Key Benefits:
(Status on 16 February 2009)
Translation 1
| Federal Data Protection and Transparency Prelay PFPDT The Preposed |
Bern, 9 December 2008 |
| Madame |
|
| Michelle O ' Neill |
|
| Deputy Under Secretary for International Trade |
|
| United States Department of Commerce |
|
| Washington, D.C. 20230 |
Madame,
We acknowledge receipt of your letter from 1 Er December 2008 with the following content:
"I have the honour to convey to you the principles of the" safe harbour " for the protection of personal data between the United States and Switzerland and the frequently asked questions (FAQ) concerning their implementation, as well as the study On the implementation of the principles of the "Safe Harbour" and a memorandum on confidentiality and damages, legal authorizations and mergers and acquisitions under United States law. All these documents were issued by the United States Department of Commerce 1 Er December 2008 2 I also send you letters from the relevant government bodies in the United States dealing with complaints related to breaches in the application of the "Safe Harbour" principles.
The principles of the "safe area" for the protection of personal data between the United States and Switzerland reflect our common goal of increasing the protection of privacy for our citizens and enhancing legal certainty for our citizens. Companies in both countries. They take account of the fact that the transfer of personal data from Switzerland to a third country can only be carried out if the third country in question provides an adequate level of protection.
The Department issues the attached documents in cooperation with Switzerland under its authority in order to promote and develop international trade. On the basis of this letter and these documents, Switzerland intends to recognise the adequacy of the protection afforded by the principles of the "safe harbour" for the protection of personal data between the United States and Switzerland. In accordance with the FAQs and meet the requirements of s. 6 of the Federal Data Protection Act. Other provisions of this law concerning the processing of data in Switzerland will not be affected.
The principles of the "Safe Harbour" for the protection of private data between the United States and Switzerland and the FAQ ("the Principles") must serve as a rigorous guide to American companies and other American organizations receiving Personal information from Switzerland and wishing to establish a predictable basis for the continuation of such transfers. The study on the implementation of the principles and other supporting documents is intended to explain how the US implementation mechanisms, based either on the law and the regulation, or on individual regulation, Meet the requirements of the principle of implementation and ensure that the commitment of an organization to adhere to the principles will be effectively implemented. The "Safe Harbour" documents must be read in the context of the American legal system and its well-known features, such as general legal actions and fees on a random basis.
American companies and other American organizations can be assured of the benefits of the "Safe Harbour" by certifying their adherence to the Principles themselves. The Department of Commerce intends to draw up a list of all the organizations that certify their adherence to the Principles. The list and notifications submitted by organisations containing information on the implementation of the principles shall be made public, together with any final determination made by an American implementing body and Notified to the Department of Commerce (or a designated body) that an organization of the "Safe Harbour" has failed to comply with the principles. Where, in complying with the requirements of the principles, an organisation is based wholly or partly on its own rules, its failure to comply with its own rules must also be able to be addressed under the section 5 of the Federal Trade Commission Act that prohibits deceptive or fraudulent manoeuvres and practices or any other act or regulation prohibiting such acts as included in the principles.
The principles apply only to companies and other organizations within the jurisdiction of the Federal Trade Commission (FTC) or the Department of Transport (DOT) and that act in accordance with the principles implemented According to the FAQ. As a result, the principles do not apply to financial institutions, including banks, savings and loan companies and credit unions; telecommunications companies and public enterprises Inter-Etats; packers and operators of livestock parks; and, also any entity or activity included in the exceptions to the authority of the FTC in respect of unfair or fraudulent manoeuvres and practices that do not Are not subject to the DOT authority (Appendix III).
The framework established by the principles of the "safe harbour" for the protection of personal data between the United States and Switzerland implemented according to the FAQ could be subject to revision on the basis of experience and developments Relevant. The Department of Commerce and the Federal Data Protection and Transparency Officer will consult on any proposed changes to the principles and other documents of the Framework.
The framework established by the principles of the "safe harbour" for the protection of personal data between the United States and Switzerland will become effective following notification of the completion of all internal legislative procedures and Remain in force subject to written notification from Switzerland or the United States to the other party of its intention to denounce the framework. Such notification should be made six months before the scheduled denunciation date.
| Annex I |
Principles of the "safe harbour" for the protection of private data between the United States and Switzerland |
| Annex II |
Frequently Asked Questions |
| Annex III |
Study on the implementation of the "Safe Harbour" principles |
| Annex IV |
Confidentiality and Damages, Legal Authorizations and Mergers and Acquisitions under United States Legislation |
| Annex V |
Bodies of the United States government empowered to investigate complaints." |
We share the contents of your letter and we acknowledge that in the context of its coverage, the framework established by the principles of the "safe sphere" for the protection of private data between the United States and Switzerland provides a framework Which ensures adequate data protection. As a result, American companies certifying their adherence to the principles of the "safe harbour" for the protection of private data between the United States and Switzerland are considered to have an adequate level of protection According to art. 6 (1) of the Federal Data Protection Act 3 .
In addition, we inform you that the Federal Data Protection and Transparency Commissioner may recommend to suspend data flows to a company or other organization that has certified its adherence to the principles set out in Works in accordance with the FAQ (principles) in order to protect individuals with regard to the processing of their personal data when: the competent authority in the United States or an independent recourse mechanism has found that the organisation Violates the principles; or that the principles are likely to be violated; Believe that the application concerned does not take or will not take in due time the necessary measures to settle the case in question; that the continuation of the transfer would give the persons concerned an imminent risk of Suffer serious damage; the competent Swiss authorities have made reasonable efforts, taking into account the circumstances, to warn the organisation and give it the opportunity to respond. The recommendation to suspend shall cease as soon as compliance with the principles implemented in accordance with the FAQ is ensured and the competent Swiss authorities are notified thereof. If the information gathered shows that any body responsible for upholding the principles in the United States does not effectively carry out its mission, the Swiss Government shall inform the Department of Commerce and, if necessary, Proposes a draft of the measures to be taken in order to repeal or suspend the principles or to limit their scope.
We thank you for your cooperation in this matter and ask you to register, Madam, the expression of our distinguished sentiments.
Hans-Peter Thür
1 Translation of original English text.
2 These documents can be obtained in the English language from the Federal Data Protection and Transparency.
3 RS 235.1
