Adequacy at risk? Switzerland better hurry

Switzerland currently has an adequacy decision with the EU concerning data protection (see link). The EU investigated Switzerland's data protection law and determined that Switzerland's privacy standards were sufficiently similar to Europe’s strict safeguards. Because of this adequacy decision, personal information can be transferred between Switzerland and the EU / EEA without much formality.

However, that adequacy decision from July 26, 2000 was based on a comparison of the old EU Data Protection Directive and the Swiss equivalent the Federal Data Protection Act (FADP). The EU subsequently enacted the General Data Protection Regulation (GDPR) which raised data protection requirements, and Switzerland has been revising its data protection law to bring it in line with the GDPR. It is hoped that Switzerland's revised data protection law (E-FADP) will be passed during the Federal Council's June 2020 sessions.

Switzerland might want to accelerate the passage of E-FADP as the EU is currently reviewing all of its adequacy decisions (see link), and a report is expected in May 2020 (see link). I doubt the EU would find the data protection provisions of the old Swiss data protection law sufficiently similar to the GDPR. But, Switzerland signed the modernized Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108+) (see link), and the GDPR recognizes signing Convention 108 as a factor in granting an adequacy decision (see Recital 105).

#switzerland #GDPR