In January Austria’s Data Protection Agency ruled the website netdoktor.at to be in breach of the EU’s GDPR for its use of Google Analytics. They determined that IP addresses and identifiers from visitors used in cookies or any other method of storage should be considered personal data, thus the transfer of this data is in violation of Chapter V of the GDPR.
As TechCrunch explains (see this link), the decision could have long-reaching implications, as it sets a precedent for the use of tools that require the transfer of European personal data to the US for processing, and it emphasizes the need for data handlers to institute supplementary measures to enhance standard provisions in order to comply with the EU law.
The Finnish Data Protection Office published “European data protection authorities have found the use of Google Analytics on the website to be in breach of data protection law” — (Article in Finnish)
In February, French regulators also deemed Google Analytics in breach of provacy regulations. (Read the detailed article here)
Subsequent countries followed, recently the Italian Supervisory Authority banned the use of Google Analytics: “no adequate safeguards for data transfers” (Read the detailed article here)
In many other European countries similar lawsuits and investigations are underway, according to the European Data Protection Board (EDPB website)
In short, many websites use Google Analytics, and should be concerned about data privacy and GDPR implications.
Why is GDPR important?
The General Data Protection Regulation (GDPR for short) is important because it describes the protection of the rights of European data subjects (i.e. web site visitors) and clarifies what organization that process personal data from European citizens in any form must do to safeguard these rights.
All organizations regularly process some form of personal data, so they must comply to the GDPR-rules.
The GDPR has serious implications for non-compliance: the consequences could be heavy fines. The GDPR enables huge penalties of up to 20 million euros or, if higher, up to four percent of global revenue.
If you are using Snoobi Analytics GDPR-compliant solution, be assured that all data is stored in Finland (for our Finnish clients) or Germany (where we collect data for our other European clients). Also collected data is never shared with any third party and is for the exclusive use of the owner of the website.
More information about the solutions with Snoobi’s GDPR-compliant solution on the Snoobi Solutions pages.