Google Analytics is qualified as persona non grata in Italy. The Italian data protection authority has deemed the use of Google Analytics illegal due to the risk of personal data transfers to the United States. By taking this decision, she joins the ranks of the French and Austrian authorities.
Guarantee for the protection of personal data, the Italian equivalent of the French CNIL is toughening up against Google Analytics, the American Web audience measurement console. The sanction fell at the end of the week after an investigation called ” complex “. It was transmitted following a wave of complaints and in coordination with its European counterparts. Guarantee denounces violations committed by Google, the parent company. According to her, from the United States, US government and intelligence agencies can access personal bodily data without the required safeguards. The Italian regulator claims that the measures adopted by the American technology giant to accompany the data transfer instruments, do not ensure an appropriate level of protection of users’ personal data.
The adequate investigations by Garante, allow the operators of websites that use Google Analytics to collect, via cookies, information on user interactions, websites, pages visited, services offered and several other sensitive information. It has, in fact, challenged all Italian website operators (public and private) on the illegality of data transfers to the United States related to the use of Google Analytics.
Therefore, a website that uses Google Analytics without the safeguards set out in the GDPR violates data protection laws because it transfers user data to the United States, a country that does not have a level of data protection. necessary data. At the end of the 90-day period set in its decision, the Italian authorities verify that the data transfer in question complies with the EU GDPR, including the special control channels. Since the Court of Justice of the European Union declared the invalidation of the Privacy Shield, transfers of personal data between the EU and the United States are no longer adequately determined.
Moreover, the signing of a new political agreement does not constitute a new decision. Thus, in order to be able to transmit data across the Atlantic, entities must comply with additional, particularly demanding guarantees (end-to-end encryption, risk assessment, etc.). However, according to European authorities, Google does not meet these standards and therefore cannot legally offer its services within the EU.