FAQ: Italy’s Data Watchdog “Bans” Google Analytics
Italy’s privacy guarantor, Garante, issued a decision stating that Italian websites that use Google Analytics violate the General Data Protection Regulation (GDPR), the EU’s data protection law.
Notably, Google falls under the US surveillance laws, which go against the GDPR’s stipulations. For example, Google would have to give up EU citizens’ data to US intelligence services if it received a formal request to do so.
Article 49 of the GDPR states:
“personal data may not be transferred to a third country unless the country provides for an adequate level of data protection or, alternatively, appropriate safeguards are put in place.”
Since Google Analytics sends data from the EU to the US for processing, the Italian court ruled that businesses must add new safeguards if they wish to continue using the Analytics tool.
This follows similar decisions in France and Austria.
The website that was involved in this case, Caffeina Media Srl., has 90 days to bring its data processing in line with the GDPR. In the French and Austrian cases, they gave only 30 days to make these changes.
There’s nothing special about Caffeina Media Srl.; it is a regular company that uses Google Analytics to track and analyze customer data.
However, the data regulator ruled that it is accountable for the processing of this data through Google Analytics. And since that data is sent to Google LLC in the US, Caffeina Media Srl. must take steps to guarantee that citizens’ privacy rights remain intact.
If it cannot do so, it must stop sending user data to Google.
This is a big deal.
W3Techs, which analyzes web trends, reports:
Google Analytics is used by 85.9% of all the websites whose traffic analysis tool we know.
Understandably, a lot of other companies are wondering if they will soon meet the same fate as Caffeina Media Srl.