Sweden issues the first major fine for illegally transferring personal data out of the EU via Google Analytics, a significant first in Europe.
VoA »
The GDPR allows the transfer of data to third countries only if the European Commission has determined they offer at least the same level of privacy protection as the EU. A 2020 EU Court of Justice ruling struck down an EU-U.S. data transfer deal as being insufficient.
The IMY said it considers the data sent to Google Analytics in the United States by the four companies to be personal data and that “the technical security measures that the companies have taken are not sufficient to ensure a level of protection that essentially corresponds to that guaranteed within the EU.”
Related » Silicon Angle | The Next Web