WhatsApp parent company Meta hits yet another wall as the Austrian Data Protection Authority (DSB) has decided that the use of Facebook’s tracking pixel is a direct violation of the EU’s General Data Protection Regulation (GDPR) privacy law.
The Austria-based privacy rights group made the decision earlier this month, highlighting that Meta’s tracking pixel violates not only the GDPR but also the Court of Justice of the European Union’s (CJEU) 2020 judgment in Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems.
In that particular case, known as Schrems II, it was concluded that the use of US providers by EU citizens violates the GDPR because the US surveillance laws require US companies such as Meta to provide users’ personal information to US authorities.
Max Schrems, Chairman of noyb.eu said, “Facebook has pretended that its commercial customers can continue to use its technology, despite two Court of Justice judgments saying the opposite. Now the first regulator told a customer that the use of Facebook tracking technology is illegal”.
The CJEU consequently annulled the ‘Privacy Shield’ deal, after annulling the previous ‘Safe Harbor’ deal in 2015. And despite coming off as a strong warning through the tech industry, US providers and EU exporters seemingly ignored the case.
This led to NOYB filing 101 complaints in August 2020 against websites that are still using Google Analytics and Facebook Tracking tools despite clear court rulings.
The DSB’s decision to declare Google Analytics illegal also applies to the ‘Facebook Login’ and ‘Meta Pixel’ tools provided by the company. So if these tools are used, data is inevitably transferred to the US, where the data is at risk of intelligence surveillance. Therefore, European website operators have now been advised not to include any tools from Meta on their websites.
A possible solution
“For us, it is crucial that the US providers cannot just shift the problem to EU customers. We have therefore filed the case against the US recipient too. The DSB has partly rejected this approach. We will review if we appeal this element of the decision,” said Schrems.
Thousands, if not millions of websites use Facebook’s tracking technology to track users and show personalised ads. NOYB adds that when websites use the technology, they’re also unknowingly sending all user data to the US multinational and then, “Onwards to the US National Security Agency (NSA)”.
As a long-term solution, Schrems says, “We either need proper protections in the US, or we will end up with separate products for the US and the EU. I would personally prefer better protections in the US, but this is up to the US legislator – not to anyone in Europe.”
NOYB went on to say that although the European Commission is currently working on introducing the third EU-US data transfer deal, the fact that US law still allows bulk surveillance means that the matter, “Will not be solved any time soon.”