French data privacy regulator says Google Analytics breaches GDPR

French info privateness regulator says Google Analytics breaches GDPR

Posted on

The French regulator said its investigation extends to totally different website devices and it’d add “corrective measures” within the occasion that they breach GDPR pointers.

A French privateness regulator has concluded proper now (10 February) that info transfers by means of Google Analytics breach GDPR pointers and has ordered a French website supervisor to stop using it beneath positive conditions.

That’s the latest in an prolonged line of challenges regarding the change of personal info from Europe to the US. Closing month, the Austrian info security authority, DSB, found that the use by an Austrian website of Google Analytics did not alter to EU info security regulation.

The French watchdog, CNIL, acquired a variety of complaints from the digital rights group NOYB regarding info transfers to the US collected all through visits to websites that use Google Analytics.

Google Analytics is a instrument designed to look at how visitors use websites. As an example, it could be used to generate tales on buyer numbers, visitors’ browser parameters and which machine they’re using. It does this by placing a cookie – a small piece of code – on the particular person’s machine, which assigns a singular identification amount.

CNIL, in cooperation with European counterparts, analyzed the conditions beneath which the knowledge collected by means of Google Analytics is transferred to the US.

In accordance with the Schrems II ruling in July 2020, transfers of personal info from the EU to the US can solely occur if there is a ample stage of security. CNIL said the EU Courtroom docket of Justice beforehand highlighted the prospect that US intelligence corporations would entry personal info transferred from the EU if these transfers weren’t appropriately regulated.

“Actually, although Google has adopted further measures to regulate info transfers throughout the context of the Google Analytics efficiency, these shouldn’t ample to exclude the accessibility of this info for US intelligence corporations,” CNIL said in a press launch.

“There could also be subsequently a menace for French website clients who use this service and whose info is exported.”

CNIL has ordered a French website supervisor to ship this processing into compliance with GDPR. The website supervisor would possibly ought to stop using Google Analytics, or use a instrument that does not include an info change outside the EU. CNIL has given the website operator one month to adapt.

Closing month, the European Parliament was reprimanded by a privateness watchdog overseeing EU institutions for violating info security pointers on its inside Covid-19 testing website. This was one in all many first selections implementing the Schrems II ruling and has presumably set a precedent for EU-US info change situations.

CNIL said 101 complaints have been filed by NOYB throughout the 27 EU states and the three totally different European Monetary Area states in the direction of 101 info controllers painstakingly transferring personal info to the US.

The French watchdog said its investigation extends to totally different devices utilized by web sites that consequence throughout the change of data from the EU to the US, together with that further corrective measures “is also adopted throughout the near future”.

Don’t miss out on the knowledge it is important to succeed. Be part of the Every day Momentary ACC Fresno’s digest of need-to-know sci-tech info.