The CNIL announces formal notice to French sites that use Google Analytics, without naming them. According to her, the transfer of data to Google’s servers is not sufficiently regulated, and violates the GDPR.
You will also be interested
[EN VIDÉO] The Incredible Journey of Global Internet Traffic When we connect to the Internet, our data travels a very long way. An email thus travels an average of 15,000 km to reach its destination!
European website owners have something to worry about. Google Analytics is now in sight of the CNIL (Commission Nationale de l’Informatique et des Libertés) and its European counterparts, who deemed the use of the service illegal following complaints filed by the NOYB association (My Privacy is None of Your Business). In total, the association filed 101 complaints in the 27 EU member states and three other states in the European Economic Area (EEA).
Google Analytics has become an almost essential tool for managing a website. It collects data on visitors in order to assess attendance. However, these are personal dataand they are transferred to the servers of google in the USA. This has become a problem since the Schrems II judgment of the Court of Justice of the European Union (CJEU) of July 16, 2020. This invalidated the Privacy Shieldthe agreement that authorized the transfer of data between Europe and the United States.
American interference thanks to the Cloud Act
The CNIL is concerned about the interference of American intelligence services, in particular because of the Cloud Act. This allows US authorities to access data hosted by US companies, regardless of which country the servers are located in. As it stands, the use of Google Analytics by a European site contravenes articles 44 and following of the General Data Protection Regulation (GDPR).
In its press release published on its site, the CNIL announces that it has given formal notice to the manager of a French site. It has also launched proceedings against other site managers and is investigating other tools. Find a good alternative that does not violate the GDPR could be complicated though…
Interested in what you just read?