2. March 2023

Norway declares Google Analytics non-compliant with GDPR

The Norwegian data protection authority has come to the preliminary conclusion that the use of Google Analytics is non-compliant with the GDPR.

In the years since the implementation of the General Data Protection Regulation (GDPR) in 2018, the data protection NGO NOYB filed numerous complaints with EU data protection authorities against a number of European websites. NOYB believes the websites transfer personal data out of the European Economic Area in violation of the GDPR by using the US analytics tool Google Analytics.

One of the offending websites, telenor.com, is Norwegian and used to use Google Analytics. The Norwegian Data Protection Authority, Datatilsynet, investigated this case. The preliminary conclusion: The use of Google Analytics violated the transfer provisions of the GDPR.

European coordination

Due to the high number of complaints about the use of Google Analytics at the European level, the European Data Protection Board (EDPB) has established a working group to coordinate the handling of complaints. The reason for this is that data protection authorities are required to interpret the General Data Protection Regulation in the same way throughout the EEA.

Data protection authorities in Austria, France and Italy, as well as the Data Protection Authority for the EU institutions (EDPS), have already ruled that the use of Google Analytics violates data protection rules. In addition, the Danish data protection authority comes to the same conclusion in a guide on the subject, and the Liechtenstein data protection authority has also been critical of the tool.

What happens now with Google Analytics?

If the Norwegian data protection authority also decides that the use of Google Analytics by the website in question violates the GDPR, this could also have consequences for other Norwegian websites. Therefore, the Norwegian authority reiterates its recommendation to consider alternatives to Google Analytics. More detailed information on what to expect from Norwegian websites will be available at the end of April at the earliest.

Universal Google Analytics or GA4?

At the time of the complaint, the website in question was using Universal Google Analytics. While the data protection authority has not commented on whether the same violations exist with Google Analytics 4 in this specific case. But as far as can be seen, Google Analytics 4 will not necessarily fix the problems identified by the data protection authority. In this context, it may be useful to refer to the guidelines of the Danish data protection authority, which state exactly this.


Quelle: datatilsynet.dk | NOYB

Update: In July 2023, the EU Commission approved the new EU-US Data Privacy Framework (DPF), removing many of the restrictions of Schrems II and making it much easier for organisations to transfer EU personal data to the US. However, the new framework will be challenged legally by NGOs (possible “Schrems III”). Therefore some legal uncertainty will remain until the Court of Justice of the EU (CJEU) rules on the matter. JENTIS Data Capture Platform enables future-proof GDPR-compliant tracking, regardless of the data privacy framework and potential challenges.


Any questions on how JENTIS can help your business? We look forward to your message!

Contact us

Learn more

Product

JENTIS Privacy Controls

Ensure compliance with international privacy regulations using JENTIS' advanced privacy controls. Safeguard user data and build trust with your customers.

Product

Case Study: Google Analytics 4 with 100% Server-side Tracking

Learn how hosting provider World4You captures the maximum data quality for Google Analytics 4 with the JENTIS DCP.

Blog

Whitepaper: Advanced Server-Side Tracking with a Data Capture Platform

White paper: How to achieve maximum data quality for your marketing with server-side tracking while remaining privacy-compliant.

Control over your data collection

First Party-Data quality and Compliance

Our solution is the most advanced and compliant server-side tracking on the market. If you would like to learn more about JENTIS to improve your online marketing, analytics and compliance with server-side tracking, please click the button below to book an appointment with our Technology Consultant.