This is a huge game changer for the adoption of Firebase in larger companies.

I have clients (FSI) where this is huge issue, so making Firebase GDPR compliant would be very appreciated. Many thanks for the effort.

Work is started on this, but no public ETA is announced yet.

I don't think anybody cares about this....I've switched to Cognito!

It is necessary to change and update in advance the spread of better ideas that benefit people and reduce harmful materials

I also wonder if there is any update?

any news?

Any update for ETA? The reason to ask is that we now need to start to do migration to other service. So the question is that would our ETA be any earlier. Are we doing the work for nothing?

@Micah Baker will we be able to retroactively switch the location in the future ?

Personally I would have dropped Azure just for Firebase if this was available.

It would have been great as a solo dev to use Firebase for releasing an MVP instead of spending countless hours on Pulumi scripts to link all services (and principals) in Azure (as I am more familiar with it).

But with the current situation I am left with running around asking lawyers and DPOs if it's okay to use your auth service or not and continuing to grind at setting up things in Azure.

This is one of your greatest services that can pull startups to your cloud and you are missing the mark on the EU market with it.

Did anything change since May 2, 2023?

@jamshaid ali, This is a complicated topic with no clear-cut answer.
First of all, I'm not a lawyer, so this is not a legal consultation. We have been in conversations with lawyers and GDPR experts.

--

Why is Firebase Auth an issue:
Firebase Auth stores user data in the US. GDPR prevents data transfer of European user data to countries without the same level of data protection.
The EU publishes a list of safe third countries [1], one of them being Israel, the US NOT being one of them.
There have been attempts to make the EU-US data transfer legal (which have been invalidated multiple times by the EU courts) and there are measures you can take to make it safe (encrypt data before uploading to Firebase, anonymize, ...).
However, those measures would make Firebase Auth unusable as you can just use an anonymous/generated email in Firebase Auth or only with great difficulties.

--

Specifically to your question, aren't Google Sign-In, etc. an issue, technically yes, but the fact that the user sign-in up for a Google account is NOT the application developers legal issue but Google's.

What you as application developer need to care about is what you do with the data you receive from Google / Apple and if you upload the data to Firebase Auth (meaning transfer the data to the US) it's your legal issue as the application developer.

--

I hope that clarifies, why we as Firebase customers need a solution to restrict the data storage and processing to the EU.

[1] https://gdpr-info.eu/issues/third-countries/#:~:text=The%20third%20countries%20which%20ensure,these%20countries%20is%20expressly%20permitted.

I asked developers on twitter. Most are not even aware of it.

If one uses google sign in and apple sigin from firebase auth lib. Is that also not gdpr compliant. Or non compliance applies to phone , email n others.

its confusing it seems alot of people use firebase auth in europe. But its not clear if as an independant developer can one use it or not. Can u clarify . Thanks

Totally agree, would make things a lot easier in the EU.

We cannot use it in Germany until this is fixed!!! Please help!

@Dominic Bartl yes this applies also to Identity Platform!
Identity Platform is like an extension to Firebase Auth (like a Premium tier) and thus the data there is also hosted in the US.

Critical for any company with business in the EU

Related to: https://firebase.uservoice.com/forums/948424-general/suggestions/46591651-firebase-authentication-for-eu

Does this also affect the Identity Platform? I haven't found any info where the data of this service is stored.