since the EuGH canceled the Privacy Shield, it is forbidden to transfere personal related data to countries which do not have a adequacy proofing by the EU-Comission. In addition Companies can refer to the Standard Contractual Clauses to apply to the level of EU-DSGVO. But the privacy shield was withdrawn because of the fact that companies in the USA and in special bigger ones cannot ensure that the government has no access to any personal related data from EU citizens.
So the question is can we use firebase as push notification service when they say "we are GPDR and SCC confirm" ?
As i understand from the documentation is the only personal data transferred the InstanceID which is storred hashed ad firebase side. And as long as we do not transfere messages with personal related data which firebase can read and process we have only the ID which is a grey zone. Because Android user's are monitored by google anyway.
What are your thoughts on this.
