Austrian website providers that use Google Analytics are in violation of the GDPR, according to the Austrian Data Protection Authority.

 

This judgment follows a finding by the Court of Justice of the European Union (CJEU) in 2020, which ruled that cloud services located in the United States are unable to comply with the GDPR and EU privacy rules. Because of US surveillance regulations, which require US providers (such as Google or Facebook) to hand over personal data to US authorities, the decision was taken.

 

The Privacy Shield, which permitted EU data to be shared with US corporations who got certified, came to an end in 2020 with the “Schrems II” judgement.

 

Following this judgment, the tech sector was thrown into a panic, although many US and EU corporations chose to disregard the situation. The decision to reject the DPA’s warnings placed one Austrian company in hot water, hurting the brand’s reputation and potentially leading to a heavy punishment of up to €20 million, or 4% of the company’s global revenue.

 

The Model Case of the Austrian DPA

 

As a result of the organization’s use of Google Analytics, noyb (the European Center for Digital Rights) discovered that IP addresses (which are considered as personal data under the GDPR) and other information were transmitted to the US in cookie data. As a result of this model case, the DPA decided that Austrian website providers that use Google Analytics are in violation of GDPR. It is expected that additional EU member states would follow suit in the near future.

 

“We expect similar decisions to now drop gradually in most EU member states. We have filed 101 complaints in almost all Member States and the authorities coordinated the response. A similar decision was also issued by the European Data Protection Supervisor last week.” – Max Schrems, honorary chair of noyb.eu

 

If there’s one thing we can take away from this case, it’s that defying court orders and continuing to utilise Google Analytics isn’t an option. If you operate a website in Austria or provide services to Austrian people, you should immediately delete Google Analytics from your site. It is also highly suggested that firms in the other EU Member States take action before noyb and local data protection agencies begin targeting additional enterprises.

 

However, removing Google Analytics from your site does not imply that you must abandon website analytics entirely. Today, there are several Google Analytics alternatives to choose from which we use extensively at Heaventree.