A Swiss federal commissioner announced Tuesday that a U.S.-Swiss program aimed to protect personal information exchanged between the two countries doesn’t go far enough, and has downgraded the United States to rank it as a country deemed to have inadequate data protection.
Federal Data Protection and Information Commissioner Adrian Lobsiger, in a new policy paper, recommends that Swiss companies or government should disclose personal data to the U.S. only if safeguards are put in place to protect people from prying U.S. authorities.
Lobsiger’s paper follows a regular review of the three-year-old U.S.-Swiss program known as Privacy Shield, and his recommendations follow similar concerns expressed by EU authorities about an alleged lack of privacy protections in the United States. Switzerland is not an EU member, but often mirrors or lines up with the positions of the 27-member bloc that all but surrounds the wealthy Alpine country.
In July, the EU’s top court ruled that the bloc’s own Privacy Shield program with the U.S. was invalid because the American government can snoop on people’s data. The ruling complicated business decisions for some 5,000 companies including tech giants and financial firms. The EU court ruling followed a case brought by Austrian activist Max Schrems, who complained about the handling of his Facebook data.
In his paper, Lobsiger determined the United States should be categorized as providing “inadequate” data protection, a downgrade from its earlier classification of the U.S. as “adequate in certain conditions.” The U.S. is now placed alongside countries like Russia, China, Cuba, Japan and most African and Latin American states. Most European countries are deemed to have adequate protections.
The recommendations do not have the force of law, but could factor into decisions by corporate chiefs or government officials about whether to share private information about Swiss residents and citizens. Only a court would have final say.
Lobsiger said Swiss residents and citizens “do not have sufficient enforceable legal rights in the U.S.” and pointed to a lack of transparency in the U.S. ombudsman system – raising questions about the ombudsman’s power and independence. He said safeguards were “lacking” in the United States, and said hoped-for improvements in the U.S. didn’t come about.
The “Privacy Shield” program focuses on data exchange between businesses and guarantees provided by U.S. authorities on protecting personal data transferred between the countries, notably involving “the mass collection of non-US citizens’ data for the purposes of anti-terrorism measures and national security,” the paper said.