Despite the long-awaited final approval of the Trans-Atlantic Data Privacy Framework, some businesses are treading carefully before signing up. This new agreement between the U.S. and the EU, which took three years to negotiate, allows companies to store data about Europeans on U.S. soil, potentially simplifying how they handle personal data. However, some corporate privacy officers have expressed concerns about potential court challenges and the extra work required to meet the framework’s requirements.
The previous data agreement, Privacy Shield, was deemed illegal by the EU’s top court in 2020 due to potential privacy risks for Europeans. Since then, companies have been using lengthy legal contracts to transfer data to the U.S. Now, with the new framework, there’s a possibility of more regulatory scrutiny and extra work for privacy teams. However, only around half of the companies that used Privacy Shield have signed up to the new framework so far.
The new deal requires companies to adhere to principles such as protecting personal data from unauthorized access and sharing data with third parties only with individual consent. However, some companies have found alternatives during the absence of Privacy Shield that they might not be ready to abandon. Some European companies switched from American to European technology providers; this move could be difficult to undo.
Even though some companies are waiting to see how things play out before making a decision, others seem more open to the new framework. For instance, Real Chemistry, a healthcare marketing company based in San Francisco, favors the new framework over bespoke contracts which take a long time to negotiate. The challenge now is finding a balance between adopting the new framework and handling additional contracts required by business partners.