The European Commission's decision regarding the adequacy of the United States' data protection has come into effect on 10th July. Based on the adequacy decision, personal data may be transferred to certified American companies committed to the safeguards agreed upon in the EU-US Data Privacy Framework.

The transfer of personal data from Europe to the United States has caused headaches for many companies in Europe and America since the EU ruled that the previous Privacy Shield arrangement was inadequate in the summer of 2020.  In summary, the core issue has been the conflicts between the European Privacy Law (GDPR) and the United States Intelligence Law. From the beginning, it was evident that a potential solution lay in negotiation and agreeing on new practices. Concurrently, companies and cloud service providers have significantly improved their compliance with GDPR mandates.

The EU's adequacy decision on data protection made on 10.7.2023 resolves any ambiguity in the transfer of personal data from Europe to the United States, provided that the participating American company is certified according to the safeguards agreed in the Data Privacy Framework (DPF). The United States has launched an online service where it is easy to search and verify the companies involved in the DPF. The register includes major cloud service providers, such as Amazon, Google, and Microsoft, which indicates that Google Analytics is fundamentally compliant with GDPR.

Registry search for companies included in the Data Privacy Framework:
https://www.dataprivacyframework.gov/s/participant-search