It is the next momentous decision by a European data protection authority. The Danish Datatilsynet has published its assessment of the legality of Google Analytics. The result is clear: Google Analytics may no longer be used without putting further protection measures in place.
“We have carefully reviewed the possible settings of Google Analytics and have come to the conclusion that you cannot use the tool in its current form without implementing supplementary measures”, said Makar Juhl Holst, Senior Legal Advisor at the Danish Data Protection Agency.
In its assessment, the agency refers to the previous decisions of the data protection agencies in Austria, France and Italy, which came to the same conclusions on the issue of Google Analytics.
Google’s changes are not enough
Since the decision of the Austrian data protection agency, Google has implemented additional setting options that are supposed to enable legally compliant tracking. However, even these changes are not sufficient to ensure legal compliance, according to the Danish agency.
The agency recommends that users of Google Analytics take measures that will restore the legality of the tools. As a possible measure, it explicitly mentions the implementation of pseudonymisation through reverse proxy servers, referring to a solution that the French data protection agency CNIL proposed earlier this year. In doing so, the French agency confirmed the functional principle of JENTIS as a legitimate solution.
Update: In July 2023, the EU Commission approved the new EU-US Data Privacy Framework (DPF), removing many of the restrictions of Schrems II and making it much easier for organisations to transfer EU personal data to the US. However, the new framework will be challenged legally by NGOs (possible “Schrems III”). Therefore some legal uncertainty will remain until the Court of Justice of the EU (CJEU) rules on the matter. JENTIS Data Capture Platform enables future-proof GDPR-compliant tracking, regardless of the data privacy framework and potential challenges.