The US and the European Union have taken a further step in data privacy policy. And they have done so by signing a new regulatory framework with a fundamental objective: to offer peace of mind for US companies handling personal data from the European Union. In addition, this also extends to the use of the data on the different social media platforms.
It is a national framework that grants legal certainty, an old claim by both parties but especially by companies located in the old continent. Now, there will be more regulation on the transfer of personal data between data centers on one side of the ocean and the other.
The EU was restless. For years, companies and citizens of the Union have had the GDPR, which protects them in terms of data privacy. But not the United States, so it was essential that the North American country offer such confidence to the European institutions. Finally, Joe Biden has ended up signing an executive order for the implementation of this new data privacy framework.
Nor has it been an easy road for the US, which has spent up to two years developing such a plan after the EU Court of Justice annulled the previous data exchange framework, known as the EU-US privacy shield enacted in 2016. This was invalidated following the Schrems II court ruling, which found serious flaws in the way the US government accessed and used EU personal data.
Without the recent national data privacy framework, companies were in limbo, at risk of breaching the EU GDPR. Now the question is, how will they apply this framework? Today, the vast majority of US companies rely on multiple data transfer mechanisms, most notably recurring standard contractual clauses between companies to comply with GDPR requirements.
However, these do not cover all data transfers covered by the GDPR, such as the direct collection of data from data subjects in the EU and the transfer of that data to the US. Situation that pushed many organizations to reduce the type of data transfers and the amount of data taken from the EU. Others separated the commercial operations of the EU and the United States by creation of local data centers in the EU, which in turn created data silos.
Greater legal certainty for companies
For some weeks now, American companies have already had the guarantees offered by the data privacy framework. In fact, the US government believes that the adaptation of these to the new framework will be carried out without problems. Being able to move from the previous privacy shield to the new regulated data exchange practices, as well as obtaining the necessary certification to carry it out.
The US Department of Commerce has indicated that there will be adjustments to the trade data exchange requirements in the new framework and that they will be announced in the coming months.
In the two years since the privacy shield was invalidated, giants like Meta and Google have faced multiple lawsuits over the transfer of data between the US and the EU. The new data privacy framework will bring companies like these more security and also Fewer options to suffer millionaire sanctions from Europe if they carry out a good praxis. And fully complying with the new regulatory framework on data privacy
