Swedish Data Protection Authority May Be Next to Take Action ... - CPO Magazine

Google Analytics is arguably the most popular and widely-used tool for webmasters to observe and understand how users interact with their sites and pages, but it has been under fire in the European Union since early 2022 due to incompatibility with General Data Protection Regulation (GDPR) requirements. About half a dozen EU countries have banned it since then, and Sweden's data protection authority is indicating that it might be the next one in line.

The issue traces back to the "Schrems II" ruling of 2020, which invalidated EU-US data transfers due to potential US government access to personal data shipped overseas. While the data that webmasters see when using Google Analytics is anonymized enough to keep individual users from being identified or tracked, EU data authorities are increasingly taking the position that the internal data that Google itself receives from the tool is in violation of GDPR terms.

Swedish data protection authority says Google's popular metrics tool is in violation of consent and data transfer requirements

The campaign against Google Analytics in the EU stems from a set of complaints filed by Max Schrems and his privacy group "noyb," the same entity that invalidated EU-US data transfers with its court case against Facebook. The Austrian data protection authority was the first to find in Schrems' favor, in January 2022.

Since then, a number of other data protection authorities have investigated the complaints and come to similar conclusions: Denmark, Finland, France, Italy, Norway and Sweden have all banned Google Analytics under the reasoning that US government policy, such as the CLOUD Act, allows for interception of the personal data of EU citizens that is sent overseas without recourse for the impacted data subjects.

The rulings hold individual website operators responsible for using Google Analytics, even though Google is the party transferring data overseas. The lynchpin of the argument is that the data Google collects through the program is funneled back to its servers, where it is potentially paired with data Google collects from a variety of other sources. So while the individual webmaster is not identifying visitors via Google Analytics or collecting personal information about them, their web browsing habits could be connected to other personal data back in the US at Google's end, all information that could then be obtained by the US government.

Several of the data protection authorities have also taken the position that the new Google Analytics 4 and Universal Analytics systems, which took the place of all prior Google Analytics instances on July 1, does not make adequate changes to meet GDPR requirements. The Swedish data protection authority has not yet gone so far as a national ban, but did fine several companies as a result of the Schrems complaints.

CDON, Coop, Dagens Industri, and Tele2 were all issued fines ranging from $30,000 to $1.1 million, depending on the scope of the data collection. All but Dagens Industri were ordered to stop using Google Analytics. While the Swedish data protection authority stopped short of promoting a national ban, the agency did issue a warning that other companies in the country could be similarly investigated and fined.

Google Analytics on shaky ground in EU until new data transfer terms are reached

US and EU officials announced the EU-US Data Privacy Framework, the expected Privacy Shield replacement, in 2022.  However, concerns about an almost inevitable court challenge by Schrems once it is in place has held up adoption. In May of this year, the European Parliament voted in favor of reworking the framework as it presently does not create the required level of GDPR equivalency to survive such a challenge. However, the framework still stands a very good chance of being adopted in the near future.

Adoption of a new agreement might bail out Google Analytics, at least temporarily. Google attempted to address these concerns with changes to the service over the past year for improved anonymization, including IP address truncation, but the Swedish data protection authority noted that these methods were inadequate to the task in the view of the GDPR.

Google Analytics is the most broadly popular web analytics tool, due in no small part to it being free. But the data protection authority decisions are increasingly pushing companies to look to paid solutions; those based in the US, such as HubSpot and Mixpanel, do not necessarily have the same Schrems II issues that Google does due to its internet-spanning hoard of targeted advertising data. Settings and privacy controls must still be arranged properly to ensure compliance with GDPR terms, however, and some companies are opting for EU services that store everything on servers within the bloc and that advertise aggressive data minimization to be as safe from regulatory attention as possible.

Comments

Post a Comment

adsT

Popular posts from this blog

What Is Voice Access in Windows 11 and How to Use It - Beebom

Image
When Microsoft announced Windows 11 earlier this year, the company called its latest desktop OS the most inclusive version of Windows. As part of this effort, the Redmond giant revamped the accessibility settings page and added high contrast themes, among other changes. And now, in the latest Windows 11 Insider preview build, Microsoft has introduced a new feature it calls Voice Access. It enables users to access their Windows 11 computers using just their voice. If that sounds helpful, we will teach you how to enable and use Voice Access in Windows 11 to improve accessibility. Enable and Use Voice Access in Windows 11 (2022) Table of Contents What is Voice Access in Windows 11? Voice access is a new Windows 11 accessibility feature that makes it easier to control your Windows 11 PC using only your voice . Developed keeping people with mobility disabilities in mind, Voice Acce
Read more

10 Best AI Translation Software & Tools (July 2024) - Unite.AI

Image
Artificial Intelligence (AI) is transforming nearly every industry, including translation services. At the same time, translation services are becoming more important than ever as we live in a deeply connected world with an incredible number of languages.  Translation tools are also important for professionals in the field who rely on the latest machine learning translation technologies to use in their everyday lives.  Before we dive into the best AI translation software and tools, it's important to define machine translation. The automated conversion of one language to another, machine translation works by converting text, images, or video from a source language and producing the equivalent in the target language.  Here are some of the best AI translation software and tools on the market:  Google Lens is a powerful image recognition technology developed by Google that excels in translating text in real-time across over 100 languages. This functi
Read more

Tableau vs. Google Data Studio: Complete Comparison (2024) - Simplilearn

Image
We're all familiar with the concept of Big Data, vast volumes of data pulled from countless sources, to eventually be processed into actionable insights for today's businesses. However, organizations also need tools to help curate the information and present it in an easy-to-read format. In other words, we need data visualization tools, a vital resource for digital marketing. We will shine the spotlight on two well-known data visualization tools, Google Data Studio and Tableau. This article squares off Google Data Studio vs. Tableau, including what they are, their features, advantages and disadvantages, pricing, and functionalities. First, let's do a brief data visualization refresher. What Is Data Visualization? According to the Tableau website, data visualization is defined as "…Data visualization is the graphical representation of information and data. By using visual elements like charts, graphs, and maps, data visualization tools provide an accessibl
Read more