France Declares Google Analytics Illegal in Breach of Article 44. Find out more on our latest GDPR news. A little over a week after the Austrian Data Protection Authority ("Datenschutzbehörde" or "DSB") announced its decision on the illegality of Google Analytics in relation to Schrems II, France became the next country to follow suit.
Though not an entirely unpredictable snowballing of the initial DSB decision, the rapidity of the announcement from France’s National Commission for Informatics and Civil Liberties (CNIL) seems to indicate that this is a situation that will continue to evolve.
Other countries, including Norway, are also already inching towards the same conclusion, with the quick development of Google Analytics alternatives lists suggesting that we are on the cusp of a transformative phase within the web analytics industry.
France, the Latest to Declare Google Analytics illegal
In Breach of Article 44
The decision of the CNIL is an exact replica of that which preceded it in Austria, with the decision stemming from the invalidation of the US Privacy Shield and the flood of complaints that flowed in thereafter.
To give some context to this, Article 44 of the GDPR relates to the “transfer of personal data which are undergoing processing or are intended for processing after transfer to a third country”.
With the US lacking the high standard of data privacy laws found in Europe under GDPR, this simply means that any protected data that ends up on US servers is considered at risk. And thus, any platform that transfers data from the EU to the US is fundamentally considered non-compliant.
What Could Happen Next & What Should You Do?
Many experts are already calling this situation “the beginning of the end” for Google Analytics in Europe and there are suggestions that this may ultimately lead to a deglobalized tech industry.
As mentioned, Norway is the latest to release a similar statement on the issue and it is highly likely that many others will join in the following weeks.
Though the latest developments seem quite major, for those familiar with GDPR and the abuse of its basic principles by a number of companies, the situation has been inevitable for some time.
With the snowball now picking up pace, it would be wise for any company that falls under GDPR to assess its current tech stack, data processing practices, and privacy policies, to ensure that they too don’t get caught in the avalanche.
Read more about the CNIL decision => https://go2page.org/620a0467b8fb5