When the Privacy Shield legislation was invalidated in 2020, this had far-reaching consequences for US online services operating in Europe: They were no longer allowed to transfer data of European citizens to the US as this would make data of European citizens vulnerable to American mass surveillance – a clear violation of the European GDPR. However, the Silicon Valley tech industry largely ignored the ruling. Now, the Austrian Data Protection Authority strikes the same chord as the European court when declaring Privacy Shield as invalid: It has decided that the use of Google Analytics violates the General Data Protection Regulation (GDPR). Google is “subject to surveillance by US intelligence services and can be ordered to disclose data of European citizens to them”. Therefore, the data of European citizens may not be transferred across the Atlantic.
— source tutanota.com | 2022-01-19