In January, the Austrian Data Protection Authority (DSB) banned the use of Google Analytics.
The news hit the MARTECH world like a shockwave.
And even before the fierce winds had passed, META announced that it would pull its activates from Europe if it cannot process EU citizens’ data on US ground.
Then what? Should we be worried about the Austrian ban?
Yes and no!
I’ll explain.
A little background
In January 2022, the Austrian Data Protection Authority ruled in the first of potentially 101 complaints filed by privacy activist group NOYB (None Of Your Business).
The decision was made based on the 2020 Schrems II case, which annulled the Privacy Shield agreement between the EU and the US. An agreement for the transfer of personal data. Especially used by US-based tech companies.
The core of the case is:
Google (Analytics) continues to send EU citizens’ personal data to the US where it may be subject to surveillance and wiretapping by American intelligence.
Therefore, the Austrian DPA decided that the transfers were not in compliance with the GDPR.
Yes – you should be worried
Yes, you should be worried because much more is at stake than just Google Analytics!
EU-US data transfers face a bleak future, if this case spreads.
If more of the cases result in the banning of US-based service providers like Google, Meta, Amazon etc., it could potentially mean that European companies would have to find alternative ways to collect data for marketing purposes.
It would mean the end of using one of the greatest marketing platforms seen to date and it would spur a European tech revolution.
To add fuel to the fire, Mark Zuckerberg and Meta announced the other day they would pull activities from Europe (Facebook, Instagram) if not allowed to process EU citizens’ data on US soil.
EU-US data transfers face a bleak future, if this case spreads.
No – You should not be worried!
There are two good reasons for why you should not worry.
1. Too much is at stake. For both parties.
Google Analytics is the most commonly used analytics software, and many websites rely on Google to perform analytics and ads.
Same goes for Facebook. Companies rely on Facebook to build communities and audiences, and to market their products and services.
This is a business you just don’t close overnight.
However, as things are now, the US needs to adapt baseline protections for foreigners to support their tech industry.
That means a change of the US Cloud Act and FISA702 to prevent surveillance of EU citizens’ personal data.
2. There are lots of alternative services
While a total ban of American based software services in the EU seems unrealistic, it may happen.
But are we prepared to switch to EU based services?
They do exist.
For analytics, CRM, consent management, there are alternatives worth looking at.
But it may be costly to change platform with a lot of legacy data.
Although the decision about data transfer agreements between the EU and the US is out of our hands, there are measures you can take to secure your users’ privacy.
And that’s what this case in Austria is all about: EU citizens’ privacy.
Here at Cookie Information, we are all about making it possible for you to ensure your users’ privacy.
Look for privacy focused Consent Management
The first step you can make in your approach to privacy-oriented data analytics is: Get consent!
Consent is the very foundation of data privacy and the core ingredient of the GDPR.
Being at the forefront of valid consent collection will ensure that you proactively take the first step to ensure your users’ privacy.
Second step is: Monitor your data transfers.
Are you transferring any data to the US? We create a systematic overview of your website’s data transfers. Not only to the US, but the entire world.
Stay ahead of legislation and get insights into your data transfers.
Here are three ways Cookie Information can help you ensure your users’ privacy while complying with the GDPR:
- Implement a Consent Management Platform to collect GDPR cookie consents so you are ready when the EU and the US find a solution (whatever it may be!).
- Secure your data storage and processing within the EU.
- Monitor your websites’ data transfers so you stay ahead of legislation and future EU judgements.
We make it our business to help our clients comply with the GDPR while filling their marketing funnels with compliant data.
Engage with us and learn how we can help your business.
Book a short meeting with one of our teammates and we’ll have a plan ready for how you can take the first steps towards ensuring your users’ privacy.