The IAB Europe, the continent’s digital advertising and marketing association, has issued an FAQ on Schrems II.

How does this impact the online advertising supported internet?

“While it is hard to measure the impact in specific terms, this is likely to cause a big disruption in an industry which is as global and interconnected as ours. What may be seen as a simple data transaction for our industry, such as recalling segmentation information about a particular web browser, may be seen in the eyes of the regulator as a cross-border data transfer depending on the locations of the respective servers.”

What can I do today to check that I’m complying with the law?

  • Take stock of your data inventory and that of your partners.
  • Understand how your partners are transferring data to the U.S., for which purposes, and how they ensure compliance with the General Data Protection Regulation (GDPR).
  • Review contracts with partners who are based in non-EU countries. If you work with companies who have their servers based in any non-EU country, make sure that you understand how they are ensuring compliance with the GDPR.
  • Seek guidance from your lead supervisory authority.

EU-US Privacy Shield