The Austrian Data Protection Authority (“Datenschutzbehörde” or “DSB” or “DPA”) has ruled that Austrian website providers using Google Analytics are in violation of the GDPR.
This ruling stems from a decision made in 2020 by the Court of Justice of the European Union (CJEU) that stated that cloud services hosted in the US are incapable of complying with the GDPR and EU privacy laws. The decision was made because of the US surveillance laws requiring US providers (like Google or Facebook) to provide personal data to US authorities.
The 2020 ruling, known as “Schrems II”, marked the ending of the Privacy Shield, a framework that allowed for EU data to be transferred to US companies that became certified.
About the Austrian DPA’s Model Case
In this specific case, noyb (the European Center for Digital Rights) found that IP addresses (which are classified as personal data by the GDPR) and other identifiers were sent to the US in cookie data as a result of the organisation using Google Analytics.
This model case led to the DPA’s decision to rule that Austrian website providers using Google Analytics are in violation of GDPR. It is believed that other EU Member States will soon follow in this decision as well.
“We expect similar decisions to now drop gradually in most EU member states. We have filed 101 complaints in almost all Member States and the authorities coordinated the response. A similar decision was also issued by the European Data Protection Supervisor last week.”
What does this mean if you are using Google Analytics?
If there is one thing to learn from this case, it is that ignoring these court rulings and continuing to use Google Analytics is not a viable option.
If you are operating a website in Austria, or your website services Austrian citizens, you should remove Google Analytics from your website immediately.
For businesses in other EU Member States, it is also highly recommended that you take action before noyb and local data protection authorities start targeting more businesses.
2020Media uses Matomo On-Premise Analytics as part of our Managed WordPress service, meaning two things:
- Setup is done automatically for you.
- Full compliance with GDPR and Data Protection Rules because your website data is held entirely within the UK.
Find out more about 2020Media’s hosting services at https://www.2020media.com/#web-plans
How to Use Web Analytics to Improve SEO – read the Matomo blog post about making the most of your web stats here.