- Thread starter
- Staff
- #1
Dadparvar
Staff member
- Nov 11, 2016
- 10,601
- 0
- 6
The Austrian Data Protection Authority (DPA) Thursday ruled that an Austrian website provider’s continuous use of Google Analytics and the resultant transfer of personal data to Google violated the European Union’s (EU) privacy law, the General Data Protection Rules (GDPR).
The ruling responded to a series of representations filed by the Austrian privacy advocacy group noyb before the DPA on the basis of the European Court of Justice’s (CJEU) Schrems II decision. The Schrems II ruling established that the transfer of personal data to US companies falling under 50 USC § 1881a and Executive Order 12333 violated international data transfer standards prescribed in Chapter V of the GDPR.
Relying on the Shrems II decision, noyb’s complaint alleged that both Google (data importer) and the website provider (data exporter) violated Article 44 of the GDPR by transferring personal data to Google, which qualified as an “electronic communication service provider” under 50 USC § 1881(b)(4), thereby making it legally amenable to US intelligence functionalities. Google argued that the data transferred did not constitute “personal data” under Article 4(1) of the GDPR and that Chapter V of the GDPR was applicable only upon the data exporter and not the data importer.
The DPA decision affirmed all of noyb’s arguments but agreed with Google’s claim that no data importer obligation existed under Chapter V of the GDPR. Therefore, the DPA found the data exporter to be solely liable for breaching GDPR obligations. However, the ruling found that the data transferred to Google, including personal user identifiers, IP address and browser parameters, was personal data under Article 4(1) and consequently dismissed Google’s claims of transfer of non-personal data. No fine or penalty was imposed upon the Google.
This ruling comes in the immediate aftermath of the European Data Protection Supervisor’s January 11 decision sanctioning the European Parliament for violating Schrems II and Chapter V of GDPR by permitting data transfers through Google Analytics and another US-based company named Stripe.
The post Austria data authority rules website’s use of Google Analytics violates GDPR appeared first on JURIST - News.
Continue reading...
Note: We don't have any responsibilities about this news. Its been posted here by Feed Reader and we had no controls and checking on it. And because News posted here will be deleted automatically after 21 days, threads are closed so that no one spend time to post and discuss here. You can always check the source and discuss in their site.
The ruling responded to a series of representations filed by the Austrian privacy advocacy group noyb before the DPA on the basis of the European Court of Justice’s (CJEU) Schrems II decision. The Schrems II ruling established that the transfer of personal data to US companies falling under 50 USC § 1881a and Executive Order 12333 violated international data transfer standards prescribed in Chapter V of the GDPR.
Relying on the Shrems II decision, noyb’s complaint alleged that both Google (data importer) and the website provider (data exporter) violated Article 44 of the GDPR by transferring personal data to Google, which qualified as an “electronic communication service provider” under 50 USC § 1881(b)(4), thereby making it legally amenable to US intelligence functionalities. Google argued that the data transferred did not constitute “personal data” under Article 4(1) of the GDPR and that Chapter V of the GDPR was applicable only upon the data exporter and not the data importer.
The DPA decision affirmed all of noyb’s arguments but agreed with Google’s claim that no data importer obligation existed under Chapter V of the GDPR. Therefore, the DPA found the data exporter to be solely liable for breaching GDPR obligations. However, the ruling found that the data transferred to Google, including personal user identifiers, IP address and browser parameters, was personal data under Article 4(1) and consequently dismissed Google’s claims of transfer of non-personal data. No fine or penalty was imposed upon the Google.
This ruling comes in the immediate aftermath of the European Data Protection Supervisor’s January 11 decision sanctioning the European Parliament for violating Schrems II and Chapter V of GDPR by permitting data transfers through Google Analytics and another US-based company named Stripe.
The post Austria data authority rules website’s use of Google Analytics violates GDPR appeared first on JURIST - News.
Continue reading...
Note: We don't have any responsibilities about this news. Its been posted here by Feed Reader and we had no controls and checking on it. And because News posted here will be deleted automatically after 21 days, threads are closed so that no one spend time to post and discuss here. You can always check the source and discuss in their site.