On 17 July, the EU-U.S. Data Privacy Framework program website was introduced by the U.S. Department of Commerce. This platform allows organisations based in the United States to undergo self-certification and also provides them with details about participating companies and other relevant information.

Companies that previously maintained their certification under the Privacy Shield are required to adhere to the new principles of the EU-U.S. Data Privacy Framework by October 17th. At the same time, they can already start using the Data Privacy Framework adequacy decision to facilitate the transfer of personal data from the EU and European Economic Area. A three-month transitional period has been established to allow previously certified organisations under the Privacy Shield to update their privacy policies in accordance with the new Data Privacy Framework.

For those U.S.-based data importers who are new to the framework, they can start the self-certification process through the online platform. During this process, they will need to furnish information about their privacy policy, reasons for data transfers, reporting mechanisms, and other relevant details. Once the Department of Commerce confirms their certification, companies can then proceed with data transfers under the Data Privacy Framework.

***

IAPP has published an article summarising the most recent developments in the world of cookies and other tracking technologies (pixels, web beacons referrers, fingerprints, AD IDs).

The article describes the types of existing web tracking technologies, explains the developments recently adopted by Google and Apple and explores future steps.

In particular, the article covers the matter of third-party cookies. More specifically, “the adtech industry has turned to third-party cookie alternatives like cohorts, zero-party data collection, probabilistic identifiers, universal identifiers, advertising supported by privacy-enhancing technologies and partitioned cookies. Google’s Privacy Sandbox utilizes cohorts, but critics in the industry noted, in order to be an effective third-party cookie replacement, the anonymity provided by the web tracking technology is not feasible. To deliver a relevant ad to user one of cohort four, advertisers either end up showing the ad to the entirety of cohort four, most of whom will deem the ad irrelevant, or revert to using a third-party cookie to specifically show the ad to user one, removing the point of using cohorts. Similarly, professionals in the industry are split on the Interactive Advertising Bureau’s efforts to maintain a self-regulatory group for the adtech ecosystem while integrating more privacy-preserving mechanisms. The IAB created the Transparency and Consent Framework in response to the needs of EU regulators and has continued to develop new versions of the tool”.