In October 2015, the European Court of Justice (EuGH) ruled that the previously valid agreement for data exchange with the USA was no longer valid. This far-reaching decision was based on the realization that the USA cannot offer sufficient data protection and that the data is not protected from government access. The Safe Harbor agreement is to be replaced by a newly negotiated agreement called the Privacy Shield. Since this new agreement offers only a few improvements related to protecting personal data, data protection commissioners have threatened to prosecute ever since the details have been made known.
Fines for three companies
After the expiration of the grace period, EU-based companies should have responded and adapted their legal basis for exchanging data with the USA. According to Spiegel Online reports, the three companies Adobe, Punica, and Unilever did not do so even though they had been informed. Hamburg’s data protection commissioner, Johannes Caspar, has now taken the non-complying companies to court. Instead of the maximum possible fine of EUR 300,000, the Hamburg court only fined the companies between EUR 8,000 and EUR 11,000. The fines were reduced because each company eventually implemented a legally valid cross-border data transfer mechanism. Other processes are pending.
Impact on Switzerland
In Switzerland, data transfer with the USA takes place via a similar agreement called the U.S.-Swiss Safe Harbor Framework. Even Switzerland’s Federal Data Protection and Information Commissioner does not want to continue with this agreement based on the latest findings. The Federal Council has already entrusted the Swiss State Secretariat for Economic Affairs (SECO) with managing ongoing work related to the conclusion of a new agreement that better protects personal rights. This work is currently being coordinated with EU endeavors. In Switzerland, private individuals can also prosecute possible infringements of their rights in the civil courts.
Stored in Switzerland
Switzerland, with its many secure data centers and solid data protection remains an excellent choice for storing personal data. The Federal Data Protection and Information Commissioner (FDPIC) recommends more transparency for companies that want to share data with partners in the USA.
Read more details about the ruling in Hamburg here..
Read the Recommendations of the Federal Data Protection and Information Commissioner (FDPIC).