articles
Ready for the new Swiss Data Protection Law? Implications for organizations outside Switzerland
The revised Swiss Federal Act on Data Protection (RevFADP), which takes effect from September 1, 2023, brings Switzerland’s data protection regime in line with the GDPR and has significant implications for organizations outside Switzerland. The territorial scope of the RevFADP is broader than the GDPR, applying to activities with an impact in Switzerland even if initiated from abroad. Non-Swiss companies targeting goods or services to Swiss individuals or storing data on Swiss servers must comply. Additionally, organizations caught by the RevFADP’s scope must appoint a representative in Switzerland to serve as their local point of contact for Swiss data subjects and the Swiss supervisory authority (FDPIC). Senior managers and those responsible for an organization’s data protection tasks should take note of the new criminal sanctions of fines up to CHF 250,000 for individuals that have wilfully breached the RevFADP.
Charlotte Mason, Andreas Maetzler
EU Commission adopts its adequacy decision for the EU-U.S. Data Privacy Framework
The European Commission’s recent adoption of the EU-U.S. Data Privacy Framework (EU-U.S. DPF) is a turning point in transatlantic data transfers. Effective 10 July 2023, this framework replaces the invalidated Privacy Shield Framework, once again allowing transfers from the EU to certified U.S. organisations without the need for additional transfer tools. However, with its complex backstory and potential for future challenges, the EU-U.S. DPF promises a fascinating journey ahead in the realm of data privacy. This blog post provides a concise yet comprehensive overview of the DPF and its practical implications.
Charlotte Mason
Private or public, does it matter?
Data protection is becoming increasingly complex in the education sector. New laws entering into force and additional guidelines make it difficult to keep up with the constant changes. An additional layer of complexity comes with the range of organisations funded in differing ways, from private companies to charitable organisations and publicly funded institutions. Learn more about the extraterritorial scope of privacy laws and the need for education providers to appoint a representative.
Andreas Maetzler, Charlotte Mason
From CCPA to CPRA:
New Year, new consumers’ rights for Californian residents. With 1 January, 2023, the CPRA, sometimes also referred to as CCPA 2.0, entered into force. Main changes are related to privacy rights of Californian residents with the CPRA introducing new rights as well as amending rights already granted under CCPA.
Andreas Maetzler, Charlotte Mason
Series on Implementing PIPL: (1) Cross-Border Data Transfers and Draft Standard Contract
Analysis of the recent guidance from the Cyberspace Administration of China (“CAC”) regarding cross-border transfers in particular China’s version of the Standard Contractual Clauses.
Michael Schweiger, Charlotte Mason