Skip to main content

Schrems II Judgement (Privacy Shield invalidation)

news  Rie Aleksandra Walle · Jul 24, 2020

Update: In response to Schrems II, we've now launched EU Isolation.

Another update: In response to Schrems II, the Austrian DPA ruled that Google Analytics is illegal.

We have closely followed the Court of Justice of the European Union (EUCJ) ruling on the Privacy Shield certification for US businesses, effectively making it invalid as of July 16, 2020. The ruling has a significant impact on numerous businesses across the world.

Several data protection authorities (DPAs) across the EU have provided statements on the ruling. However, there is no unified conclusion or advice on how to manage it on a practical level. The ICO, the UK's DPA, advises for example to "please continue to (rely on the Privacy Shield) until new guidance becomes available".

What is Fathom Analytics doing?

We constantly monitor relevant changes to privacy regulations with a global impact, such as the GDPR and the coming ePrivacy Regulation. We also did a thorough GDPR review in May-June this year and appointed a Privacy Officer. We reviewed all data processors (including sub-processors), data flows, the personal data we process, legal grounds, retention periods and more, to ensure we comply with the GDPR in the best way possible.

Today, we process some personal data in the US (we now process EU visitor data on EU servers). We will pay close attention to what European DPAs and the European Data Protection Board will advise going forward.

In the meantime, we have taken the following immediate actions

  1. We have familiarized ourselves with the ruling and the background for it
  2. We're in close dialogue with our Privacy Officer, a European based GDPR and privacy consultancy, on the practical implications for our company
  3. We're reviewing our current personal data inventory and data processors (including sub processors)
  4. We're reviewing our privacy risk assessments and will update these according to the ruling
  5. We have reached out to data processors we know are affected by this, and are awaiting their feedback
  6. We're reviewing other necessary actions continuously

As always, privacy is at the core of everything that we do at Fathom Analytics, and you can be certain that we take this ruling seriously. We will update this page going forward with further actions that might be necessary.

If you have any questions, feel free to contact us.


Return to the Fathom Analytics blog

Rie Aleksandra Walle

Rie Aleksandra Walle is a privacy officer and helps companies with GDPR.

Pixel cat

Tired of how time consuming and complex Google Analytics can be? Try Fathom Analytics:

Start a free trial

Sign up for our monthly newsletter via email, or grab the RSS feed.