That if they're processing EU website visitor traffic, they're in violation of the Schrems II ruling, and violating the GDPR. Very messy situation right now.
The Schrems II ruling occurred back in 2020. Max Schrems & noyb have filed 101 complaints, and we're now going to see DPAs make decisions (meaning the ruling is enforced). What's new now is that a DPA has actually made a decision against Google Analytics (and US cloud providers).
Yup. The Illegal Analytics Scanner is deployed to Germany. We then load the website, observe the pixels loaded, run the IP returned through an IP lookup, and see who controls the server. If it's a US cloud provider, it's not lawful in the EU.
13 comments
[ 3.4 ms ] story [ 37.0 ms ] thread[1] - https://illegal.analyticsscanner.com/www.twitter.com
[2] - https://illegal.analyticsscanner.com/www.discord.com
[3] - https://illegal.analyticsscanner.com/www.slack.com
[4] - https://illegal.analyticsscanner.com/www.youtube.com
[5] - https://illegal.analyticsscanner.com/www.cnn.com
[6] - https://illegal.analyticsscanner.com/www.foxnews.com
I can only speculate on what's going to happen.
News like this takes time, and requires education, and we expect to see additional rulings that solidify EU DPA's commitment to enforcement.