Switzerland: Adopted guide on data transfers to foreign countries

The Federal Data Protection and Information Commissioner issues a guidance on data transfers to foreign countries. It is intended to improve the assessment of the permissibility of transfers of personal data abroad and includes a flow chart on the circumstances in which a transfer to foreign countries is allowed and a list of third countries which ensure adequate level of data protection. If a country is not on this list, data exporters must carry out their own legal clarifications. If the level of data protection in a foreign country is not adequate, sufficient safeguards must be provided to ensure adequate protection abroad in accordance with Swiss data protection law. These safeguards include a clear legal basis, necessity and proportionality with regard to the objectives pursued, effective legal remedies, as well as access to an independent and impartial court. Depending on whether these guarantees are given or not, the FDPIC describes the further process of what additional measures have to be taken in order to allow the transfer of data and in which case a suspension or termination of the data transfer has to be considered.