Norway declares Google Analytics non-compliant with GDPR
In the years since the implementation of the General Data Protection Regulation (GDPR) in 2018, the data protection NGO NOYB filed numerous complaints with EU data protection authorities against a number of European websites. NOYB believes the websites transfer personal data out of the European Economic Area in violation of the GDPR by using the US analytics tool Google Analytics.
One of the offending websites, telenor.com, is Norwegian and used to use Google Analytics. The Norwegian Data Protection Authority, Datatilsynet, investigated this case. The preliminary conclusion: The use of Google Analytics violated the transfer provisions of the GDPR.
Due to the high number of complaints about the use of Google Analytics at the European level, the European Data Protection Board (EDPB) has established a working group to coordinate the handling of complaints. The reason for this is that data protection authorities are required to interpret the General Data Protection Regulation in the same way throughout the EEA.
Data protection authorities in Austria, France and Italy, as well as the Data Protection Authority for the EU institutions (EDPS), have already ruled that the use of Google Analytics violates data protection rules. In addition, the Danish data protection authority comes to the same conclusion in a guide on the subject, and the Liechtenstein data protection authority has also been critical of the tool.
What happens now with Google Analytics?
If the Norwegian data protection authority also decides that the use of Google Analytics by the website in question violates the GDPR, this could also have consequences for other Norwegian websites. Therefore, the Norwegian authority reiterates its recommendation to consider alternatives to Google Analytics. More detailed information on what to expect from Norwegian websites will be available at the end of April at the earliest.
Universal Google Analytics or GA4?
At the time of the complaint, the website in question was using Universal Google Analytics. While the data protection authority has not commented on whether the same violations exist with Google Analytics 4 in this specific case. But as far as can be seen, Google Analytics 4 will not necessarily fix the problems identified by the data protection authority. In this context, it may be useful to refer to the guidelines of the Danish data protection authority, which state exactly this.
Quelle: datatilsynet.dk | NOYB
Any questions on how JENTIS can help your business? We look forward to your message!
Express Webinar: Google Analytics banned in Denmark – What now?
Learn more about the most recent decision of the Danish data protection agency regarding Google Analytics and its implications for your organisation.
CNIL confirms Server-Side Tracking
We could hardly believe it when we at JENTIS read the two new articles from the French data protection authority CNIL. A whisper went through the office "Are they writing about us?"
How to keep using Google Analytics compliantly
The use of Google Analytics has been declared unlawful by European data protection authorities. But Website operators have options if they want to become data privacy compliant.