The Swiss Federal Act on Data Protection (FADP) went into effect in July 1993, followed by important modifications in January 2008. The FADP would prohibit the transfer of personal data to countries that do not meet Switzerland’s “adequacy” standard for privacy protection. While the United States and Switzerland share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by Switzerland. In order to bridge these differences in approach and provide a streamlined means for U.S. organizations to comply with the FADP, the U.S. Department of Commerce in consultation with the Federal Data Protection and Information Commissioner of Switzerland developed a "safe harbor" framework and this website to provide the information an organization would need to evaluate – and then join – the U.S.-Swiss Safe Harbor program.
Please note that the form used for self-certifying compliance with the U.S.-Swiss Safe Harbor Framework is identical to that used for self-certifying compliance with the U.S.-EU Safe Harbor Framework; nevertheless, an organization is not required to self-certify to one of the Safe Harbor Frameworks in order to self-certify to the other. Organizations should also note that when they select “Switzerland” as a country from which they receive personal data, they are self-certifying compliance with the U.S.-Swiss Safe Harbor Framework. It is critically important that an organization read the U.S.-Swiss Safe Harbor Privacy Principles, 15 FAQs, and enforcement documents before submitting a self-certification form.
If your organization is considering joining:
If your organization decides to join:
Upon receipt of your organization’s self-certification submission and corresponding processing fee, the submission will be reviewed for completeness. If and when the submission is deemed complete, it will be posted to the U.S.-Swiss Safe Harbor List, available on this website.