The process of transferring data from the EU (European Union) to the United States has traditionally required lots of exhausting legal assessments and contracts. But soon all this could change…
Today, let’s discuss what the new EU & US data privacy framework could mean for your business!
This month, United States President Joe Biden signed an executive order to implement the EU and US data privacy framework—Privacy Shield 2.0.
Privacy Shield 2.0 is a new LEGAL way for data to flow from the USA to Europe. The new transatlantic data privacy framework agreement is designed to ensure that US intelligence activities are “necessary and proportionate in the pursuit of national security defiant objectives.”
Biden hopes this change will help level out some of the previous difficulties associated with data transfer. Everyone (hopefully) wins with this new law, as this framework lets EU citizens take action if they believe US intelligence activities are illegally targeting them. For example, EU citizens can bring their privacy complaints to a data protection review court made up of individuals outside the US government. The review court will then get the final decision regarding legal use of data.
Now you’re probably still wondering, how does all this help my business?!
The answer is simple: data is the lifeblood of any successful marketing and advertising campaign. The framework will help all US-based companies that do business overseas, since these US businesses now have a legal way to collect more data from their European audience.
What’s Next?
The European Commission is issuing what’s called an “adequacy decision” next. Countries like Japan, Israel, & the UK already have an adequacy decision, which allows them to transfer data to and from the EU freely.
Free data flow has been limited for the US after the European Court of Justice argued that the case of Edward Snowden (an American computer intelligence consultant who leaked highly classified information) confirmed that US intelligence is able to collect data of EU citizens illegally—even if the data is stored on Europe servers. Thus, a series of complicated steps is needed to ensure people’s information stays protected.
The adoption procedure steps for an adequacy decision include:
- Obtaining an opinion from the European Data Protection board
- Getting the green light from a committee composed of EU member state reps
- Giving the European parliament a right of scrutiny over the adequacy decisions
As you can see, the process could take a while. It’s only after ALL these crucial steps that the European Commission can adopt the final adequacy decision in the US. Our bet is that we will see some more progress in Q1 2023.
From that point on, data will be able to flow freely and safely between the EU and US companies certified by the Department of Commerce under the new framework. US companies will be able to join the framework by promising to comply with a detailed set of privacy obligations.
In the meantime, we believe that Ubiscore could be a great option to help people and businesses feel more comfortable about large international data transfers.
The Ubiscore platform detects:
- Where a company’s vendors send data to
- What security measures they have in place
- If they provide the necessary data protection contracts
Though the updated US law is exciting and will help keep families, businesses, and communities connected wherever they are in the world, we still believe privacy should always be one of the top priorities.
You might think this sounds obvious, but loss of privacy can have devastating consequences on your business, including potential misuse of information, loss of identity, damaged reputation, loss of trust, loss of revenue, and/or increased costs due to fines.
If you’re curious about how your organization stacks up against industry benchmarks for privacy, test your company’s privacy practices, CLICK HERE to receive your instant privacy score now!