Google Analytics Illegal in Austria for all websites in 2023

Breaking news:

The Austrian Data Protection Authority (“Datenschutzbehörde”, “DSB” or “DPA”) has ruled that all Austrian sites and companies using Google Analytics remain in offence of the GDPR. Google Analytics Now Illegal in Austria; the Other EU Member States Expected to Follow.

The “Google Analytics Illegal” ruling originates from a choice made in 2020 by the Court of Justice of the European Union (CJEU) that specified that cloud services hosted in the United States are incapable of complying with the GDPR and EU privacy laws. The choice was made because of the United States monitoring laws needing US suppliers (like Google or Facebook) to supply personal information to US authorities.

The 2020 ruling, known as “Schrems II”, marked the ending of the Personal privacy Shield, a framework that allowed for EU data to be moved to United States companies that became certified.

The tech industry was sent into a craze following this choice, however, many US and EU businesses decided to ignore the case. The option to disregard is what landed one Austrian business in the DPA’s line of fire, harming the brand name’s credibility and perhaps leading to a substantial fine of approximately EUR20 million or 4% of the organisation’s international turnover.

About the Austrian DPA’s Design Case
In this specific case, NOYB (the European Center for Digital Rights) found that IP addresses (which are classified as individual data by the GDPR) and other identifiers were sent to the US in cookie data as a result of the organisation utilising Google Analytics.

This design case caused the DPA’s decision to rule that Austrian site service providers using Google Analytics violate GDPR. It is thought that the other EU Member States will soon follow in this choice too.

“We anticipate similar choices to now drop slowly in a lot of EU member states. We have submitted 101 complaints in almost all Member States and the authorities collaborated the response. A similar choice was also provided by the European Data Protection Manager recently.” – Max Schrems, honorary chairman of noyb.eu

What does this mean if you are using Google Analytics?
If there is something to gain from this case, it is that ignoring these court rulings and continuing to utilise Google Analytics is not a feasible alternative.

If you are running a website in Austria, or your site services Austrian people, you ought to eliminate Google Analytics from your website immediately.

For companies in the other EU Member States, it is also highly recommended that you do something about it before NOYB and regional information security authorities begin targeting more organisations.

“Instead of adapting services to be GDPR certified, US businesses have tried to simply include some text to their privacy policies and ignore the Court of Justice. Numerous EU companies have followed the lead instead of changing to legal options.”

Eliminating Google Analytics from your website does not mean that you require to give up website analytics entirely, however. There are a variety of Google Analytics alternatives readily available today. Matomo in particular is an effective open-source web analytics platform that provides you 100% information ownership and GDPR compliance.

MANAGED GDPR for your WP/Woo: Google Analytics Illegal Related Posts