7. June 2022

New decision of CNIL

CNIL: "Google Analytics cannot be used in a GDPR-compliant way on client side."

Last week there were important news from France with far-reaching consequences. The French data protection authority CNIL published its Q&As on the further use of Google Analytics online, providing valuable statements for companies in the EU – after all, the GDPR applies EU-wide and the European data protection authorities always coordinate among themselves.

The most important statements briefly summarized:

Can Google Analytics be used in a GDPR-compliant way on client side?

The French data protection authority answers this question with “No” and also points out that even Google’s IP anonymization does not change this.

Can Google Analytics still be used at all?

The French data protection authority answers this question with “Yes” if certain criteria are met.

How can Google Analytics still be used?

CNIL suggests the possibility of a proxy server. Data is first sent to this server, over which the company must have complete control (Schrems-II must also be taken into account here). There, data can then be modified in such a way that there is no longer a direct reference to a person, which would allow a user to be singled out. This pseudonymized data can then be passed on to Google Analytics.

This is exactly what JENTIS makes possible! If you want to know more about the CNIL article and its implications for Austrian or German companies, you can talk to one of our experts now. Simply book an appointment here:


More news


Denmark: Google Analytics declared unlawful

Google Analytics can no longer be used in a legally compliant manner without further measures. With its decision, Denmark's agency joins other data protection authorities in Europe.


Italy stops Google Analytics

Authority warns of illegality of sending data with GA to the U.S.


CNIL against client side Analytics

French data protection authority confirms non-conformity of client side GA