?> Austrian DPA: EU-US data transfers to Google Analytics are illegal
Snowplow ‘Outperforms’ GA4 in GigaOm Comparative Evaluation.
Read More
Platform
Products Behavioral data platform
Behavioral Data Platform Create behavioral data at enterprise scale
Open Source
Open Source Start creating data with our developer-first engine
Pricing
Pricing Learn about Snowplow's tiers and deployment options
Explore What is Data Creation
What is Data Creation? Create fit-for-purpose data to unlock new value at scale
What is data behavioral data
What is Behavioral Data? Discover the richest possible fuel for AI and analytics
Integrations catalog
Integrations Catalog Explore all Snowplow sources & destinations
Example Data Sample Snowplow Data
Sample Snowplow Data Explore Snowplow’s unified event stream in detail
Sample Modeled Data
Sample Modeled Data See an example of out-of-the-box modeled data
Read More
Solutions
Data Solutions Advanced Analytics
Advanced Analytics Build customized analytics apps
AI / ML
AI / ML Train models with AI-ready data
Composable CDP
Composable CDP Power personalized experiences
Use Cases Accelerators
Accelerators Create data products faster
All Use Cases
All Use Cases Explore our library of use cases
Industries
Industries Find use cases by industry
Partners Partner Ecosystem
Partner Ecosystem Find a partner to meet your needs
Technology Partners
Technology Partners View integration partners
Solution Partners
Solutions Partners Connect with a Snowplow expert
Read More
Customers
Industries Media & Entertainment
Media & Entertainment
Retail
Retail
SaaS
SaaS
Travel
Travel
Edtech
Edtech
Fintech
Fintech
Channels Web
Web
Mobile
Mobile
Server-side
Server-side
Email
Email
Advertising
Advertising
Business Models Marketplaces
Marketplaces
Subscription
Subscription
Aggregators
Aggregators
Ecommerce
Ecommerce
Customer Stories Strava
Strava
Autotrader
Autotrader
Bizzabo
Bizzabo
Gousto
Gousto
Sophi and Globe and Mail
Sophi and Globe and Mail
All Customer stories
All Customer stories
Resources
Learn More Blog
Blog
Knowledge base
Knowledge Base
Events
Events
Meetup
Meetup
Get Started Documentation
Documentation
Github
GitHub
Discourse
Discourse
Find a partner
Find a Partner
101 Guide to Marketing Attribution Read More
Company
About Snowplow

Snowplow is the world’s leading data creation platform. We empower any company to create their own AI-ready behavioral data to fuel advanced data applications.

  About us
About Us
Careers
Careers
Contact Us
Contact Us
Newsroom
Newsroom
Inside the Plow: The latest insights from the Snowplow team Explore the blog
Platform
Products Behavioral data platform
Behavioral Data Platform
Open Source
Open Source
Pricing
Pricing
Explore What is Data Creation
What is Data Creation?
What is data behavioral data
What is Behavioral Data?
Integrations catalog
Integrations Catalog
Example Data Sample Snowplow Data
Sample Snowplow Data
Sample Modeled Data
Sample Modeled Data
Solutions
Data Solutions Advanced Analytics
Advanced Analytics
AI / ML
AI / ML
Composable CDP
Composable CDP
Use Cases Accelerators
Accelerators
All Use Cases
All Use Cases
Industries
Industries
Partners Partner Ecosystem
Partner Ecosystem
Technology Partners
Technology Partners
Solution Partners
Solutions Partners
Customers
Industries Media & Entertainment
Media & Entertainment
Retail
Retail
SaaS
SaaS
Travel
Travel
Edtech
Edtech
Fintech
Fintech
Channels Web
Web
Mobile
Mobile
Server-side
Server-side
Email
Email
Advertising
Advertising
Business Models Marketplaces
Marketplaces
Subscription
Subscription
Aggregators
Aggregators
Ecommerce
Ecommerce
Customer Stories Strava
Strava
Autotrader
Autotrader
Bizzabo
Bizzabo
Gousto
Gousto
Sophi and Globe and Mail
Sophi and Globe and Mail
All Customer stories
All Customer stories
Resources
Learn More Blog
Blog
Knowledge base
Knowledge Base
Events
Events
Meetup
Meetup
Get Started Documentation
Documentation
Github
GitHub
Discourse
Discourse
Find a partner
Find a Partner
Company
About Snowplow

Snowplow is the world’s leading data creation platform. We empower any company to create their own AI-ready behavioral data to fuel advanced data applications.

  About us
About Us
Careers
Careers
Contact Us
Contact Us
Newsroom
Newsroom
  1. Home
  2. Blog
  3. Data Insights
Data compliance, Data insights, Featured

Austrian DPA: EU-US data transfers to Google Analytics are illegal

Megan Downing
27 January 2022 ·
Jump to

What’s happened?

Enforcement of Schrems II

It was recently announced that the Austrian Data Protection Authority (DSB) has enforced “Schrems II”, the CJEU legislation ruling that cloud services hosted in the US cannot comply with EU data laws. This is because no guarantees can be made about how and where data would be used, as US authorities – such as the NSA – technically have unrestricted access. The enforcement entails a fine for companies failing to protect the data of EU citizens by storing it in the United States. 

As part of this ruling, it was decided that:

  • IP addresses are classed as personal data so their transfer falls under EU data protection law.
  • US intelligence services use IP addresses as a starting point for the surveillance of individuals and Google Analytics, and by extension other US analytics providers, has not done enough to block US intelligence services from accessing the data.
  • Because EU citizen data is therefore not protected (according to GDPR) when it is stored in the US, it should remain in the EU.
  • In this event, the party penalized for breaking EU data law is primarily the customer of the analytics provider, or ‘data controller’. As a ‘data processor’ Google Analytics, and similar analytics companies, hold less liability.

Why does this matter?

Essentially, there’s now a fundamental mismatch between EU data privacy law and US surveillance law, which is unlikely to be resolved anytime soon. To comply with GDPR, Austrian companies must ensure that the data they collect remains in the EU. In effect, this means that Austrian companies using Google Analytics or any other analytics provider that stores data in the US, must ensure that all IP addresses held by the platform are anonymized or obfuscated in some way.

What’s next?

Many Austrian organizations are now rapidly assessing GDPR-compliant alternatives to Google Analytics, and other public SaaS solutions, as there is no grace period for this ruling to apply to other companies. 

This being just the first enforcement of an EU-wide ruling, every company storing EU data in the US must now be prepared to take action and consider the switch to data collection entirely hosted in their own private cloud.

How to learn more

With Snowplow BDP, all your data is processed and stored in your private cloud account. Our technology gives you complete ownership over your data, from what you collect to who has access to it and what they can do with it. No third-party, including Snowplow, has access to the data you collect, helping you to future-proof compliance with data privacy regulations. 

If you’d like to learn more about Snowplow and how we can help you navigate this situation, please book in a slot with a member of our team.

Try Snowplow Book a demo Request a quote

More about
the author

Megan Downing
Megan Downing

Marketing Communications Manager at Snowplow

View author

Related articles

Are abandoned cart emails GDPR compliant?

Avatar
Snowplow Team 28 November 2022

Safari ITP update: is it possible to have cookies that last longer than 7 days in 2023?

Trent Kalisch-Smith
Trent Kalisch-Smith 6 April 2023

Privacy updates, ad blockers, and the need for 1st-party tracking

Avatar
Snowplow Team 11 March 2021
Tags

Ready to start creating rich, first-party data?

Try Snowplow Schedule a Demo
Image of the Snowplow app UI