Google Analytics – can I still use it?

The use of Google Analytics for the evaluation of access and user behaviour on websites continues to enjoy great popularity. But what about data protection? Can I continue to use this analysis tool without any problems?

The answer is: No!

After the ruling of the European Court of Justice in July 2020 on the invalidity of the Privacy Shield, the data protection association European Centre for Digital Rights (noyb), founded by Max Schrems, filed more than 100 complaints. The first decisions already made it clear that the use of Google Analytics in the EU is illegal.
Subsequently, the data protection authorities of Austria, France, the Netherlands and Sweden found the use of Google Analytics on websites to be unlawful against the provisions of the GDPR on third country transfers.similar decisions by the other authorities are expected to follow.

The authority sees above all a violation of the general principles of data transfer according to Art. 44 DSGVO, since Google’s analytics programme transfers personal user information to the parent company in the USA.
For a data protection-compliant use of Google Analytics, I have to take various measures and make adjustments:

  • First, you must conclude a data processing contract with Google Inc.
  • Adjust the Google Analytics code so that IP addresses are only collected anonymously.
  • The privacy policy must be adapted: How Google Analytics affects data protection must be clearly explained.
  • Include an opt-out, with which the users of your site can object to the data collection by Google Inc.

We will be happy to support you with this implementation.

The use of personal data in test and development systems is not permitted.

Quite pragmatically, software developments in companies are often tested with a copy from the productive system.
However, this violates the Data Protection Act and the use of data for testing purposes is not permitted.

By using synthesized or anonymized data in conjunction with comprehensive technical and organizational measures, the DSG requirements can be implemented.
However, these protective measures often do not exist in test systems.

What data is used for testing in your company?

Reconcile data protection and systematic testing.

Revision of the Data Protection Ordinance: Federal Council opens consultation procedure

In the 2020 autumn session, parliament passed the new Data Protection Act (DPA). In order for this to enter into force, the corresponding implementing provisions in the Ordinance to the Federal Act on Data Protection (FADP) must be adapted. At its meeting on 23 June 2021, the Federal Council opened the consultation process. This will last until 14 October 2021.
Source: Federal press release

Proceedings opened against the operator of the platform for a digital vaccination register

Three Years of the EU Data Protection Regulation: “As an entrepreneur, it feels like you always have one foot in prison”.

NZZ, 25 May 2021 The EU law has an indirect impact on Switzerland because it applies to all companies that sell products and services to the EU. The EU has given data protection authorities a powerful tool of enforcement – in particular the possibility of fines, and at a level that hurts even the big […]

The end of the framework agreement with the EU: What does this mean for data protection?

Switzerland has revised its new data protection law and brought it into line with the European data protection law (EU-DSGVO). The EU would now have to recognise the level of data protection here as equivalent, which is actually already overdue.

After the Federal Council broke off negotiations for a new framework agreement with the EU last Wednesday, the question now arises as to the impact on Swiss data protection. Swiss companies now fear that the EU will refuse recognition. This could, on the one hand, prohibit the processing of customer-related data from the EU and, on the other hand, impose new hurdles.