(7) The Swiss Data Protection Act of 19 June 1992 entered into force on 1 July 1993. The implementing rules for certain provisions of the Act concerning, in particular, the right of access of the persons concerned, the notification of processing operations to the independent supervisory authority, and the transfer of data to a foreign country were laid down by order of the Federal Council. The Act applies to the processing of personal data by Federal bodies and by the entire private sector, and to processing operations carried out by cantonal bodies pursuant to Federal law, where such processing is not subject to cantonal provisions on data protection.
(a) a competent Swiss authority has determined that the recipient is in breach of the applicable standards of protection; or
(b) there is a substantial likelihood that the standards of protection are being infringed; there are reasonable grounds for believing that the competent Swiss authority is not taking or will not take adequate and timely steps to settle the case at issue; the continuing transfer would create an imminent risk of grave harm to data subjects and the competent authorities in the Member State have made reasonable efforts in the circumstances to provide the party responsible for processing established in Switzerland with notice and an opportunity to respond.
The suspension shall cease as soon as the standards of protection are assured and the competent authority concerned in the Community is notified thereof.
4. If the information collected under paragraphs 1, 2 and 3 provides evidence that any body responsible for ensuring compliance with the standards of protection in Switzerland is not effectively fulfilling its role, the Commission shall inform the competent Swiss authority and, if necessary, present draft measures in accordance with the procedure under Article 31 of Directive 95/46/EC with a view to repealing or suspending this Decision or limiting its scope.
