2. March 2023

Norway declares Google Analytics non-compliant with GDPR

The Norwegian data protection authority has come to the preliminary conclusion that the use of Google Analytics is non-compliant with the GDPR.

In the years since the implementation of the General Data Protection Regulation (GDPR) in 2018, the data protection NGO NOYB filed numerous complaints with EU data protection authorities against a number of European websites. NOYB believes the websites transfer personal data out of the European Economic Area in violation of the GDPR by using the US analytics tool Google Analytics.

One of the offending websites, telenor.com, is Norwegian and used to use Google Analytics. The Norwegian Data Protection Authority, Datatilsynet, investigated this case. The preliminary conclusion: The use of Google Analytics violated the transfer provisions of the GDPR.

European coordination

Due to the high number of complaints about the use of Google Analytics at the European level, the European Data Protection Board (EDPB) has established a working group to coordinate the handling of complaints. The reason for this is that data protection authorities are required to interpret the General Data Protection Regulation in the same way throughout the EEA.

Data protection authorities in Austria, France and Italy, as well as the Data Protection Authority for the EU institutions (EDPS), have already ruled that the use of Google Analytics violates data protection rules. In addition, the Danish data protection authority comes to the same conclusion in a guide on the subject, and the Liechtenstein data protection authority has also been critical of the tool.

What happens now with Google Analytics?

If the Norwegian data protection authority also decides that the use of Google Analytics by the website in question violates the GDPR, this could also have consequences for other Norwegian websites. Therefore, the Norwegian authority reiterates its recommendation to consider alternatives to Google Analytics. More detailed information on what to expect from Norwegian websites will be available at the end of April at the earliest.

Universal Google Analytics or GA4?

At the time of the complaint, the website in question was using Universal Google Analytics. While the data protection authority has not commented on whether the same violations exist with Google Analytics 4 in this specific case. But as far as can be seen, Google Analytics 4 will not necessarily fix the problems identified by the data protection authority. In this context, it may be useful to refer to the guidelines of the Danish data protection authority, which state exactly this.


Quelle: datatilsynet.dk | NOYB


Any questions on how JENTIS can help your business? We look forward to your message!

Contact us

Mehr Information

Past Events
06
Oct

Express Webinar: Google Analytics banned in Denmark – What now?

Learn more about the most recent decision of the Danish data protection agency regarding Google Analytics and its implications for your organisation.

Blog

CNIL confirms Server-Side Tracking

We could hardly believe it when we at JENTIS read the two new articles from the French data protection authority CNIL. A whisper went through the office "Are they writing about us?"

Blog

How to keep using Google Analytics compliantly

The use of Google Analytics has been declared unlawful by European data protection authorities. But Website operators have options if they want to become data privacy compliant.

Control over your data collection

First Party-Data quality and Compliance

Our solution is the most advanced and compliant server-side tracking on the market. If you would like to learn more about JENTIS to improve your online marketing, analytics and compliance with server-side tracking, please click the button below to book an appointment with our Technology Consultant.