European companies and marketing managers can breathe a sigh of relief: on July 10, 2023, the EU-US Data Privacy Framework came into effect, the long-awaited agreement regulating data transfer between Europe and the United States. Among those who signed it, we also find Google and Meta. The question, "Can we now use Google Analytics 4?" finally has an answer.
Previously...
In July 2020, the Data Shield was revoked, marking a turning point for all companies working with American services such as Google and Meta. The CJEU (Court of Justice of the European Union) had ruled that the regulations on the protection and use of personal data sent to the USA were not in line with European standards.
Everyone takes meauseres when "Data Shields" was revoked. The transition to Google Analytics 4 appears a necessary solution, especially since the Italian Data Protection Authority hasn't yet expressed its opinion on the matter. However, many have opts for GDPR compliant alternatives, such as Matomo. If you missed it, read our article about GA4.
Now, is the problem solved?
The EU-US Data Privacy Framework comes into effect on July 10th. It is an agreement between the USA and the EU that sets the level of protection to be respected in the processing of personal data transferred from the EU to US companies,
The agreement provides a list of the involved American companies, including Google and Meta, and introduces restrictive privacy rules, such as the obligation to delete information when it is no longer necessary for the purposes for which it was collected. Another important rule is that American intelligence agencies have to adhere to stricter rules, in fact they can access to data only in cases of national security breaches.
A new body is elected, that is Data Protection Review Court (DPRC) and its aim is to protect EU citizens. If information has collected in violation of laws and regulations, this court can order American companies to delete it. The Court handles appeals on behalf of citizens who can also be awarded compensation.
The agreement between the parties will be periodically reviewed by the European Commission and the competent US and European authorities. Within a year, there will be the first review to determine if the US legal system has fulfilled the expected obligations.
The EU-US Data Privacy Framework is asubstantial step forward that allows companies to be GDPR compliant using valuable services from across the ocean.