New decision of CNIL
Last week there were important news from France with far-reaching consequences. The French data protection authority CNIL published its Q&As on the further use of Google Analytics online, providing valuable statements for companies in the EU – after all, the GDPR applies EU-wide and the European data protection authorities always coordinate among themselves.
The most important statements briefly summarized:
Can Google Analytics be used in a GDPR-compliant way on client side?
The French data protection authority answers this question with “No” and also points out that even Google’s IP anonymization does not change this.
Can Google Analytics still be used at all?
The French data protection authority answers this question with “Yes” if certain criteria are met.
How can Google Analytics still be used?
CNIL suggests the possibility of a proxy server. Data is first sent to this server, over which the company must have complete control (Schrems-II must also be taken into account here). There, data can then be modified in such a way that there is no longer a direct reference to a person, which would allow a user to be singled out. This pseudonymized data can then be passed on to Google Analytics.
This is exactly what JENTIS makes possible! If you want to know more about the CNIL article and its implications for Austrian or German companies, you can talk to one of our experts now. Simply book an appointment here:
More news
JENTIS wins the EIT Challenge 2022
20 European scaleups pitched for the main prize in one of Europe's major pitch competitions. JENTIS gains access to the EIT's prestigious accelerator program.
The Trans-Atlantic Privacy Framework is taking shape. But will it stick?
U.S. President Biden has signed an executive order detailing regulations for the planned EU-U.S. Data Privacy Framework. The legal limbo is likely to continue for businesses on both sides of the Atlantic.
Denmark: Google Analytics declared unlawful
Google Analytics can no longer be used in a legally compliant manner without further measures. With its decision, Denmark's agency joins other data protection authorities in Europe.