EN

Swiss-US Data Privacy Framework enters into force

/in , /by

Following the failed Safe Harbor Agreement (2015, Schrems I ruling) and the Privacy Shield (2020, Schrems II ruling), the EU officially brought a new data protection agreement with the US into force on 10 July 2023 with the Privacy Shield 2.0 and subsequently intensified negotiations between Switzerland and the US on a similar framework.

With the Federal Council’s decision on 14 August 2024 to recognise the USA as a country with adequate data protection, the long-awaited ‘Swiss-US Data Privacy Framework’ will officially enter into force on 15 September 2024 with a corresponding amendment to the Data Protection Ordinance.

According to data protection activist Max Schrems, the Trans-Atlantic Data Privacy Framework is largely a copy of the Privacy Shield. The European Commission’s third attempt to reach a stable agreement on data transfer between the EU and the USA has already been referred back to the European Court of Justice (ECJ). Contrary to the European Commission’s claims, there is little change to US law: the fundamental problem of FISA 702 has not been addressed by the US, meaning that only US persons still have constitutional rights and cannot be monitored without cause.

The European Court of Justice could then even suspend the new agreement during the proceedings. In terms of legal certainty and the rule of law, we will then get an answer as to whether the small improvements made by the Commission were sufficient or not. In the last 23 years, all agreements between the EU and the US have been declared retroactively invalid – now we are simply adding two more years of legal uncertainty.’

In this respect, it remains exciting to see whether the agreement will be overturned again and whether Switzerland will return to the decision and traditionally follow the EU’s decision with a delay.

The situation regarding data traffic with the USA therefore remains uncertain.

Google Analytics – can I still use it?

/in , /by

The use of Google Analytics for the evaluation of access and user behaviour on websites continues to enjoy great popularity. But what about data protection? Can I continue to use this analysis tool without any problems?

The answer is: No!

After the ruling of the European Court of Justice in July 2020 on the invalidity of the Privacy Shield, the data protection association European Centre for Digital Rights (noyb), founded by Max Schrems, filed more than 100 complaints. The first decisions already made it clear that the use of Google Analytics in the EU is illegal.
Subsequently, the data protection authorities of Austria, France, the Netherlands and Sweden found the use of Google Analytics on websites to be unlawful against the provisions of the GDPR on third country transfers.similar decisions by the other authorities are expected to follow.

The authority sees above all a violation of the general principles of data transfer according to Art. 44 DSGVO, since Google’s analytics programme transfers personal user information to the parent company in the USA.
For a data protection-compliant use of Google Analytics, I have to take various measures and make adjustments:

  • First, you must conclude a data processing contract with Google Inc.
  • Adjust the Google Analytics code so that IP addresses are only collected anonymously.
  • The privacy policy must be adapted: How Google Analytics affects data protection must be clearly explained.
  • Include an opt-out, with which the users of your site can object to the data collection by Google Inc.

We will be happy to support you with this implementation.

The use of personal data in test and development systems is not permitted.

/in , /by

Quite pragmatically, software developments in companies are often tested with a copy from the productive system.
However, this violates the Data Protection Act and the use of data for testing purposes is not permitted.

By using synthesized or anonymized data in conjunction with comprehensive technical and organizational measures, the DSG requirements can be implemented.
However, these protective measures often do not exist in test systems.

What data is used for testing in your company?

Reconcile data protection and systematic testing.

Revision of the Data Protection Ordinance: Federal Council opens consultation procedure

/in /by

In the 2020 autumn session, parliament passed the new Data Protection Act (DPA). In order for this to enter into force, the corresponding implementing provisions in the Ordinance to the Federal Act on Data Protection (FADP) must be adapted. At its meeting on 23 June 2021, the Federal Council opened the consultation process. This will last until 14 October 2021.
Source: Federal press release

Proceedings opened against the operator of the platform for a digital vaccination register

/in , /by
Read more

Three Years of the EU Data Protection Regulation: “As an entrepreneur, it feels like you always have one foot in prison”.

/in , /by

NZZ, 25 May 2021 The EU law has an indirect impact on Switzerland because it applies to all companies that sell products and services to the EU. The EU has given data protection authorities a powerful tool of enforcement – in particular the possibility of fines, and at a level that hurts even the big […]

Read more

The end of the framework agreement with the EU: What does this mean for data protection?

/in , /by

Switzerland has revised its new data protection law and brought it into line with the European data protection law (EU-DSGVO). The EU would now have to recognise the level of data protection here as equivalent, which is actually already overdue.

After the Federal Council broke off negotiations for a new framework agreement with the EU last Wednesday, the question now arises as to the impact on Swiss data protection. Swiss companies now fear that the EU will refuse recognition. This could, on the one hand, prohibit the processing of customer-related data from the EU and, on the other hand, impose new hurdles.

Link to: Kontaktieren Sie uns
Do you have any questions? Just send us an email!

data-protectors.ch

c/o FACT Schweiz AG | Förrlibuckstrasse 30 | CH-8005 Zurich
Phone: +41 44 22 90 00 | Email: office@fact.ch
MwSt.-Nr: 578810 | HRG CHE-110.188.704

A Member of Software AG

Impressum | Privacy Policy | Legal notice | Disclaimer

© 2024 data-protectors