In another blow to Google in Europe, the Italian data protection authority found that a local web publisher’s use of Google Analytics violated GDPR rules. As a result, after being banned in France and Austria earlier this year – the popular analytics tool has been declared illegal in Italy, as well.
After fielding some complaints and working with other EU data protection agencies, the Italian SA found that website owners using Google Analytics recorded user interactions, visited pages, and offered services via cookies. The data collected — including the IP address, browser, operating system, screen resolution, language, date, and time of page viewing — was sent to the US on a regular basis. The Italian SA determined that the processing was unconstitutional since an IP address is personal data and would not be anonymized even if abbreviated, given Google’s ability to augment such data with additional information.
Moreover, the Italian agency decided that the measures adopted by Google to supplement the data transfer did not provide an adequate level of protection for users’ personal data as per the guidance provided by the European Data Protection Board. This was pretty much the same conclusion reached by the DSB (Austrian Data Protection Authority) and the CNIL (French Data Protection Agency), which set off this chain reaction.
Google on its end is working to retire the Universal Analytics product in favor of Google Analytics 4 (GA4) next year. That will be a major improvement to Google Analytics and is said to be privacy-centric by design. We are, however, unsure whether it will be on par with EU’s standards, though we’re sure Google won’t cut corners on lobbying in Brussels just to make sure its product complies with EU’s rules. So it could continue serving us those nasty personalized ads. At least to some of us who still don’t use a VPN. Which doesn’t include truly yours. 😉