This is quite a thorn in the side for Google. The CNIL announces on February 10 to give formal notice to a website manager because he uses Google Analytics. This Google service has become essential for tracking website traffic statistics. But for the Commission, it would be in breach of articles 44 and following of the European GDPR regulation.
Complaints in the 27 member countries
It all started with complaints filed by Max Schrems’ association, NOYB (My Privacy Is None of Your Business) in the 27 member countries with the local CNIL. These authorities then analyzed the conditions under which the data was collected and transferred to Google’s servers in the United States. The conclusion is that there is a risk that the American intelligence services will access the information of French Internet users who use sites that use Google Analytics. This decision is based on the “Schrems II” judgment taken by the Court of Justice of the European Union in 2020 and which invalidated the Privacy Shield.
Also see video:
More updates to come
The site manager has one month to comply. Several solutions are possible. Either he stops using Google Analytics as is. Either a solution is found so that there is no transfer outside the European Union. In general, the CNIL recommends that audience measurement and analysis services only serve to produce anonymous statistical data allowing the exemption of consent.
The CNIL warns that it has already initiated formal notices for other site managers using Google Analytics. Additional tools would also be in the sights. According to the newspaper The worldthe Facebook Connect tool, which allows you to connect to a third-party site from your Facebook account, would be particularly concerned.