The EEA Data Protection Authorities (DPAs) have issued a report on the outcome of the work of the task force that was set up to look into the 101 complaints filed by NGO NOYB in the aftermath of the CJEU Schrems II judgment. The report sets out the common positions of the members of the task force and contains information on the outcomes of the first cases concerned. Among others, several DPAs have ordered website operators to comply with the requirements of Chapter V of the GDPR, and if necessary, to stop the transfer at stake.
The task force was set up in September 2020 to promote a consistent approach in the handling of 101 identical complaints lodged by NOYB with EEA DPAs regarding the tools “Google Analytics” and “Facebook Business Tools” on websites, and the subsequent processing of personal data transfers to the U.S.
The positions of the DPAs expressed in this report do not represent the position of the EDPB. In addition, the positions taken do not prejudge the analysis that will have to be made by the DPAs of each complaint and each tool concerned.