This is an archived article and contains information that has not been updated or reviewed since it was originally published. For more information regarding the content in this article, please contact us.
Google Analytics has been a boon to businesses around the world to help them better understand how people use their websites. However, a recent decision in Austria from the Data Protection Authority (DPA) may ultimately put the use of Google Analytics in jeopardy.
What privacy issues were identified by the Austrian DPA?
The Austrian DPA found the transmission of IP addresses and cookie data to the United States for processing breaches European Union (EU) data protection laws. The EU’s General Data Protection Regulations (GDPR) are the most stringent in the world and cover organizations located anywhere if they target or collect data from EU residents.
The DPA’s decision means Google could be collecting personal data in violation of EU data protection laws. This is primarily because of surveillance laws in the US that put Google in an awkward position – they can’t reasonably guarantee personal data wouldn’t be accessed by US government bodies.
Does Google Analytics violate GDPR?
There’s no easy answer to this question right now.
There hasn’t been much enforcement of the DPA ruling at this point so there’s been no test of Google’s recent contract changes and whether they’re enough to protect companies from future sanctions.
Rather than making changes to their services to be GDPR compliant, many organizations, including Google, have added legal jargon to their contracts to try and protect themselves from international privacy law requirements.
At this point, the short answer to whether Google Analytics violates GDPR is probably no, but that will be for the courts to decide – and it could take years of litigation to get a firm answer.
What does this mean for users of Google Analytics?
Until things are tested in court, it’s business as usual for users of Google Analytics. In the future, changes may be needed as international regulations are reviewed and litigated. If you have users in the EU, pay close attention to developments in the next year or so. It’s very possible US- and Canadian-based services and platforms will be affected.
International privacy law is complex. How it impacts Google Analytics is best left to Google’s lawyers. In the meantime, always read your user agreement updates and Google emails to thoroughly ensure your website is following best practices and regulations.
If you would like an experienced team to review your website tracking framework, including your Google Analytics, please get in touch.
Want an experienced team to review your Google Analytics?