An issue has arisen recently on how legitimate Google Analytics is in the European Union, under the GDPR rules.
The Austrian Federal Data Protection Authority (DSB) has ruled against Google Analytics, following a complaint from noyb. The complaint alleges that Google Analytics violated the GDPR data protection regulations.
Who is noyb
Noyb (none of your business) is a non-profit organization based in Vienna, co-founded by lawyer and privacy activist Max Schrems. It aims to launch strategic court cases and media initiatives supporting the General Data Protection Regulation (GDPR), the proposed ePrivacy Regulation, and information privacy in general.
Noyb puts its focus on privacy issues and privacy violations in the private sector. Also, noyb is a “qualified entity” to bring consumer class actions in Belgium.
The reason behind this prohibitive decision.
It all began with noyb’s complaint to the DSB against the medical content website netdoktor.at. Like millions of others, this site uses the popular Google Analytics (GA) data collection platform.
The reason behind data collection has to do with concluding the behavior of its visitors. Therefore, the websites that use GAs can get a starting point on improving their operation and status.
Using the GA platform, the data collected by netdoktor.at is transferred via Google servers from Europe to the United States. As a result, the action of data transfer outside the European Union creates the “problem” from the beginning.