Sign in Subscribe

Google implements new frameworks for transatlantic data transfers

Google adopts Swiss-U.S. and UK Extension to EU-U.S. Data Privacy Frameworks for certain data transfers.

Google implements new frameworks for transatlantic data transfers
Transatlantic Data Transfers

Subscribe the Newsletter

Google this week announced significant changes to its approach for transferring personal data across the Atlantic. This update, occurring two days after the current date, on September 16, 2024, extends Google's use of data privacy frameworks to include Switzerland and the United Kingdom, building upon its previous implementation for European Union data transfers.

Google initially adopted the EU-U.S. Data Privacy Framework on September 1, 2023, for certain transfers of personal information from the European Union to the United States. Now, approximately one year later, the tech giant is expanding this approach to encompass data flows from Switzerland and the UK.

According to Google's official announcement, the company will rely on the Swiss-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework for transferring personal information from these respective countries to the United States. This change specifically applies to Google's Ads Services, which include popular platforms such as Google AdSense.

The implementation of these new frameworks comes in response to evolving international data protection regulations and the need for companies to ensure compliance with cross-border data transfer requirements. These frameworks are designed to provide a mechanism for companies to transfer personal data in a manner that adheres to the data protection standards of the originating countries.

For users and clients of Google's Ads Services, including AdSense publishers, this update does not require any immediate action. Google has stated that the transition to these new frameworks will be seamless for its partners and clients.

To understand the significance of this update, it's important to examine the context of international data transfers. In recent years, there has been increased scrutiny on how personal data is transferred between countries, particularly from Europe to the United States. This scrutiny led to the invalidation of previous data transfer mechanisms, such as the EU-U.S. Privacy Shield, by the Court of Justice of the European Union in July 2020.

The new Data Privacy Frameworks aim to address the concerns raised by European data protection authorities and provide a more robust legal basis for transatlantic data flows. These frameworks include enhanced privacy protections and oversight mechanisms to ensure that data transferred to the U.S. is afforded a level of protection essentially equivalent to that guaranteed within the EU, Switzerland, and the UK.

Google's adoption of these frameworks demonstrates its commitment to complying with international data protection standards. It also reflects the company's efforts to maintain the trust of its users and partners in handling personal information.

The Swiss-U.S. Data Privacy Framework, specifically, is designed to enable Swiss organizations to comply with Swiss requirements when transferring personal data to participating U.S. organizations. Similarly, the UK Extension to the EU-U.S. Data Privacy Framework allows for the continuation of data flows between the UK and the U.S. following the UK's exit from the European Union.

These frameworks require participating U.S. companies to adhere to a set of privacy principles, including:

  1. Notice: Informing individuals about data collection and use practices.
  2. Choice: Offering individuals the ability to opt-out of certain data uses.
  3. Accountability for Onward Transfer: Ensuring that third parties receiving personal data provide the same level of protection.
  4. Security: Implementing reasonable measures to protect personal information.
  5. Data Integrity and Purpose Limitation: Ensuring data is reliable and used only for the purposes for which it was collected.
  6. Access: Allowing individuals to access their personal information.
  7. Recourse, Enforcement, and Liability: Providing mechanisms for addressing complaints and ensuring compliance.

For Google AdSense publishers and other users of Google's Ads Services, this update underscores the importance of staying informed about data protection practices. While no direct action is required from users, understanding these changes can help publishers make informed decisions about their data practices and reassure their own users about the protection of personal information.

It's worth noting that data protection regulations continue to evolve globally. The adoption of these frameworks by Google represents just one step in an ongoing process of adapting to changing international standards for data protection and privacy.

Key facts about Google's update to transatlantic data flows

  • Announcement date: September 16, 2024
  • Implementation of EU-U.S. Data Privacy Framework: September 1, 2023
  • New frameworks adopted: Swiss-U.S. Data Privacy Framework and UK Extension to the EU-U.S. Data Privacy Framework
  • Affected services: Google's Ads Services, including AdSense
  • Action required from users: None
  • Purpose: Compliance with international data protection standards
  • Previous framework invalidated: EU-U.S. Privacy Shield (July 2020)

Subscribe the Newsletter