transferred to Switzerland without requiring supplementary assurances to ensure a sufficient standard of data protection.
Since 2000, the EU has deemed Switzerland’s data protection to be satisfactory. In spring 2019, subsequent to the implementation of the EU General Data Protection Regulation (GDPR) in 2018, the European Commission commenced a reevaluation of the sufficiency of data protection in a number of third countries, including Switzerland.
In recent years, Switzerland, similar to the EU, has witnessed the advancement of its data protection legislation, according to the Federal Council’s media release. This is to ensure its alignment with evolving technological circumstances and to accommodate EU and international reforms concerning data protection. The newly implemented provisions of the Swiss Federal Data Protection Act (DPA) became effective on 1 September 2023, and serve as a requirement for the EU to acknowledge adequacy.
Switzerland also determines which nations provide sufficient data protection from its standpoint. The annex to the Swiss Federal Data Protection Ordinance (DPO) contains the corresponding list of countries, which is published by the Federal Council. This information is legally binding and accessible to the public for data controllers. Switzerland has deemed the data protection standards in the EU and EEA member states to be satisfactory.