{"id":254946,"date":"2023-09-14T08:00:03","date_gmt":"2023-09-14T04:00:03","guid":{"rendered":"https:\/\/cs-webdesigns.com\/?p=254946"},"modified":"2024-08-10T11:13:43","modified_gmt":"2024-08-10T07:13:43","slug":"privacy-shield-2-0-new-start-for-transatlantic-data-transfer-between-eu-and-usa","status":"publish","type":"post","link":"https:\/\/cs-webdesigns.com\/en\/webinsights\/tutorials\/dsgvo\/privacy-shield-2-0-neustart-fuer-den-transatlantischen-datentransfer-zwischen-eu-und-usa\/","title":{"rendered":"Privacy Shield 2.0: New start for transatlantic data transfer between the EU and the USA"},"content":{"rendered":"<p>First things first: The EU - US Data Privacy Framework (DPF), which came into force on July 10, 2023, means that the <strong>Data exchange<\/strong> and thus the use of tracking\/analytics and marketing tools from the USA (e.g. Google Analytics, Webflow, YouTube, Cloudflare, etc.)\u00a0<strong>between the EU and the USA is possible again under certain conditions<\/strong>.<\/p>\n<p>You can find out what these are and what you need to look out for as an entrepreneur or website manager below. Before that, let's take a look at what the Privacy Shield actually is and why version 2.0 was necessary.<\/p>\n<h2>The end of Privacy Shield 1.0<\/h2>\n<h3>What was the Privacy Shield 1.0?<\/h3>\n<p>Privacy Shield 1.0 came into force in 2016 and was a <strong>Data protection agreement between the European Union (EU) and the United States (USA)<\/strong>which regulated the international transfer of personal data between the two regions. It was designed to ensure that personal data of EU citizens transferred to the US was adequately protected.<\/p>\n<p>This agreement was declared invalid in 2020 due to concerns about data protection and the US government's access to data and was replaced by Privacy Shield 2.0 in July 2023.<\/p>\n<h3>Why was the Privacy Shield 1.0 repealed?<\/h3>\n<p>In July 2020, the European Court of Justice (ECJ) ruled that the data protection rights of EU citizens were not sufficiently guaranteed, in particular due to the <strong>broad access rights of the US intelligence services<\/strong> on it.<\/p>\n<h3>Impact on companies and data protection officers<\/h3>\n<p>From then on, the use of services, programs and tools that transmit the personal data of EU citizens to servers in the USA when websites are accessed became inadmissible. It could only be used with extensive measures (e.g. only after a detailed explanation in the cookie banner and the consent of the visitor. However, this was never clearly legally secure; there was always a gray area because there was simply no 100% specification and solution.<\/p>\n<h2>Privacy Shield 2.0: The revival<\/h2>\n<h3>What does the Privacy Shield 2.0 entail?<\/h3>\n<p>Privacy Shield 2.0 was developed to protect the <strong>To close gaps in the previous agreement<\/strong> and the <strong>Ensure data protection in international data transfers<\/strong>.<\/p>\n<p>The USA guarantees that the data transferred from the EU to US companies will be processed at the EU's level of protection. However, this only applies to companies that participate in the agreement. To this end, companies must <strong>Self-certification process of the US Department of Commerce<\/strong>. This certification must <strong>every year<\/strong> new.<\/p>\n<h3>Differences between Privacy Shield 1.0 and 2.0<\/h3>\n<p>Privacy Shield 2.0 was developed with the clear aim of creating a <strong>Improved protection of privacy and data security<\/strong> to offer.<\/p>\n<p>Here are some specific differences between Privacy Shield 1.0 and 2.0:<\/p>\n<ul>\n<li><strong>Stricter monitoring and enforcement:<\/strong> Privacy Shield 2.0 introduces more effective monitoring and enforcement of data protection regulations. The US authorities undertake to ensure compliance with stricter rules and regulations.<\/li>\n<li><strong>Clear limitation of access rights:<\/strong> Privacy Shield 2.0 imposes clearer limits on the US government's access to European data. This is intended to better protect the data protection of EU citizens.<\/li>\n<li><strong>Stronger obligations for companies:<\/strong> Companies that wish to use Privacy Shield 2.0 must subject themselves to stronger obligations. For example, they must provide independent dispute resolution mechanisms and conduct annual compliance reviews.<\/li>\n<li><strong>More transparency:<\/strong> Greater focus on transparency. Companies must communicate their data protection practices clearly and comprehensibly and provide information on data processing.