Search

  • Like to play alone? Ubisoft is still watching you!

     / article  / 
    Online & Mobile tracking
    Ubisoft forces people to connect to the internet before they can play a single player game
    … 150 times. Among the recipients of the complainant’s data: Google, Amazon and US software company Datadog. Game of cat … with a better game experience” , that it uses  “third party analytics tools to collect information concerning your and …
    Read more

  • Annual Report 2023 out now!

     / article
    2023 was the year of major decisions leading to record fines against companies
    … authority (IMY) issued the first major fine for the use of Google Analytics . All these fines were the result of complaints …
    Read more

  • Fines resulting from noyb litigation

     / page

    The GDPR gives data protection authorities (DPAs) the power to impose an administrative fine of up to 4% of a company’s annual turnover or € 20 million if they violate the GDPR, depending on which sum is higher.

    The purpose of these fines is to deter similar infringements in the future. Although a noyb study found that they are among the most effective enforcement tools available to authorities, significant fines for GDPR violations are extremely rare. The fines go to the country where the proceedings take place, which almost always the country where the fined company has its headquarters.

    Since 2018, the following fines have been imposed on the basis of noyb complaints:

    … had overturned its first draft decision in December 2022. Google fined € 50 million over forced consent When the GDPR … into force on 25 July 2018, noyb filed complaints against Google, Instagram, WhatsApp and Facebook for forcing its … for more than four years. First major fine for using Google Analytics Following noyb’s 101 complaints on unlawful EU-US …
    Read more

  • How mobile apps illegally share your personal data

     / article  / 
    Forced Consent & Consent Bypass
    Some mobile apps share your personal data immediately after they're opened. This isn't compliant with EU privacy laws
    … began to collect and share personal data, including Google’s unique Advertising ID (AdID), the model and brand … users’ personal data with third parties for sophisticated analytics as soon as the apps are opened. Users don’t even …
    Read more

  • Annual Report 2022 out now!

     / article
    2022 was the year of major decisions in our long-standing cases on EU-US data
    transfers
    … with us in our 101 model complaints: the continued use of Google Analytics was declared illegal , and other authorities such … with the competent authorities, for example against Google for creating spam emails in Gmail, another round of …
    Read more

  • 23 years of illegal data transfers due to inactive DPAs and new EU-US deals

     / article  / 
    Data Transfers
    A new noyb analysis now shows how a combination of inactive DPAs and a new deal by the EU Commission lead to 23 years of privacy violations
    … Nevertheless, most EU companies kept using services like Google Analytics or tracking tools by Meta which entail unlawful … websites continued to forward data about their visitors to Google and Meta servers in the United States. Despite …
    Read more

  • noyb win: First major fine (€ 1 million) for using Google Analytics

     / article  / 
    Data Transfers
    Swedish data protection authority (IMY) issued decisions against four companies and imposed a fine of 12 mio SEK (1 mio Euro) against Tele2 and 300.000 SEK against CDON
    … 88 … noyb win: First major fine (€ 1 million) for using Google Analytics Following noyb’s 101 complaints on unlawful EU-US … and 300.000 SEK against online retailer CDON for using Google Analytics on their webpage. Although many other …
    Read more

  • Austrian DSB: Meta Tracking Tools Illegal

     / article  / 
    Data Transfers
    Austrian Data Protection Authority (DSB) decided that the use of Facebook’s tracking pixel directly violates the GDPR and the so-called “Schrems II” decision on transatlantic data flows.
    … have largely ignored the case. Just like Microsoft, Google or Amazon, Facebook has relied on so-called "Standard … 101 complaints in August 2020 against websites still using Google Analytics and Facebook Tracking tools despite clear court …
    Read more

  • Two are better than one?! Profil.at strikes back with forced banner, when users make the "wrong" choice.

     / article  / 
    Cookie Banners
    Complaint against the news magazine Profil: If you want to visit profil.at, you can reject all cookies in the first step. If you do so, however, a second banner pops up.
    … however, a second banner pops up where one must agree to Google and other tracking cookies. Such forced consent is … you reject these, you are forced to agree to cookies from Google and ÖWA (Austrian Web Analysis) in a second step, … Advertising Products", "Google Tag Manager", "Google Analytics" (which have already been declared illegal), "ÖWA" …
    Read more

  • 6 Months of "agreement in principle", EU-US agreement in fact still missing

     / article  / 
    Data Transfers
    6 months ago, EU Commission President von der Leyen and US President Biden announced an agreement on EU-US data transfers "in principle". Until this day, there is still no agreement.
    … data protection authorities have issued decisions that Google Analytics may not be used in the EU anymore. Max Schrems: " …
    Read more

  • Annual Report 2021 out now!

