French regulator finds Google Analytics illegal

CNIL said Google hadn't taken sufficient measures to guarantee data privacy rights under EU regulation


Reuters February 13, 2022

Google Analytics, the world's most widely used web analytics service developed by Alphabet's Google, risks giving US intelligence services access to French website users' data, France's watchdog CNIL said on Thursday.

In a decision targeting an unnamed French website manager, the data privacy regulator - one of the most vocal and influential in Europe - said the US tech giant hadn't taken sufficient measures to guarantee data privacy rights under European Union regulation when data was transferred between Europe and the United States.

"These (measures) are not sufficient to exclude the accessibility of this data to US intelligence services," the regulator said in a statement.

"There is therefore a risk for French website users who use this service and whose data is exported."

The CNIL said that the French website manager in question had one month to comply with EU regulation and that it had issued similar orders to other website operators.

Google declined to comment on the CNIL decision. The firm has previously said that Google Analytics doesn't track people across the Internet and that organisations using this tool have control over the data they collect.

The CNIL's decision follows a similar one by its Austrian counterpart, coming after complaints by Vienna-based noyb (Non Of Your Business), an advocacy group founded by Austrian lawyer and privacy activist Max Schrems who won a high profile case with Europe's top court in 2020.

The Court of Justice of the European Union at that time scrapped a transatlantic data transfer deal known as the Privacy Shield, relied on by thousands of companies for services ranging from cloud infrastructure to payroll and finance, because of similar concerns.

Several large companies, including Google and Meta's Facebook, have called for a new transatlantic data transfer pact to be swiftly agreed because of the legal risks posed to them.

"In the long run we either need proper protections in the United States, or we will end up with separate products for the US and the EU," Schrems said in reaction to CNIL's decision.

"I would personally prefer better protections in the US, but this is up to the US legislator - not to anyone in Europe."

COMMENTS (1)

Rebirth | 2 years ago | Reply There s no denying the fact that the US has no ethical data protection regulations except for California that has mimicked European regulations in this regard but it is restricted to consumers in different limited respects. US laws in this regard make it the wild Wild West when it comes to data processing. Quite sad.
Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