<\/li>\n<li><strong>Complaints mechanisms:<\/strong> Privacy Shield 2.0 strengthens the rights of EU citizens to lodge complaints about data protection violations. There are clear procedures for investigating and resolving such complaints.<\/li>\n<li><strong style=\"font-size: 18px;\">Annual reviews:<\/strong><span style=\"font-size: 18px;\"> Unlike the previous Privacy Shield agreement, which was reviewed every four years, Privacy Shield 2.0 is subject to annual reviews to ensure that data protection requirements are continuously met.<\/span><\/li>\n<\/ul>\n<p>These differences make Privacy Shield 2.0 a <strong>more robust framework for international data transfer<\/strong> and should ensure that personal data is adequately protected.<\/p>\n<h2>What to consider now<\/h2>\n<h3>Check DPF certification<\/h3>\n<p>On the website of the <a href=\"https:\/\/www.dataprivacyframework.gov\/s\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Data Privacy Framework Programs<\/a> you can view the companies that have been certified for the Privacy Shield 2.0.<\/p>\n<p>It is also important to check whether the corresponding type of data transmission is covered by the certification.<\/p>\n<h3>Update privacy policy &amp; cookie banner<\/h3>\n<p>The <strong>DPF certification<\/strong> must be obtained from the respective provider <strong>stated in the privacy policy<\/strong> be. The good news is that DPF-certified companies no longer need the long information texts.<\/p>\n<p>For the information in the <strong>The same applies to cookie banners<\/strong>DPF certification must also be specified here. However, the usual long note on the use of US tools can be removed - provided that only DPF-certified tools are used.<\/p>\n<p>A brief digression, as I notice incorrectly configured cookie banners every day: Cookie banners must provide clear information, be user-friendly and work. That means in detail:<\/p>\n<ul>\n<li><strong>Transparency and information: <\/strong>Cookie banners must inform the user about the type of data collected, the purpose of the data processing and the options for exercising rights such as the right to object or withdraw consent.<\/li>\n<li><strong>Ease of use:<\/strong> Cookie banners must be easy to understand and give the user the opportunity to give or withdraw their consent to data processing in a simple and uncomplicated manner.<\/li>\n<li><strong>Technical correctness: <\/strong>Cookie banners must ensure that the user's decision is effective. If the user does not consent, no connection may be established!<\/li>\n<\/ul>\n<p>Back to the topic: What else is there to consider?<\/p>\n<h3>Obtain consent in the cookie banner<\/h3>\n<p>The Data Privacy Framework <strong>superfluous<\/strong> obtaining the consent of visitors <strong>as soon as a non-essential cookie is set.<\/strong><\/p>\n<p>If only one <strong>Data exchange without cookies<\/strong>such as Google Maps, is <strong>Consent no longer necessary<\/strong> - provided that the information in the privacy policy and in the cookie banner is given as just explained.<\/p>\n<h2>Is that it now? Future prospects of the Privacy Shield 2.0<\/h2>\n<p>The introduction of Privacy Shield 2.0 has provoked mixed reactions. Two important aspects were acceptance and criticism.<\/p>\n<h3>Acceptance of Privacy Shield 2.0<\/h3>\n<p><span style=\"font-size: 18px;\">Some companies and data protection experts welcome Privacy Shield 2.0 as a step in the right direction. They see the stricter monitoring and enforcement mechanisms as positive progress that improves data protection. They believe that Privacy Shield 2.0 provides companies with a clear and legal basis for international data transfers, which helps to strengthen trust and data security.<\/span><\/p>\n<p>In addition, some European companies value Privacy Shield 2.0 as a <strong>Necessary instrument<\/strong>to continue <strong>Business with US partners<\/strong> to do business. It is hoped that this agreement will ensure the smooth flow of data between the two continents, which is important for many industries.<\/p>\n<h3>Criticism of Privacy Shield 2.0<\/h3>\n<p><span style=\"font-size: 18px;\">Despite the positive aspects, there are already considerable points of criticism of Privacy Shield 2.0:<\/span><\/p>\n<ol>\n<li><strong>Insufficient protection:<\/strong> Data protection activists and some EU data protection authorities argue that Privacy Shield 2.0 is still not sufficient to protect the data protection rights of EU citizens. They believe that the US government's access to data is still too extensive and the monitoring is not sufficient.