Home Music and Digital Media Techdirt. Yet Another EU Data Protection Authority Says Google Analytics Violates The Law

Yet Another EU Data Protection Authority Says Google Analytics Violates The Law

Techdirt. 2022-07-01

It’s kind of weird that in some convoluted way, the NSA may be killing Google Analytics, at least in the EU. You may recall that back in 2020, Max Schrems won his second big data privacy effort against the EU/US Privacy Shield agreement, which allowed data from people in the EU to be transferred to US companies under certain conditions. The “Privacy Shield” was a concept the EU and US cooked up after their earlier setup, the EU/US “safe harbor” framework was tossed out in an earlier case brought by Schrems. In both cases, a key underlying issue was the NSA’s ability to conduct mass surveillance on the internet. The failure to fix that between the safe harbor framework and the Privacy Shield meant that the Privacy Shield was doomed from the start.

Earlier this year, the US and EU announced a new version of the Privacy Shield though details were still lacking. Assuming the NSA isn’t giving up its powers to surveil much of the internet, it doesn’t seem likely to survive Schrems’ next attempt.

In the meantime, though, it’s causing all sorts of issues. And many of those issues are basically: Google Analytics. Most recently, Italy’s data protection authority, said that using Google Analytics violates the GDPR by sending data overseas, something that can’t be done without a new Privacy Shield (or equivalent) agreement between the US and the EU.

As TechCrunch points out, this decision is just the latest in an increasingly long line of similar rulings:

Earlier this month, France’s data protection regulator issued updated guidance warning over illegal use of Google Analytics — following a similar finding of fault with a local website’s use of the software in February.

[…]

Austria’s DPA also upheld a similar complaint over a site’s use of Google Analytics in January.

While the European Parliament found itself in hot water over the same core issue at the start of the year.

Leaving aside the ongoing irony of the EU Parliament’s own website violating the GDPR, at the heart of all this remains: the NSA basically has screwed up Google Analytics for the EU.

Now, there are all sorts of reasons to dislike Google Analytics — we ditched it ourselves — but it’s important to remember that at the core of this, is the NSA basically making things impossible for a number of American internet companies. This is one of many reasons (and certainly lower in importance than just basic civil rights and liberties) why it’s still amazing that we’ve more or less allowed the NSA to continue its surveillance efforts with only minor modifications in the decade or so since Ed Snowden leaked the details.