Austria’s Data Protection Authority has banned the use of Google Analytics on European websites for violating GDPR norms. Last month, the court ruled: “In the opinion of the data protection authority, the Google Analytics tool (at least in the version of 14 August 2020) can thus not be used in accordance with the requirements of Chapter V of the GDPR.”
According to the ruling, Google Analytics is not compatible with EU law. It all started when activist Max Schrems and his privacy advocacy group None of your Business (NOYB) filed a lawsuit with the Data Protection Authority. The EU’s Court of Justice invalidated data sharing under Privacy Shield due to US surveillance in 2020. The latest ruling from Austria is related to an EU user filing a case against Google for accessing personal data. The user has accessed an Austrian website that uses Google Analytics. Google can figure out the identity of the person from the information shared.
According to the American CLOUD Act, US authorities can demand personal data from Google, Facebook and other US providers, even when they are operating outside of the US. As a result, Google cannot provide an adequate level of protection under Article 44 GDPR.
Sign up for your weekly dose of what's up in emerging technology.
The European companies now have to take the decision of removing Google Analytics from their websites or risk a penalty for violating the GDPR. Now, either the US will have to change its surveillance laws, or US providers will have to host data of European users in Europe.