EDPS reprimands European Parliament for use of Google Analytics
Illegal EU-US data transfers by the European Parliament lead to sanction from EDPS
Due to a complaint made approximately one year prior, the European Parliament has been sanctioned by the EDPS over illegal EU-US data transfers, among other violations. On a COVID-19 testing site, the use of Google Analytics and Stripe (both US companies) by the European Parliament was a violation of the Court of Justice’s (CJEU) “Schrems II” ruling on EU-US data transfers. In the complaint, filed in January 2021 by noyb, several issues were raised, including deceptive cookie banners, vague and unclear data protection notices, and of course. the illegal transfer of data to the US. The European Parliament did not incur a fine, but was reprimanded and ordered to come into compliance and address its data protection notice and other transparency issues within a month.
Personal data transferred from the EU to the US is subject to very strict conditions, and must ensure an adequate level of protection.
The EDPS found the European Parliament to be in violation of several articles of the GDPR and therefore issued a reprimand.
The placement of cookies by a US provider without having appropriate measures in place is a violation of EU privacy law. This leaves the site open to possible surveillance by US bodies. The complaint from noyb also highlighted the fact that the site’s cookie banners were unclear and deceptive. The banner did not list all the cookies, and there were also differences between the language versions. As a result users were unable to give valid consent. The European Parliament removed all cookies from the website during the investigation.
Does your company have all of the mandated safeguards in place to ensure the safety of the personal data to collect or process? Aphaia can help. Aphaia also provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.
- Lack of security of visa applications results in a fine from the Dutch Supervisory Authority - May 19, 2022
- Pandemic related data collection halted in Germany - May 17, 2022
- Google reprimanded by Belgian SA - May 12, 2022