Abstract

On January 15, 2024, the EU Commission confirmed that Switzerland continues to provide for an adequate level of data protection. EU data exporters may thus continue to rely on the adequacy of Swiss data protection law to disclose personal data to Switzerland.

On January 15, 2024, the EU Commission published its report on the results of its first review of the adequacy decisions previously taken under the old EU Data Protection Directive. The EU Commission concludes that Switzerland continues to provide an adequate level of protection for personal data transferred from the EU.

According to its report, the EU Commission welcomes the developments in the Swiss legal framework since the adoption of the first adequacy decision in July 2000, including in particular the modernization of the Swiss Data Protection Act (cf. our Bulletin of August 31, 2022). These developments have contributed to an increased level of data protection, in a manner sufficient for the EU Commission to maintain its adequacy decision.

Maintaining the EU adequacy decision was one of the main objectives of the revision of the Swiss Data Protection Act, which entered into force on September 1, 2023: Without the EU’s recognition of the adequacy of Swiss data protection law, the export of personal data from the EU to Switzerland would have become much more burdensome. Today’s confirmation by the EU Commission thus marks the achievement of a key goal in the efforts to modernize Swiss data protection law in a manner consistent with the EU General Data Protection Regulation (GDPR).

The review of adequacy decisions by the EU Commission, which has now been completed, is the first such review since the GDPR came into force in 2018. The GDPR calls for regular reviews, and the EU underlines its intention to further intensify dialogue and cooperation with like-minded international partners on data flows and digital issues in general.

If you have any queries related to this Bulletin, please refer to your contact at Homburger or to: