16. March 2023

Facebook Tracking declared unlawful under GDPR by the Austrian DPA

In a recently published decision, the Austria DPA finds Facebook's tracking practices violate GDPR and Schrems II.

The Austrian data protection authority was the first mover to find Google Analytics in violation of the GDPR. Since then, multiple EU data protection authorities have followed suit.

Now, the Austrian DPA made a groundbreaking decision on Facebook’s tracking pixel.

Here are the main takeaways:

  • Like Google Analytics, Facebook sends personal data from the EU to the US via its tracking technology that is implemented on millions of websites.
  • Considering the CJEU’s Schrems II ruling on transatlantic data flows, these transfers are in violation of the GDPR, according to the DPA.
  • The US protection level of personal data from the EU (EEA) is still insufficient. (The data could be the subject of surveillance by US intelligence agencies)
  • The decision of the DPA follows a complaint issued by the data privacy activist NGO NOYB and Max Schrems who also published the full text.
  • It is unclear as of today if the Austrian DPA plans to issue penalties based on this decision in the future.

The EU-US Data Privacy Framework is not mentioned in the decision. If implemented, it could help ease friction around transatlantic data flows. But court challenges loom large on the new framework, and legal uncertainty will likely remain high long after its implementation.

Full text of the decision by the Austrian DPA (German) | Case Summary on GDPRhub | Statement from NOYB

Read more


Google Analytics 4: How to become privacy-compliant without switching

Looking for Google Analytics alternatives? We outline the options for making your analytics privacy compliant – and why staying with GA4 might be the best one.


Why is data quality crucial for digital marketing success?

With high data quality, marketers gain more insights into user behaviour and increase ad performance and conversions.


Data Privacy Framework will be challenged: Is Schrems III looming?

The new Data Privacy Framework has been approved by the EU. But will it survive Max Schrems' challenge in the courts?

New: order online now

Order JENTIS Data Capture Platform online