the Austrian DPA sets out its reasoning for finding a local site’s use of Meta tracking tools breached the GDPR’s requirements on data transfers, noting that the regulation requires that data on EU users is adequately protected if it’s transferred out of the bloc, to so-called third countries (such as the US). Yet it found none of the possible protections for such data exports (such as an adequacy decision) applied in this instance — hence determining that the GDPR’s Article 44 (on data transfers) was violated. — Updated on 2023-03-17 — Group: #Public