InfoSec: Regulator alerts consumers to Google Analytics data privacy risks

*French data privacy watchdog CNIL claims the US Google Analytics, the world’s most widely used Web analytics service, has failed to take adequate measures to guarantee data privacy rights under the European Union regulation

Isola Moses | ConsumerConnect

Alleging the global tech giant has not taken sufficient measures to guarantee consumers’ data privacy rights, Google Analytics, the world’s most widely used Web analytics service developed by Alphabet’s Google, risks giving the United States (US) intelligence services access to French Web site users’ data.

ConsumerConnect learnt France’s watchdog CNIL disclosed this development Thursday, February 10, 2022.

The country’s data privacy regulator, regarded as one of the most vocal and influential in Europe, in a decision targeting an unnamed French Web site manager, said the US Bug Tech failed to take adequate measures to guarantee data privacy rights under European Union regulation when data was transferred between Europe and the United States.

The information security regulator in a statement said: “These (measures) are not sufficient to exclude the accessibility of this data to US intelligence services.

“There is therefore a risk for French website users who use this service and whose data is exported.”

According to CNIL, the French Web site manager in question had a month to comply with the EU regulation, and that it had issued similar orders to other Web site operators.

However, Google reportedly declined to comment on the CNIL decision in this regard. The tech giant previously, had said that Google Analytics does not track people across the Internet, and that organisations using this tool have control over the data they collect.

The CNIL’s decision is an adjunct to a similar one by its Austrian counterpart, coming after complaints by Vienna-based noyb (Non Of Your Business), an advocacy group founded by Austrian lawyer and privacy activist Max Schrems who won a high profile case with Europe’s top court in 2020, Reuters report said.

The Court of Justice of the European Union at the time scrapped a transatlantic data transfer deal known as the Privacy Shield, relied on by thousands of companies for services ranging from cloud infrastructure to payroll and finance, because of similar concerns.

Meanwhile, several large companies, including Google and Meta’s Facebook, are said to have called for a new transatlantic data transfer pact to be swiftly agreed because of the legal risks posed to them.

In direct response to CNIL’s decision, Schrems said: “In the long run we either need proper protections in the United States, or we will end up with separate products for the US and the EU.

“I would personally prefer better protections in the US, but this is up to the US legislator – not to anyone in Europe.”

Kindly Share This Story