     / article
    2021 marks noyb’s fourth year of fighting for the right to privacy. We have taken things up a notch by filing a record-breaking amount of complaints.
    … Protection Authority decided that the continuous use of Google Analytics violates the GDPR.   Furthermore, we worked on …
    Read more

  • UPDATE: Further EU DPA orders stop of Google Analytics

     / article  / 
    Data Transfers
    The Italian DPA (GPDP) has joined the consensus shared by the EDPS, as well as the French and Austrian DPA and has banned the use of Google Analytics (GA).
    … 88 … UPDATE: Further EU DPA orders stop of Google Analytics The Italian DPA (GPDP) has joined the consensus … as the French and Austrian DPA and has banned the use of Google Analytics (GA). Following our 101 complaints on data …
    Read more

  • UPDATE on noyb’s 101 complaints: Austrian DPA rejects “risk based approach” for data transfers to third countries

     / article
    While some DPAs thoroughly investigated noyb's 101 cases on EU-US Data Transfers, others just started dismissing cases for questionalbe reason. Is the coordinated effort promoted by the EDPB failing?
    … decisions by the Austrian and French DPA that the use of Google Analytics is illegal, the Austrian DPA has now issued a … second decision, going even further: It declared the use of Google’s IP anonymisation a useless protection measure for …
    Read more

  • UPDATE: CNIL decides EU-US data transfer to Google Analytics illegal

     / article  / 
    Data Transfers
    CNIL considers transfer illegal and has ordered websites to comply with the GDPR.
    … controllers to comply with GDPR after decision that using Google Analytics is illegal Only weeks after the groundbreaking … Data Protection Authority that the continuous use of Google Analytics violates the GDPR, the French Data …
    Read more

  • Data Protection Day: 41 Years of "Compliance on Paper"?!

     / article
    The GDPR is a strong piece of legislation with, so far, weak enforcement. In an overview of our complaints since 2018, noyb wants to show how that lack of enforcement manifests in individual cases.
    … 2020 on EU-US data transfers , after 1.5 years, one case on Google Analytics was partly decided (1%). An additional 422 …
    Read more

  • Austrian DSB: EU-US data transfers to Google Analytics illegal

     / article  / 
    Data Transfers
    In a groundbreaking decision, the Austrian Data Protection Authority has decided on a model case by noyb that the continuous use of Google Analytics violates the GDPR.
    … 88 … Austrian DSB: Use of Google Analytics violates "Schrems II" decision by CJEU. In a … decided on a model case by noyb that the continuous use of Google Analytics violates the GDPR. This is the first …
    Read more

  • EDPS sanctions Parliament over EU-US Data Transfers to Google and Stripe

     / article  / 
    Cookie Banners
    The EDPS issued a decision confirming that the European Parliament violated EU data protection law on its COVID website by setting Google and Stripe cookies, among other violations.
    … COVID testing website. The EDPS highlights that the use of Google Analytics and the payment provider Stripe (both US … has filed 101 complaints against EU companies that included Google and Facebook functions on their websites. After the …
    Read more

  • Data transfers to the US and insufficient cookie information: noyb files complaint against the European Parliament.

     / article
    noyb filed a complaint, representing 6 Members of the European Parliament (MEPs) in their complaint concerning the Parliament’s coronavirus testing website.
    … requests, including requests to US-based companies Google and Stripe. Furthermore, not only was a Stripe cookie … but the website’s data protection notice also stated that Google Analytics cookies were used on the website. However, no …
    Read more

  • Update on noyb’s 101 complaints on EU-US data transfers – only one country shines

     / article  / 
    Data Transfers
    Just over a month ago, noyb filed 101 complaints against several companies based in the EU/EEA as they continue to transfers personal data to Facebook and Google. Today,
    … companies based in the EU/EEA because they continue to use Google Analytics and Facebook Connect on their websites – thereby transferring personal data to Google and Facebook in the US. According to the CJEU …
    Read more

  • 101 Complaints on EU-US transfers filed

     / article  / 
    Data Transfers
    noyb has filed complaints against 101 EU controllers and the US entity of Google and Facebook over continuous EU-US data transfers.
    … of major EU webpages shows that many companies still use Google Analytics or Facebook Connect one month after a major … surveillance laws, such as FISA 702. Neither Facebook nor Google seem to have a legal basis for the data transfers. …
    Read more