European privacy regulators banning Google Analytics
Italy is the latest country in the European Union to ban websites from using Google analytics to track its users.
The Italian Data Protection Authority stated that Google Analytics violates the European Union’s (EU) General Data Protection Regulation (GDPR) law.
Italy is the third country within the EU to ban Google Analytics. Austria’s Data Protection Authority was the first to block the service, followed by the French Data Protection Agency.
The EU introduced GDPR in 2018.
Google Analytics provides website managers with statistics on the online users visiting a site.
Google Analytics assigns each website visitor a unique identifier to track them and provide website operators with statistics.
European data privacy regulators have said this identifier constitutes personal data, and transferring it outside the EU violates the GDPR.
“The Italian SA wishes to draw the attention of all the Italian website operators, both public and private, to the unlawfulness of the data transfers to the USA as resulting from the use of Google Analytics,” the regulator said.
According to the Italian regulator, Google must disclose its data to US intelligence agencies if requested.
The Italian data protection authority stated that Google is infringing on European users’ privacy since Google Analytics collects data that includes IP addresses and transfers this personal data to the US.
The authority ordered website operator Caffeina Media Srl to comply with GDPR guidelines within 90 days.
“The Italian SA calls upon all controllers to verify that the use of cookies and other tracking tools on their websites is compliant with data protection law; this applies in particular to Google Analytics and similar services,” the regulator said.
France’s Data Protection Agency, CNIL, concluded that data transfers to the US are currently not sufficiently regulated and are therefore illegal.
“Although Google has adopted additional measures to regulate data transfers in the context of the Google Analytics functionality, these are not sufficient to exclude the accessibility of this data for US intelligence services,” CNIL stated.
CNIL ordered website operators to comply with GDPR requirements by stopping Google Analytics’ use or opting for a tool that doesn’t transfer user data outside the EU.