Use of Analytics illegal
On January 13, 2022, the Austrian data protection authority published its decision on the compliance of the client-side standard implementation of Google Analytics. IP addresses and other personal data were transmitted to Google servers based on Google’s standard SCCs.
Even with the alleged “IP anonymization,” these measures were not sufficient to protect personal data from possible access by U.S. intelligence agencies.
According to the notice, “a violation of the general principles of data transfer pursuant to Art. 44 DSGVO” was upheld. This regulates the transfer of personal data to a third country, or to an international organization. In the specific case, at least “a unique user ID number, IP address and browser parameters” had been transferred to Google. This means that a unique user profile of the user can be created.
The “standard protection clauses” concluded with Google would not provide an “adequate level of protection,” for example, to eliminate “surveillance and access possibilities by U.S. intelligence services,” the authority writes in its justification. Google had previously argued that it had implemented various technical and organizational measures to protect data of European citizens from access by U.S. authorities.
Is Google Analytics now taboo for us Europeans?
Which options you really have now. Analysis by Thomas Tauchner
Google Analytics illegal?
The standard implementation of Google Analytics has been found NOT to be legally compliant. What to do now - the next steps
CNIL against client side Analytics
French data protection authority confirms non-conformity of client side GA