The use of Google Analytics for the evaluation of access and user behaviour on websites continues to enjoy great popularity. But what about data protection? Can I continue to use this analysis tool without any problems?

The answer is: No!

After the ruling of the European Court of Justice in July 2020 on the invalidity of the Privacy Shield, the data protection association European Centre for Digital Rights (noyb), founded by Max Schrems, filed more than 100 complaints. The first decisions already made it clear that the use of Google Analytics in the EU is illegal.
Subsequently, the data protection authorities of Austria, France, the Netherlands and Sweden found the use of Google Analytics on websites to be unlawful against the provisions of the GDPR on third country transfers.similar decisions by the other authorities are expected to follow.

The authority sees above all a violation of the general principles of data transfer according to Art. 44 DSGVO, since Google’s analytics programme transfers personal user information to the parent company in the USA.
For a data protection-compliant use of Google Analytics, I have to take various measures and make adjustments:

• First, you must conclude a data processing contract with Google Inc.
• Adjust the Google Analytics code so that IP addresses are only collected anonymously.
• The privacy policy must be adapted: How Google Analytics affects data protection must be clearly explained.
• Include an opt-out, with which the users of your site can object to the data collection by Google Inc.

We will be happy to support you with this implementation.

NZZ, 25 May 2021 The EU law has an indirect impact on Switzerland because it applies to all companies that sell products and services to the EU. The EU has given data protection authorities a powerful tool of enforcement – in particular the possibility of fines, and at a level that hurts even the big […]