<\/li>\n<li><strong>Uncertainties due to legal challenges:<\/strong> Some fear that Privacy Shield 2.0 could again face legal challenges, similar to its predecessor. This could lead to uncertainty for companies that need to transfer data to the USA.<\/li>\n<li><strong>Lack of longevity:<\/strong> Privacy Shield agreements have had a limited lifespan in the past, which leads to uncertainties about the long-term nature of the regulations. This could influence companies' investment decisions.<\/li>\n<\/ol>\n<p>Overall, the acceptance of Privacy Shield 2.0 remains a controversial topic and its effectiveness will only become apparent over time. Companies and data protection experts must closely monitor developments in this area.<\/p>\n<h2>Conclusion<\/h2>\n<p>The Privacy Shield 2.0 is a<strong>\u00a0Important step in the right direction<\/strong>as there is at least clarity for the moment about what website operators need to consider. Nevertheless, it is uncertain whether the current version will be sufficient in the long term.<\/p>\n<p>Important: The agreement does not change the fact that\u00a0<strong>furthermore the consent<\/strong>\u00a0of tools that transfer data to the USA and set non-essential cookies,\u00a0<strong>must be obtained<\/strong>!<\/p>","protected":false},"excerpt":{"rendered":"<p>In this blog post, I provide insights into the Privacy Shield 2.0, which came into force in July 2023, and tell you what has changed and what you need to be aware of.<\/p>","protected":false},"author":1,"featured_media":254960,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_titles_title":"Privacy Shield 2.0: Rechtskonformer Datenaustausch EU-USA","_seopress_titles_desc":"Erfahre, wie das Privacy Shield 2.0 den internationalen Datentransfer zwischen der EU und den USA neu gestaltet und erfahre, was zu beachten ist.","_seopress_robots_index":"","_seopress_robots_follow":"","_seopress_robots_imageindex":"","_seopress_robots_snippet":"","_seopress_robots_primary_cat":"","_seopress_robots_breadcrumbs":"","_seopress_robots_freeze_modified_date":"","_seopress_robots_custom_modified_date":"","_seopress_robots_canonical":"","_seopress_social_fb_title":"","_seopress_social_fb_desc":"","_seopress_social_fb_img":"","_seopress_social_fb_img_attachment_id":0,"_seopress_social_fb_img_width":0,"_seopress_social_fb_img_height":0,"_seopress_social_twitter_title":"","_seopress_social_twitter_desc":"","_seopress_social_twitter_img":"","_seopress_social_twitter_img_attachment_id":0,"_seopress_social_twitter_img_width":0,"_seopress_social_twitter_img_height":0,"_seopress_redirections_value":"","_seopress_redirections_enabled":"","_seopress_redirections_enabled_regex":"","_seopress_redirections_logged_status":"","_seopress_redirections_param":"","_seopress_redirections_type":0,"_seopress_analysis_target_kw":"Privacy Shield, rechtskonformer Datenaustausch, DPF, DPF-Zertifizierung, Cookie Banner, EU USA, Privacy Shield einfach erkl\u00e4rt","_seopress_news_disabled":"","_seopress_video_disabled":"","_seopress_video":[],"_seopress_pro_schemas_manual":[],"_seopress_pro_rich_snippets_disable_all":"","_seopress_pro_rich_snippets_disable":[],"_seopress_pro_schemas":[],"_et_pb_use_builder":"off","_et_pb_old_content":"","_et_gb_content_width":"","iawp_total_views":28,"footnotes":""},"categories":[57],"tags":[379,380,378],"class_list":["post-254946","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dsgvo","tag-datenschutz","tag-datentransfer-eu-usa","tag-privacy-shield"],"_links":{"self":[{"href":"https:\/\/cs-webdesigns.com\/en\/wp-json\/wp\/v2\/posts\/254946","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cs-webdesigns.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cs-webdesigns.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cs-webdesigns.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cs-webdesigns.com\/en\/wp-json\/wp\/v2\/comments?post=254946"}],"version-history":[{"count":0,"href":"https:\/\/cs-webdesigns.com\/en\/wp-json\/wp\/v2\/posts\/254946\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cs-webdesigns.com\/en\/wp-json\/wp\/v2\/media\/254960"}],"wp:attachment":[{"href":"https:\/\/cs-webdesigns.com\/en\/wp-json\/wp\/v2\/media?parent=254946"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cs-webdesigns.com\/en\/wp-json\/wp\/v2\/categories?post=254946"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cs-webdesigns.com\/en\/wp-json\/wp\/v2\/tags?post=254946"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}