This week, the European Commission granted data adequacy to the US through the EU-US Data Privacy Framework. As we’ll explain, this decision could have significant implications for the UC and collaboration sector.
What Exactly is the EU-US Data Privacy Framework?
The EU-US Data Privacy Framework produces “binding safeguards” that include the creation of a Data Protection Review Court (DPRC), to which EU citizens have access. For example, the DPRC will require companies to delete personal data when it is no longer necessary for the purpose for which it was collected.
Most importantly, if businesses on either side of the Atlantic want to share data between the EU and the US, they must sign up to the Framework.
“The new EU-US Data Privacy Framework will ensure safe data flows for Europeans and bring legal certainty to companies on both sides of the Atlantic,” EU President Ursula von der Leyen commented.
Perhaps the most striking consequence of the Framework is that the European Commission granted data adequacy to the US as part of the Framework. This means the EU has determined that the US’s data protection laws and practices are equivalent to the EU’s (famously strict) data protection standards. This allows businesses (that have signed up to the Framework) to freely transfer personal data between the two regions without further safeguards.
This heralds potential opportunities for UC businesses while ideally establishing a cross-border compliance alignment between the US and EU that could also streamline cross-Atlantic collaboration.
What Implications will this have for UC and Collaboration?
One of the most immediately striking implications is how data adequacy will simplify transferring personal data between the EU and the US for UC and collaboration service providers. It will remove the need for legal obstacles like Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs). This will cut administrative costs and make workflows connected to cross-border data transfers more efficient.
Data adequacy encourages UC and collaboration businesses and their platforms on both sides of the Atlantic to adhere to consistent privacy standards and meet data protection regulations. This should result in far greater compliance alignment of data protection practices between the US and EU.
- Webex First UC Platform to Achieve EU Compliance Milestone
- Zoom Empowers Users with New Data Privacy Tools
US-based UC and collaboration companies will have greater access to the EU market. The EU’s strict data protection regulations might have restricted previous market expansion. The removal of data transfer barriers can empower US companies to expand their services and collaborate better with EU-based organisations, driving growth and opening up new market opportunities.
Data adequacy could enable increased collaboration and innovation between EU and US UC and collaboration businesses. Service providers could have greater scope to develop and deploy groundbreaking features and solutions reliant on cross-border data sharing. These might include real-time video conferencing, screen sharing, and file sharing.
As well as improved collaboration and innovation between businesses, UC and collaboration providers that prove compliance with EU data protection standards and benefit from data adequacy may gain a competitive market advantage. Their compliance means they can build trusted relationships with EU organisations exploring new UC and collaboration services, potentially enabling them to outperform competitors without data adequacy status.
A final advantage of data adequacy is the likely boost to customer trust in UC services operating between the EU and the US. Customers can feel more confident and secure knowing that their personal data is protected by the EU’s stringent data protection standards. This could increase customers’ loyalty towards their current UC platforms and services or encourage new customers to purchase these products and services.
What about the UK?
The European Commission granted data adequacy to the UK in June 2021 after it departed from the EU. As with the US’s data adequacy, the free flow of personal data to and from the UK and EU continues. However, the European Commission clarified that the decision may be revoked if future data protection laws diverge significantly from the EU’s.
This June, the US and UK governments announced a commitment in principle to a new data bridge agreement, an extension of the UK-US Data Privacy Framework, which would allow UK businesses to transfer data freely to certified US organisations and, likewise, US businesses to those based in the UK.
As with the benefits of data adequacy between the US and EU, the free transfer of personal data between the UK and the US could facilitate innovation and collaboration by offering certainty for UC businesses seeking to share data with their trans-Atlantic partners.
