The recent Schrems II judgement has prompted the Swiss data protection authority to invalidate the Privacy Shield mechanism for transferring personal data to the United States. Although Switzerland is not part of the EEA, it has adopted data protection legislation largely reflecting the EEA’s General Data Protection Regulation (GDPR). The Schrems II case highlighted two main issues with US privacy laws: 1. The European court found the foreign intelligence law that allows the US government to access foreign data in bulk to be overbroad and unjustified and 2. There isn’t a sufficient individual remedy for US government outreach.
