WTF is Privacy Shield


May 2017

The Federal Court of Justice (BGH) confirms dynamic IP addresses of website visitors to be personal data protected by law. This is made clear by the highest German court in a judgment today.

We have a problem here in Europe, Germany especially. Our data protection law is very strict. We need to be careful what we do with personal data we collect. When you visit a website, the website knows your IP-address. Per European Court judgement in 2011 your IP-address is personal data. Your mail-address, name, gender and phone number is too, obviously.

Lawyers were quick to respond to that because if the unwary website owner had Google Analytics running, which plenty had, it was suddenly illegal to transfer IPs to Google without consent of the user. Google responded with an anonymize-IP-feature for Analytics.

Court of Justice of the European Union | Luxembourg, 6 October 2015

The Court of Justice of the European Union has declared a decision as invalid that had made the U.S. a Safe Harbor for European Data. This basically means that Europe is not legally allowed to transfer personal data to the U.S.

But this is just the tip of the iceberg when you think about it. Whenever you embed a video, implement Disqus to a website or even utilize an online advertising network: you promote your user’s IP to god-knows-where. And if you use a newsletter service like MailChimp, ActiveCampaign etc. you provide even name and email to a third party.

Now, to make transatlantic transfer of personal data legal again the U.S. Department of Commerce and a European Commission have instituted a self-certification framework called Privacy Shield. And Trump pees on the whole thing.

This is quite bad as Google’s G Suite proudly announced more than 3 million business customers lately. European businesses would be well advised to shun this U.S. and cloud based office solution for now, or any other non-GDPR-compliant offshore business service mentioned by Cloudwards. On the other hand, Germany has caved in to Google before.


Share on facebook
Share on twitter
Share on linkedin

Related Posts

WordCamp Düsseldorf Orgateam

Best WordCamp Düsseldorf Ever

In 2019 we held our first and therefore guaranteed best WordCamp in Düsseldorf. It was a complete success and lots of fun for all participants.

Groupmail GDPR/DSGVO

GDPR and Generic E-Mail Accounts

How do you deal with topic-related e-mail accounts such as in times of the GDPR? How can you ensure that data protection is not violated for incoming e-mail addresses.