Penalty for using Google Analytics
Penalty for using Google Analytics
The tool “Google Analytics“owned by the colossus Google, provides valuable information to companies that use it, offering a report on how customers use different devices and platforms (e.g. website) of a company, making your marketing strategy more effective.
This report analyzes the behavior of the visits (users) who are usually mainly customers or potential customers, offering demographic data (e.g. age range, gender, country of the IPD), traffic statistics (e.g. number of visits, time spent on the website), types of devices used (e.g. PC, smartphone), etc.
All of this allows companies that use this Google tool to obtain relevant information for making decisions that will improve their digital marketing strategy.
Risks of using Google Analytics
But be aware of the risks that can arise when using Google Analytics.
The latest example is the 1 million euro penalty imposed by the Swedish data protection authority (IMY) on four companies for using Google Analytics (version 14 August 2020), as it was proven that personal data was transferred to the United States.
In this regard, it should be recalled that the Court of Justice of the European Union (CJEU) through the judgment of July 16, 2020(Schrems II judgment), annulled Commission Decision 2016/1250 declaring the adequate level of protection of the PrivacyShield scheme(Privacy Shield) for international data transfers to the United States.
It is true that this judgment accepted the transfer of data to the United States by means of the standard contractual clauses adopted by the European Commission, as long as they meet the level of protection established at European level.
In the Swedish case, the data protection authority audited four companies (CDON, Coop, Dagens Industri and Tele2) following complaints filed by None of Your Business (NOYB) in light of the Schrems II ruling, concluding that the data transferred to the US through Google Analytics is personal data as it can be linked to other unique data being transferred, making individuals identifiable. Thus, the complementary measures implemented by these companies were not sufficient to adopt a similar level of protection to the European one, so they were ordered to stop using the Google tool and were penalized for this practice.
Other cases against Google Analytics
Other countries where data protection authorities have analyzed this same case of the use of Google Analytics have been France and Austria, where they reached the same conclusion, imposing fines on the companies that used them.
In the Spanish case, the AEPD received a complaint in August 2020 against the Real Academia Española de la Lengua (RAE) and Google LLC for the use of Google Analytics, where it was found that after the Schrems II ruling, the RAE stopped using Google analytics, so the proceedings were archived(File No.: E/10529/2021).
Recommendations
Verify that the version used complies with the General Data Protection Regulation(RGPD) and the Organic Law on Data Protection(LOPD-GDD).
Ask the people who manage your SEO to ensure that your company does not install Google Analytics cookies, with unverified versions in compliance with data protection regulations.