Last Updated on 14/02/2022 by Nidhi Khandelwal
The usage of Google Analytics in France was determined to be a violation of the European Union’s General Data Protection Regulation (GDPR) legislation, over a month after a similar judgment was made in Austria.
To that end, the National Commission on Informatics and Liberty (CNIL) ruled that the transatlantic movement of Google Analytics data to the United States is not “sufficiently regulated,” citing a violation of the data protection decree’s Articles 44 et seq., which govern the transfer of personal data to third countries or international entities.
“[A]lthough Google has adopted extra mechanisms to restrict data transfers in the context of the Google Analytics capability,” the CNIL said, “they are insufficient to prevent this data from being accessible to US intelligence services.” “Users of French websites who use this service and whose data is exported are thus at risk.”
The CNIL suggested that one of the offending websites comply with the GDPR by ceasing to use the Google Analytics capability or using an alternative website traffic monitoring tool that does not involve a transfer outside the EU, and gave it a one-month deadline to do so.
The development comes as Meta Platforms, the owner of social media networks like Facebook, Instagram, and WhatsApp, has issued new warnings that regulations governing how E.U. residents’ user data being moved to the US could force the company to withdraw its services from the region.
The decision comes less than two weeks after a regional court in Munich ruled that embedding Google Fonts on a website and sending users’ IP addresses to Google via the library without their knowledge violated GDPR legislation, ordering the website operator to pay €100 in penalties.