SOLVING SCHREMS II

European server-side tracking to solve Schrems II.

Through pseudonymisation on European servers you can keep using U.S. 3rd Party vendors.

THE EUROPEAN UNION PERSPECTIVE

Privacy for humanity

With the introduction of the General Data Protection Regulation (GDPR), the EU strengthened and formalized its position on data privacy and protection. The GDPR emphasizes that the right to the protection of personal data is a fundamental human right and the processing of personal data should be designed to serve this right.

THE AMERICAN PERSPECTIVE

Surveillance for national security

The U.S. places stronger emphasis on national security over individual’s right to privacy. Through FISA and the CLOUD Act, national security agencies can access data stored by American companies independent of the servers’ global location. Edward Snowden is often associated with the revelation of these practices.

AMERICAN SURVEILLANCE VS EUROPEAN PRIVACY

A conflict of interest that cannot be reconciled

PRIVACY 1 : SURVEILLANCE 0

Fall of Privacy Shield confirms insufficient level of personal data protection in the U.S..

In July 2020, the CJEU annulled the Privacy Shield, the protection mechanism enabling data transfers between the EU and the U.S.. It found that EU controllers must assess the risk of personal data transfers to the U.S. and that Standard Contractual Clauses may be a legitimate mechanism to transfer data to the U.S. if additional safeguards are in place to protect data from access by the U.S. national security authorities.

MAX SCHREMS VS 101 COMPANIES

Companies ignore regulatory changes. Max Schrems exemplary sues 101 of them.

A month after the fall of the Privacy Shield, companies changed nothing to the marketing stack. American tools like Facebook and Google products were (and still are) implemented as before, relying on outdated data transfer mechanisms. To challenge this willful inertia, Max Schrems sues 101 companies for the illegal practices.

PRIVACY 2 : SURVEILLANCE 0

Google Analytics found non-compliant in Austria.

On 13.1.2022, the Austrian DPA published its decision concerning the compliance of the standard client-side Google Analytics implementation. IP addresses and other personal identifiers were transmitted to Google servers based on the standard Google SCCs and even with the alleged 'IP anonymisation' these measures were found to be not sufficient to protect personal data from the possibility of access by the U.S. secret service agencies.

MORE PRIVACY INCOMING

Domino effect: European DPAs follow suit with recommendations/judgements.

In addition to the Dutch and Danish DPAs, the Norwegian also recommends (no decision yet) companies to start looking for alternatives to the default client-side Google Analytics implementation. They add “We know that there will also be more decisions about Google Analytics from other European data regulators.”
UPDATE: As predicted, CNIL comes to a similar decision in France and requires company to find a solution within 30 days.

UNDERSTANDING THE REAL PROBLEM

International data transfer - GA is the first tool but others are impacted as well.

In the Austrian GA case the tool was found non-compliant because personal data was sent to the U.S. and was processed/stored on the servers of an American company - not because the DPA didn’t like the design and color. It is critical to understand that while there is no judgment for other tools yet, they are impacted as well and need a solution.

GDPR & SCHREMS II TIMELINE

This change has been coming for a long time.

PRIVACY HERE TO STAY

The elephant in the room: how to adapt to privacy regulations?

The answer is as always: It depends. There are two potential solutions to the problem. One way to solve the problem of international data transfers is through a mechanism that would allow you to keep using existing tools. Another way could be to evade international data transfers altogether by removing such tools or replacing non-EU tools with European vendors (if possible).

SERVER-SIDE TRACKING FOR THE WIN

Take control of your data with server-side tracking. From Europe for Europe

For us, all trends in online marketing like first party data, the end of third party cookies, compliance, tracking preventions, etc. point to the same solution: Be in control of your data collection - and only then forward data deliberately. That’s why we developed a fully European server-side tracking system.

BUILDING THE RIGHT FOUNDATION

For best-possible compliance your setup is hosted in the right cloud.

As described above, FISA and the CLOUD Act make hosting a very sensible topic. That’s why relying on our legal and technical experts, we optimized our cloud setup. We are proud to be able to host our SaaS with partners like Exoscale. At the same time, we ensure that the performance, scalability and reliability are always given.

THE REAL KEY

Pseudonymise personal data for international data transfer.

For us, “solving” international data transfers is the most resilient way into the future. Our infrastructure and data collection is one essential part of the equation. The second part is the technical possibility to pseudonymise each data field with the click of a button. This way, you can define the rules for international data transfers together with your compliance team - be in control.

new
Download the executive summary of the legal memorandum by the expert law firm Spirit Legal here.
x

TAKE END-TO-END CONTROL OF YOUR DATA COLLECTION

Best first party data quality and compliance with only one additional tool!

Our solution has been developed since 2016 and is now the most advanced and compliant server-side tracking on the market. Across geographies, industries and business models we have seen incredible results – making marketers, analysts and compliance officers happy. 

If you want to know more about JENTIS to improve your online marketing, analytics and compliance with server-side tracking, please click the button provided below to book a time slot with our technology consultant. 

BOOK TIME SLOT

Alternatively, you can also send us a message with your detailed inquiry right here. 

SEND US A MESSAGE