As I mentioned about the problem with Google Analytics by the Italian Privacy Guarantor and other European countries, the transfer of data to the U.S. was a non-compliance with the GDPR. As I hoped there is finally an agreement between the U.S. and the EU and, perhaps, an end to this regulatory trade war that does no one any good.
The European Commission has approved the EU-US Data Privacy Framework
The European Commission has approved the EU-US Data Privacy Framework, which states that the United States will ensure an adequate level of protection, comparable to that of the European Union for personal data transferred from the EU to U.S. companies. This agreement allows personal data of European citizens, to "flow safely" to U.S. companies, without the need for additional data protection safeguards.
Brussels has obtained the limitation of access to its citizens' data by U.S. intelligence services to what is "necessary and proportionate," and among the key points of the new agreement is the establishment of an"independent and impartial" data protection review tribunal to which EU citizens will have access.
The GDPR provides that the European Commission can decide that a third country, in this case the United States, guarantees an adequate level of protection for personal data, comparable to that offered by the European Union. As I have repeatedly argued this was just a regulatory trade war; there was no real reason why data on a European server was safer than data on a server located in the U.S. or Canada.
This agreement represents the third attempt to establish a secure system of information exchange. Safe Harbour, a program criticized by the EU Court of Justice in 2015, came into effect in 2000. The European Union and the United States sought a solution through the Privacy Shield, a new agreement on the subject in 2016 but also rejected by the EU High Court.
What changes for online merchants?
For us IT companies operating in the industry, but also for online merchants, this agreement solves many issues and allows us to operate with greater peace of mind. Unthinkable to give up Google Analitycs, for example for our ecommerce or corporate sites, given the level of integration with many tools and online services that alternative solutions such as Matomo (despite more than 7 years of data transfer ban in the US) unfortunately lack. In fact, the biggest problem is that no European solution during this long period of "illegality" has increased its number of users and features by making itself a true alternative to U.S.-made services. As customs duties, lack of competitiveness and too much bureaucracy have already proven in the past, they are sworn enemies of development, sooner or later European parliamentarians and our government will have to understand this as well.
However, privacy activist Max Schrems, who had canceled the two previous EU-US data transfer agreements, has already announced that he will challenge the decision. Unfortunately, we are victims of ourselves and an illusion since we live in a globalized world and these rules do not apply outside the borders of the European community. I often hear users even on TikTok (Chinese stuff) out of antipathy to the US and Mark Zuckerberg claiming that European privacy protection is superior to the US therefore even to theUS Data Privacy Laws (CCPA, CPRA, CDPA ...), but without saying where it would be and what would be the greater protections, accomplice the huge Italian and European digital divide that does not allow us to have the appropriate expertise to understand such complex issues.
I consider the current GDPR in many points unrealistic on a technical level and an obstacle especially for micro-businesses, causing above all uncertainty: no one today can know if he/she is really in compliance with the same.
This agreement is a first small step to greater serenity for those who operate online.
Author: Loris Modena