Pressure is mounting across Europe this week as it has been found in an Austrian court that Google Analytics is in fact illegal to use on European websites. This ruling comes through just two weeks after a French court fined Google for a data protection violation on their French websites.
To try and keep this as simple as possible, the issue relates to the European General Data Protection Regulation (GDPR) which encompasses the entirety of Europe including the UK. This came in a few years ago and even resulted in some large companies employing ‘GDPR Officers’ who knew the new laws extremely well to ensure businesses did not breach them through fear of hefty fines.
For a while, American companies were able to navigate these guidelines through something called Privacy Shield, which allowed tech companies to access the European market, however, thanks to GDPR, this was also declared null and void in 2020 due to data protection breaches.
The Privacy Sheild ruling though changed very little according to NOYB.
“While this (=invalidation of Privacy Shield) sent shock waves through the tech industry, US providers and EU data exporters have largely ignored the case. Just like Microsoft, Facebook or Amazon, Google has relied on so-called “Standard Contract Clauses” to continue data transfers and calm its European business partners.”NOYB Statement
What Does This Mean For Google Analytics?
Google Analytics has been dragged into this due to a case that was filed over a year ago pertaining to an experience had by a Google user on an Austrian health website. As the health site used Google Analytics, that information was transferred to the US where Google was able to identify who they were along with some confidential health information. The Austrian court has now ruled that that data transfer was illegal and breached GDPR.
The biggest issue for Google Analytics and other US cloud-based software is the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) which directly undermines the EU GDPR laws.
The Austrian court has determined that the fact that US authorities can demand data to be handed over from the likes of Google and Amazon that they have on European citizens and residents means they cannot provide the adequate amount of protection outlined in Article 44 GDPR.
You can see the machine-translated court ruling of this case here.
Following this ruling, the Dutch Authority for Personal Data (AP) has issued a guidance warning stating that soon Google Analytics may soon no longer be allowed. This comes as the Dutch AP also has two cases pending regarding Google Analytics due in early 2022, which could result in a ban across the Netherlands.
Possible Solutions For Google Analytics & Others
As it stands, there appear to be two possible options for Google Analytics and other cloud-based services like those run by Microsoft, Facebook, and Amazon. The first is that the tech giants lobby the US government to alter the CLOUD Act and align their surveillance laws more closely to GDPR. Or they will have to find ways to host European data in Europe and not transfer that data in any way to the US.
Regardless it seems like 2022 will be the year when one way or another something will have to give when it comes to the tech giants taking data protection more seriously.
Connect With Us And Other Small Business Owners
Please head over to our Facebook Group for Small Business Sellers and interact with other small business owners.
Subscribe to Our Newsletter
Business Insights for Your Online Business Presented with a Dash of Humor
We do not share your information and you can unsubscribe anytime.