User information is smuggled out to US
European mobile data publishers and distributors have been warned that using Google Analytics could lead to a data protection violation. By transferring data to its US centres, the Big Tech oligarch causes its clients to fall foul of European Union (EU) privacy legislation which could invoke punitive fines and expensive reparations. This applies to both private and public companies that are managing websites.
Reclaim The Net
The warning comes after the Italian Data Protection Authority (Garante Privacy) concluded that Google Analytics breaks the EU’s data protection rules on the basis that a wide variety of user data is collected by the tool and transferred to the US, where data does not have the same standard of protection. The smuggling of data makes Europeans’ personal information accessible to US law enforcement, according to a report by Didi Rankovic in ReclaimTheNet.
Repeat offender
Garante Privacy made this decision after examining the case involving a web publisher, Caffeina Media, who uses Google Analytics. The data in question reveals IP address, type of operating system, browser details, language and data and time of visit to the site. Garante Privacy is one of a number of European data regulators to conclude that Google is violating data protection regulations. Data protection agencies in France (CNIL) and Austria (DSG) came to similar conclusions, finding that Google’s perfunctory actions to protect data and comply with EU rules have been insufficient.
Caffeina takes blame
Garante Privacy has now given the publisher three months to fix the issue. It has also instructed other sites to ensure their use of Google Analytics complies with data protection regulation. Meanwhile, those in charge of controlling the level of compliance are asked to check how cookies and other tracking tools are used, particularly in regards to Google Analytics.
Get a proxy
French regulator CNIL has advised that the only way for EU sites to implement Google Analytics legally would be to add encryption. Under this arrangement, data exporters or others who guarantee necessary levels of protection hold the keys. Another possible fix for European publishers would be to use a proxy server between the user and Google, advised Reclaim The Net’s Rankovic.