Google Analytics is the most widely used analytics tool that website operators use to obtain statistical data about visitors to their sites. The data collected includes website traffic, time spent on the site, system information (such as device, operating system, etc.), as well as demographic data (e.g., language and the country from which the user connected) and much more. Web site operators can later use this data to tailor their marketing efforts and personalize advertisements. This data is transferred by Google to the United States.
The European Center for Digital Rights, a non-profit organization (NOYB) based in Vienna, regarding data transfers to the United States and the subsequent potential access to that data due to insufficient regulation of such transfers. The French data protection authority later ordered the company to bring its practices into compliance with the EU’s GDPR2, as it considers the company to be in violation of numerous provisions of that regulation.
In January, the Austrian Data Protection Authority, acting on a complaint from NYOB, concluded that the implementation of Google Analytics by a local website owner did not provide an adequate level of data protection and, like the French authority, stated that Google processes data in a manner that violates the provisions of the EU’s GDPR. The Dutch Data Protection Authority is also considering banning the use of this service.
Max Schrems, speaking on behalf of the organization NYOB, stated that there are only two ways to resolve the current situation, namely, either the United States complies with the requirements of European legislation, or it considers the option of “hosting” data outside the United States.
On February 4, 2022, Google noted that data flows are becoming increasingly common and emphasized the need for an agreement between the EU and the United States on a new data protection framework. At the same time, it announced that the comprehensive measures it offers customers provide appropriate and effective data protection in accordance with applicable standards, and also provide customers with controls that allow them to determine what data will be collected about them and how it will be used.
Sources:
https://www.cnil.fr/en/use-google-analytics-and-data-transfers-united-states-cnil-orders-website-manageroperator-comply
REGULATION (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data
https://dataprotection.gov.sk/uoou/sites/default/files/regulation_2016_679_text_sk.pdf
https://www.cnil.fr/sites/default/files/atoms/files/decision_ordering_to_comply_anonymised_-_google_analytics.pdf
https://noyb.eu/sites/default/files/2022-01/E-DSB%20-%20Google%20Analytics_EN_bk.pdf
https://autoriteitpersoonsgegevens.nl/nl/onderwerpen/internet-telefoon-tv-en-post/cookies#hoe-kan-ik-bij-google-analytics-de-privacy-van-mijn-websitebezoekers-beschermen-4898
https://noyb.eu/en/austrian-dsb-eu-us-data-transfers-google-analytics-illegal
https://support.google.com/analytics/answer/11609059?hl=sk
