EEA Data Protection Authorities shares a report on the task force work that investigates 101 NOYB data transfer complaints

The EEA Data Protection Authorities (DPAs) have released a report on the work of a task force set up to investigate 101 complaints filed by NGO NOYB following the CJEU Schrems II judgement and regarding the tools “Google Analytics” and “Facebook Business Tools” on websites, and the subsequent processing of personal data transfers to the US.

 Flag, Person

The EEA Data Protection Authorities (DPAs) issued a report on the work of a task force set up to investigate 101 complaints filed by NGO NOYB following the CJEU Schrems II judgement and regarding the tools “Google Analytics” and “Facebook Business Tools” on websites, and the subsequent processing of personal data transfers to the US.

The task force members assessed the lawfulness of transfers of personal data under Chapter V of the General Data Protection Regulation (GDPR). They noted that compliance with all other provisions of the regulation should be ensured before assessing the lawfulness of transfers. The members agreed that transfers based on the invalidated EU-US adequacy decision after 16 July 2020 did not comply with Chapter V of the GDPR.

The report calls for website operators using website plugins that transfer personal data to third countries must assess the legality of the data transfers under the GDPR. The task force members also stated that website operators must comply with GDPR requirements and implement appropriate safeguards to ensure that personal data transfers comply with the GDPR. The report also emphasized the importance of a consistent approach among DPAs in enforcing GDPR requirements for cross-border data transfers.