It's a crime to use Google Analytics, watchdog tells Italian website
Because data flows into the United States, not because of that user interface
Updated Another kicking has been leveled at American tech giants by EU regulators as Italy's data protection authority ruled against transfers of data to the US using Google Analytics.
The ruling by the Garante was made yesterday as regulators took a close look at a website operator who was using Google Analytics. The regulators found that the site collected all manner of information.
So far, so normal. Google Analytics is commonly used by websites to analyze traffic. Others exist, but Google's is very much the big beast. It also performs its analysis in the USA, which is what EU regulators have taken exception to. The place is, after all, "a country without an adequate level of data protection," according to the regulator.
Italy is only the latest country to aim a boot at Google's rump. Earlier this year, the Austrian watchdog ruled that GDPR had been breached by a German's company using Google Analytics. France weighed in shortly after and now Italy has had its say. It's almost as if sending the data of EU citizens out for processing in the US, where intelligence services can get their hands on it, is a bad thing.
Other US tech giants will be keeping a watchful eye on Google's travails, since it is hardly the only company to transfer data for processing. For its part, Microsoft has promised to process all EU data within EU borders as part of its EU Data Boundary initiative.
- Ireland: Meta fined $18.6m for breaking EU's GDPR
- EU, US close to replacing defunct Privacy Shield II
- France says Google Analytics breaches GDPR when it sends data to US
- Tougher rules on targeted ads, deepfakes, crafty web design, and more? Euro lawmakers give a thumbs up
The Italian authority took the opportunity to issue a stern warning to Italian websites (both public and private) regarding what it said was the "illegality" of data transfers made to the US through the use of Google Analytics. It also noted that "the measures that integrate the transfer tools adopted by Google do not currently guarantee an adequate level of protection of users' personal data."
A 90-day deadline has been set to bring transfers into compliance with GDPR and the Italian authority plans ad-hoc inspections to verify things are to its liking. This means pretty much halting the use of Google Analytics .
For its part, Google claims that Analytics is merely a service to help understand how visitors use a site rather than as a means to track individuals. The company has published a lengthy article on privacy controls in the tool.
However, European regulators seem unimpressed, and Italy's is the latest voice to join the chorus of disapproval regarding the transferring of data to places lacking the same privacy regulations.
The Register asked Google for its take on the comments and will update should the search giant respond. ®
Updated to add on 27 June:
A Google spokesperson told The Reg: "People want the websites they visit to be well designed, easy to use, and respectful of their privacy. Google Analytics helps publishers understand how well their sites and apps are working for their visitors – but not by identifying individuals or tracking them across the web. These organizations, not Google, control what data is collected with these tools, and how it is used. Google helps by providing a range of safeguards, controls and resources for compliance."