Following the “Schrems 2” decision from the Court of Justice of the European Union (CJEU) on 16 July 2020 invalidating the privacy shield((The Court of Justice invalidates Decision 2016/1250 on the adequacy of the protection provided by the EU-US Data Protection Shield (europa.eu).)), the European Data Protection Authorities (DPAs) are now taking the first “real world” decisions.
A few weeks ago, the Austrian DPA decided that the use of Google Analytics is not compliant with the rules of the GDPR on international data transfers.((Standarderledigung Bescheid (noyb.eu).)) The French DPA (CNIL) just adopted the same approach in a decision((Utilisation de Google Analytics et transferts de données vers les États-Unis : la CNIL met en demeure un gestionnaire de site web | CNIL.)) requiring a website manager to stop using Google Analytics until sufficient measures to guarantee lawfulness of the data transfer to the US have been implemented.
These decisions from the DPAs are in line with the CJEU decision, which stated that a data transfer to the US that falls under the US surveillance laws does not comply with the GDPR provisions relating to international data transfer, even though Standard Contractual Clauses (SCCs) would have been signed.
Despite this decision by the CJEU, a lot of companies including the GAFAM have largely ignored the practical consequences of the “Schrems 2” decision and continued transferring data, relying on SCCs without implementing effective safeguards against possible exercise of US surveillance laws.
In response to this, a privacy advocacy NGO My Privacy is None Of Your Business (NOYB)((EU-US Transfers Complaint Overview | noyb.eu.)) has decided to take a hard line and filed 101 complaints with various DPAs. In these complaints, NOYB has targeted major EU e-commerce and media websites using GA. No doubt decisions by the DPAs will have far-reaching implications as Google Analytics is one of the most commonly used statistics tool. Several complaints also target Facebook Connect, a very popular tool which enables login to third party websites from one’s Facebook account.
Contact us for more good, clear, precise, advice.
