13 comments

[ 3.4 ms ] story [ 37.0 ms ] thread
This ruling only just happened, how long did it take you to build this?!
We utilized some things we had already built, and it took less than a day to put this together.
That if they're processing EU website visitor traffic, they're in violation of the Schrems II ruling, and violating the GDPR. Very messy situation right now.
Do they have a grace period in which to become compliant?
The Schrems II ruling occurred back in 2020. Max Schrems & noyb have filed 101 complaints, and we're now going to see DPAs make decisions (meaning the ruling is enforced). What's new now is that a DPA has actually made a decision against Google Analytics (and US cloud providers).

I can only speculate on what's going to happen.

Um... Google analytics being ruled illegal seems like a pretty huge deal. How come we haven't heard more about this? Or have I just missed it?
I saw that (thanks to this!) but I guess my question is why aren't more people freaking out about this? It seems like they should be.
How are you getting these results? I assume you're loading stuff from the EU and then doing some sort of tracing to see where it's being served from?
Yup. The Illegal Analytics Scanner is deployed to Germany. We then load the website, observe the pixels loaded, run the IP returned through an IP lookup, and see who controls the server. If it's a US cloud provider, it's not lawful in the EU.
Very slick. Nice work! And y'all did this so quickly too