Hi Helle!
Thank you for contacting us regarding this.
I can see our Cookiebot CMP cookie banner has not been implemented on this website, so I believe you are referring to the following in the scan report:
Data is sent to: United Stated (not adequate)
The explanation for this can be found below and is not actually related with our new Swift banner, but has to do with a legal agreement regarding data transfers between EU and US.
On Thursday July 16th, the EU Court of Justice (CJEU) ruled on the so called “Schrems II” case on Standard Contractual Clauses. As part of the ruling the “Privacy Shield”, under which data has been transferred between the EU and companies in the US, has been invalidated.
Because of this, Cookiebot reporting has been changed to reflect that sending data to the USA is non-compliant as the US is considered to not have adequate personal data protection mechanisms in place.
This means that as of the ruling, it is unclear how to legally transfer personal data between the EU and the US. You may do so with standard contractual clauses in place, however this is currently being debated as well. When sending personal data to a non-adequate country, if this cannot be avoided, it can be done under GDPR Art. 49, however this article does not specifically apply to the situation of sending data to the US.
See more about data transfers to non-adequate countries here
