7. June 2022

New decision of CNIL

CNIL: "Google Analytics cannot be used in a GDPR-compliant way on client side."

Last week there were important news from France with far-reaching consequences. The French data protection authority CNIL published its Q&As on the further use of Google Analytics online, providing valuable statements for companies in the EU – after all, the GDPR applies EU-wide and the European data protection authorities always coordinate among themselves.

The most important statements briefly summarized:

Can Google Analytics be used in a GDPR-compliant way on client side?

The French data protection authority answers this question with “No” and also points out that even Google’s IP anonymization does not change this.

Can Google Analytics still be used at all?

The French data protection authority answers this question with “Yes” if certain criteria are met.

How can Google Analytics still be used?

CNIL suggests the possibility of a proxy server. Data is first sent to this server, over which the company must have complete control (Schrems-II must also be taken into account here). There, data can then be modified in such a way that there is no longer a direct reference to a person, which would allow a user to be singled out. This pseudonymized data can then be passed on to Google Analytics.

This is exactly what JENTIS makes possible! If you want to know more about the CNIL article and its implications for Austrian or German companies, you can talk to one of our experts now. Simply book an appointment here:


More news


High fines due to the use of Google Analytics

The Swedish Data Protection Authority fines companies for using Google Analytics without sufficient additional measures.


JENTIS wins EY's Scale-up of the Year Award

Recognised by a 52-member jury among 250+ entries, JENTIS' relentless innovation & commitment to digital transformation has been honored.


Facebook Tracking declared unlawful under GDPR by the Austrian DPA

In a recently published decision, the Austria DPA finds Facebook's tracking practices violate GDPR and Schrems II.