After analyzing the data management settings and conditions under which Google Analytics is provided, the Danish Data Protection Agency (Datatilsynet) has ruled that this web analytics tool contravenes GDPR regulations on personal data management.
The Copenhagen regulator ruled on Wednesday, 21 September 2022 that the usage of this well-known tool is unlawful because of Google’s practice of transferring user data outside of the EU without the safeguards demanded by its tentpole online privacy and protection law.
Commenting on the ruling, Makar Juhl Holst, Senior Legal Advisor for the Danish Data Protection Agency, said - “The GDPR is made to protect the privacy of European citizens. This means, among other things, that you should be able to visit a website without your data ending up in the wrong hands. We have carefully reviewed the possible settings of Google Analytics and have come to the conclusion that you cannot use the tool in its current form without implementing supplementary measures."
Read more information about this decision on Datatilsynet.
This Danish ruling follows a string of similar DPA decisions in recent years as EU countries have continued to enforce the Schrems II decision by the European Commission back in July 2020. Denmark has joined Austria, France, and Italy as the fourth EU state to forbid the usage of Google Analytics, with more countries expected to follow their lead in the near future.
Danish Google Analytics Users at Risk
Website owners in Denmark that continue to use Google Analytics open themselves up to prosecution by Datatilsynet and private action.
This can be mitigated by reassessing data management policies and processes to ensure that they meet GDPR requirements on the collection, analysis, and retention of the personal data of any EU citizens on their database.
Alternatively, Visitor Analytics provides businesses with a privacy-perfect website intelligence solution, which ensures that data management meets the GDPR standard.