Google Analytics Deemed Illegal in Austria

Google Analytics Deemed Illegal in Austria

 

The Austrian Data Protection Authority (DSB) has ruled that the use of Google Analytics is in violation of the GDPR in a case involving NetDoktor, a health portal providing medical tools and news. NetDoktor, like millions of other websites, uses GA for their site’s tracking and analytics.

 

The NGO, My Privacy is None of Your Business (noyb), filed complaints against NetDoktor and 100 other European companies that still use Google Analytics. This is because the Court of Justice of the European Union (CJEU) ruled in their “Schrems II” decision that using Google Analytics or Facebook Connect is in violation of the GDPR because user data is transferred to the U.S.

 

The upheld claims were:

  1. Unique user identification numbers, IP addresses, and browser parameters were being sent to Google as part of the user’s tracking.
  2. Standard data protection clauses between NetDoktor and Google are not adequate because all data sent to the U.S. is subject to American surveillance laws.
  3. Privacy Shield was annulled by the Schrems II decision, so there is currently no agreed upon way for the transfer of data between the EU and the U.S.

 

This decision puts pressure on tech giants and their customers to comply with GDPR to the letter of the law instead of hoping that business contracts will sufficiently protect them from penalties and fines. This could also spur the EU and U.S. government to negotiate a successor to Privacy Shield. Privacy Shield itself was the second attempt to agree upon data transfer conditions between the two blocks so that data can continue to flow between continents.

 

But, what does this mean for you and your business while these issues are being hashed out? First and foremost, you can confirm where your data is being sent to determine if you need to find alternative storage or tracking solutions. Then you can begin to address the bigger question of what those alternatives might be and how and when to implement them.

ObservePoint can help you with that initial assessment with our Privacy Compliance solution. Our easy-to-use, visual report for Technology Geolocation allows you to quickly confirm the physical location of all network request endpoints. You can set up custom rules for specific locations and get notified if your rules are broken. For more information, fill out the form for a demo or sample audit.

Related Posts

ObservePoint Use Case Library

Discover 21 tips to improve your Adobe Analytics implementation and analytics data. Download your free copy.
Read More

Website Privacy (6/6): Are requests coming from unauthorized countries, regions, or domains?

If you’ve followed along with our privacy validation series, you know that we’ve discussed auditing privacy policy link presence, “do not sell/share” link coverage, cookie consent banner tag presence, whether or not the consent management platform (CMP) is respecting user preferences, and where new or unapproved cookies are showing up on your site. The final question we address in this series is, “Are there network…
Read More

Website Privacy Validation (5/6): Where are new and/or unapproved cookies and technologies showing up on my website?

If you’ve followed along with our privacy validation series, you know that we’ve discussed auditing privacy policy link presence, “do not sell/share” link coverage, cookie consent banner tag presence, and whether or not the consent management platform (CMP) is respecting user preferences. The next thing you should ask is, “Where are new and/or unapproved cookies and tags showing up on my website?” Essentially,…
Read More

ObservePoint Use Case Library

Discover 21 tips to improve your Adobe Analytics implementation and analytics data. Download your free copy.
Read More

Website Privacy (6/6): Are requests coming from unauthorized countries, regions, or domains?

If you’ve followed along with our privacy validation series, you know that we’ve discussed auditing privacy policy link presence, “do not sell/share” link coverage, cookie consent banner tag presence, whether or not the consent management platform (CMP) is respecting user preferences, and where new or unapproved cookies are showing up on your site. The final question we address in this series is, “Are there network…
Read More

Website Privacy Validation (5/6): Where are new and/or unapproved cookies and technologies showing up on my website?

If you’ve followed along with our privacy validation series, you know that we’ve discussed auditing privacy policy link presence, “do not sell/share” link coverage, cookie consent banner tag presence, and whether or not the consent management platform (CMP) is respecting user preferences. The next thing you should ask is, “Where are new and/or unapproved cookies and tags showing up on my website?” Essentially,…
Read More