Here’s What App Developers Should Know About Privacy

Even though we are trying hard, the data protection industry is not yet really cool and fancy. But it does have a few rock stars. One of them is Max Schrems from Austria. He has been fighting against the data krakens from Silicon Valley since 2011 and became famous through his lawsuit against Facebook. Since then, he has repeatedly taken on data transfer between the EU and the US, first overturning Safe Harbor and later the Privacy Shield, which had regulated bilateral data transfer.

Lisa Figas

Lisa is TelemetryDeck's co-founder and product/marketing person

Focus on analytics software

Recently, Schrems and his organization Noyb have been focusing on the analytics tool Google Analytics. Today he received an important decision on this:

„In a groundbreaking decision, the Austrian Data Protection Authority has decided on a model case by noyb that the continuous use of Google Analytics violates the GDPR.“

The full report can be found on Noyb's blog: Austrian DSB: Use of Google Analytics violates "Schrems II" decision by CJEU.

What does this mean for analytics users?

The basic problem is that the level of data protection between the EU and the US is so fundamentally different that EU citizens cannot exercise their rights to their personal data. Therefore, the transfer of data across the Pacific to the West is not allowed. However, since Google Analytics automatically transfers all collected data to the USA, where it is comparatively easy for authorities to view it, the use of this software is not allowed.

Where do we go from here?

Yes, the courts work slowly and data protection lawsuits of the size Max Schrems is waging drag on for several years. No reason to panic then, right? Well, one thing is certain for us: the triumph of privacy-preserving software is unstoppable.

Those who are smart are already switching from Google products to providers that host their data within the European Union. Providers who respect and protect the privacy of their users. Providers whose entire software design is designed not to process personal data. Providers who ... might just be tooting their own horn in this very paragraph :P

What should I do?

We recommend the following strategy: Prepare ahead of time. Switch from Big G to TelemetryDeck now and use your first-mover advantage:

  1. You’ll be well-prepared when these laws will be enforced consistently.
  2. You can basically automatically comply with all privacy laws in the world if you use a GDPR-compliant analytics tool.
  3. You now have the opportunity to be active in our community and play a decisive role in shaping a product of the future.

TLDR: Developers around the world, should take this latest court decision seriously, and incorporate privacy into their strategy. Start moving your user analytics from the dark to the light side today.