The Italian data protection agency has just warned a site against the use of Google Analytics, considering that it does not comply with the General Data Protection Regulations (GDPR). More and more European countries are rising up against the Mountain View firm’s audience analysis tool.
Google Analytics sends data to the United States
As the Italian regulator explains in a press release, the data used by Google to provide the information in Google Analytics is personal, and includes, in particular, the IP address of the user’s device as well as information on the browser, the operating system, screen resolution, selected language, date and time the page was viewed.
Walmart introduces Triplet Model, its hybrid cloud solution
However, this data is invisible in the United States, where data protection legislation is much less strict than in the European Union, which constitutes a violation of the GDPR according to the agency: “A website which uses Google Analytics without the safeguards applied by the EU GDPR violates data protection law, because it transfers user data to the United States, a country which does not have an adequate level of data protection “, she writes.
France and Austria have also tackled Google Analytics
This is not the first time that a European country has taken a stand against the use of Google Analytics in connection with the GDPR. In January 2022, the Austrian authorities implicated a German publisher for the same reasons. A month later, the CNIL gave Google formal notice for the transfer of data related to Analytics to the United States.
According to the Austrian, Italian and French authorities, it is possible that the American intelligence services have access to this data; they believe that the Mountain View company has not put in place adequate measures to protect this information. The Italian data protection agency recalls, for example, that ” an IP address is personal data and would not be anonymized even if truncated – given Google’s ability to enrich this data with additional information it holds “.
” People want the websites they visit to be well-designed, easy to use, and respectful of their privacy. Google Analytics helps publishers understand how their sites and apps perform for their visitors, but not by identifying individuals or tracking them around the web. These organizations, not Google, control what data these tools need and how they are used. Google helps by providing a suite of safeguards, controls, and compliance resources “Google said to Tech Crunch.
Since 2020, the transfer of data between the United States and the EU is no longer regulated
These different decisions follow the Schrems II judgment of July 16, 2020 taken by the Court of Justice of the European Union, which annulled the Privacy Shield, an agreement established between the United States and the Old Continent for the transfer of data. Indeed, European justice has ruled that the latter did not sufficiently protect the information of European citizens, in particular with regard to the revelations of the American whistleblower Edward Snowden.
Following this announcement, the Austrian NGO Noyb (None of Your Business), founded by activist Maximilien Schrems, filed 101 complaints against companies in several EU states, accusing them of illegally transferring data to United States.
A new agreement between the United States and the EU is currently in the works, but negotiations are dragging on. As the media reports TechCrunchthe gap between US surveillance law and EU privacy law continues to widen to many preemies, so it is by no means certain that the negotiated replacement will be strong enough to survive inevitable legal challenges.
In this context, Google plans to implement additional controls in order to provide its customers with guarantees regarding the protection of user data.