Master evolving third-party data. Our guide with Datonics debunks misconceptions, offers insights for data selection and respects privacy. Download now.
Business organizations, and particularly marketers, on both sides of the Atlantic, can breathe a sigh of relief as the European Union restored a decision that allows for lucrative transatlantic data exchanges between the U.S. and the EU this week.
If that sounds a little dense, here’s what you need to know.
The new decision ends the three-year stalemate that found tech giants such as Google and Meta, as well as smaller and mid-sized companies in legal limbo and cut off U.S. companies trying to target EU audiences, missing out on reaching millions of consumers and leading to revenue loss. In one such case, roughly 10% of Meta’s ad revenue came from ads delivered to Facebook users in EU countries, the company said in its Q1 earnings this year.
Now, the free data flow between the regions is allowing a $7.1 trillion U.S.-EU economic relationship, according to the White House.
“This is positive news for businesses in U.S. and EU who need the data transfer for their business models,” said Joe Jones, research and insights director at IAPP.
So, what’s new this time?
In its third iteration, the EU’s new framework, known as the adequacy decision, recognized the law reforms in the U.S. that now, due to significant surveillance upgrades, offer sufficient guardrails for Europeans’ data.
“Following the agreement in principle I reached with President Biden last year, the U.S. has implemented unprecedented commitments to establish the new framework,” said Ursula Von Der Leyen, president of the European Commission, in a statement.
The framework also gives EU residents several rights, including the ability to access their data and request correction or deletion of inaccurate or unlawfully handled data by U.S. companies.
The new framework also limits U.S. authorities from accessing EU individuals’ data and will be allowed to do so only when deemed necessary, such as for investigating a serious crime, according to Jones.
Meanwhile, EU residents can take their complaints to a U.S.-based Data Protection Review Court (DPRC), which will be composed of former U.S. judges and senior lawyers. The court will be tasked with reviewing complaints and assessing if the data collected violated the new guardrails, and if so, will be able to order the deletion of the data.