Austrian Data Protection Authority rules Facebook’s tracking pixel unlawful
The Austrian Data Protection Authority (DSB) has ruled that Facebook’s tracking pixel violates GDPR and the ‘Schrems II’ decision on transatlantic data flows. The ruling came in response to one of the 101 complaints filed by privacy advocacy group ‘noyb’ in August 2020 against websites using Google Analytics and Facebook Tracking tools despite clear court rulings.
The Austrian Data Protection Authority (DSB) has ruled that Facebook’s tracking pixel violates GDPR and the ‘Schrems II’ decision on transatlantic data flows. The ruling came in response to one of the 101 complaints filed by privacy advocacy group ‘noyb’ in August 2020 against websites using Google Analytics and Facebook Tracking tools despite clear court rulings.
DSB based its decision on the Court of Justice (CJEU) ruling from July 2020, where the court ruled that US providers violate the GDPR, as US surveillance laws require US companies to provide users’ personal information to US authorities. The DSB’s decision applies not only to Google Analytics but also to ‘Facebook Login’ and ‘Meta Pixel’ tools provided by Meta, with data inevitably transferred to the US, where the data is at risk of intelligence surveillance.
The ruling is relevant to almost all EU websites using Facebook tracking technology to track users and show personalised advertisements. The long-term solution seems to be that the US adapts baseline protections for foreigners to support their tech industry, or US providers will have to host foreign data outside of the United States.