Noteworthy Information

Business & Government Advanced read

Use of Google Analytics violates "Schrems II"

In a groundbreaking decision, the Austrian Data Protection Authority ("Datenschutzbehörde" or "DSB") has decided on a model case by noyb that the continuous use of Google Analytics violates the GDPR. This is the first decision on the 101 model complaints filed by noyb in the wake of the so-called "Schrems II" decision.

[Simple] Privacy group targets website 'cookie terror'

Noyb, headed by well-known Austrian privacy advocate Max Schrems, is targeting companies which it says deliberately make it hard to opt-out of tracking cookies.

Business & Government Intermediate read

Irish DPC "handles" 99,93% of GDPR complaints, without decision?

The Irish DPC (Data Protection Commissioner) acknowledges in Irish Parliament hearing it "handles" GDPR complaints by not deciding about them, in violation of EU law.

The long-standing miracle of "self-resolving" GDPR complaints was then lifted by Helen Dixon: The DPC simply interprets the word "handle" to mean that the DPC can also simply dispose of complaints on the fundamental right to privacy. She openly argued “In fact, there is no obligation on the DPC under the 2018 Act to produce a decision in the case of any complaint.”

[Intermediate] Schrems II a summary – all you need to know

On 16 July 2020, the European Court of Justice issued the Schrems II judgement with significant implications for the use of US cloud services. Customers of US cloud service providers must now themselves verify the data protection laws of the recipient country, document its risk assessment and confer with its customers. This article will explain what the Schrems II judgement entails for your business.

[Simple] Gay Dating App "Grindr" to be fined almost € 10 Mio

In January 2020, the Norwegian Consumer Council and the European privacy NGO noyb.eu filed three strategic complaints against Grindr and several adtech companies over illegal sharing of users’ data. Like many other apps, Grindr shared personal data (like location data or the fact that someone uses Grindr) to potentially hundreds of third parties for advertisment.

CJEU invalidates “Privacy Shield” in US Surveillance case

The EU's Court of Justice has just invalidated the "Privacy Shield" data sharing system between the EU and the US, because of overreaching US surveillance.