Google Analytics is said not adhering to the EU General Data Protection Regulation (GDPR), according to Denmark’s data protection agency (DPA) on September 21, 2022.
DPA claimed that due to the transmission of personal data to the United States, which, in light of Schrems II, does not offer a sufficient degree of data security, Google Analytics, Google’s audience measuring tool.
Through the European Data Protection Board, the EU data protection authorities are collaborating on how Google Analytics is handled.
However, similar decisions by EU data protection authorities in Austria, France, and Italy were made before the Danish DPA’s decision.
It has been reported that organizations are required to determine if their existing use of Google Analytics conforms with EU data protection law under the advice of the Danish DPA. They must stop using the tool if their use is not in compliance, take additional actions to make it compliant, or both. Along with recent advice from the French data protection authority, CNIL, the Danish DPA emphasized “reverse proxy” pseudonymization as a potential technical addition.
Meanwhile, a Google Analytics FAQ has also been published by the Danish DPA.