Sweden Issues An Order 'Stop Using Google Analytics'
Sweden’s government privacy protection agency, the IMY, has ordered four companies to stop using Google Analytics due to the transfer of personal data to the US, in violation of the EU’s data protection regulation (GDPR).
The IMY said it had examined the use of Google Analytics by the firms following a complaint by the Austrian data privacy group noyb (none of your business) which has filed dozens of complaints against Google across Europe. The four companies were fined, with telecommunications firm Tele2 receiving a penalty of SKr. 12 million ($1.2m) and online marketplace CDON fined SKr. 300,000 ($30,000)
IMY legal adviser Sandra Arvidsson, who led the investigation, said the agency has the rulings "made clear what requirements are placed on technical security measures and other measures when transferring personal data to a third country, in this case the United States.'
The IMY deemed the data sent to Google Analytics as personal data and found the technical security measures taken by the companies insufficient to meet EU standards.
At the end of May, the European Commission said it hoped to conclude by the end of the summer a new legal framework for data transfers between the EU and United States. The GDPR, in place since 2018, can lead to penalties of up 20 million euros or four percent of a company’s global revenue. This is the first financial penalty imposed on companies for using Google Analytics in violation of the GDPR.
The national retail chain Coop and the Dagens Industri newspaper were judged to have taken more stringent measures to protect the data being transferred to Google and were not fined.
In 2022 a number of European Union data privacy regulators, including the French and Italian authorities, warned against use of Google’s analytics tool after finding a number of users to be non-compliant with the Union’s rules on international data transfers.
However other regulators have not issued financial sanctions, according to noyb, which was behind the original complaints, appearing to prefer a softer approach to enforcing the GDPR on users of such a familiar tool, despite the same data transfer issue underlying them all.
IMY: noyb: Oodaloop: Security Week: VOA: The Local: Techcrunch: Ground: Image: PhotoMIX
You Might Also Read:
EU Still Blocking Social Media Users' Data Transfer:
___________________________________________________________________________________________
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible