The Swedish Privacy Authority (IMY) has warned businesses not to use Google Analytics due to surveillance risks posed by the US government.
The warning it comes amid growing concerns about the legality of transferring data from Europeans to the US under laws such as the General Data Protection Regulation (GDPR).
GDPR and data transfer concerns
The GDPR requires strict privacy and consent protections for handling people’s personal information.
Google Analytics has been found to violate this by transferring data from websites and mobile apps to the US, where privacy laws are weaker and intelligence agencies can access the information.
In 2020 Schrems II The ruling by Europe’s top court invalidated the Privacy Shield data transfer pact and put those transfers under scrutiny.
IMY research puts the spotlight on Google Analytics
The IMY investigated four Swedish companies (CDON, Coop, Dagens Industri and Tele2) following a complaint from the privacy group NOYB that they were using Analytics illegally.
The IMY’s audits revealed breaches of the GDPR’s data transfer and consent requirements. The agency fined CDON $30,000 and Tele2 $1.1 million and ordered all but Dagens Industri to stop using Analytics.
Experts say the penalties, while small, set an important precedent.
Tele2 and CDON plan to appeal, arguing the fines are disproportionate, but said they would comply with the orders.
The EU and the US are struggling to forge a new data transfer agreement
EU and US policymakers are negotiating a new data transfer pact to replace the Privacy Shield. But critics argue it won’t prevent the United States from spying or empower Europeans in American courts.
IMY’s decision follows similar scrutiny of the data practices of Meta, which recently drew a $1,300 million EU fine.
Regulators around the world are stepping up enforcement of laws such as GDPR, China’s Personal Data Protection Law and Brazil’s Data Protection Law. While some seek to check the power of big tech, the rules often differ, creating obstacles for global companies.
These decisions affect these four companies and have implications for all GDPR-compliant organizations.
For Google and others, this may require changes to advertising and analytics models that have long relied on the free flow of personal data around the world.
As data privacy goes global, that era could be coming to an end.
Answer from Google
In a statement to TechCrunch Regarding IMY’s decisions, Google emphasizes that Google Analytics does not identify or track specific people on the web.
The company says that website publishers are responsible for ethical data compliance and use. Google does its part by providing safeguards, controls and resources.
Google says:
“People want the websites they visit to be well-designed, easy to use, and respectful of their privacy. Google Analytics helps publishers understand how their sites and apps work for their visitors, but without identifying people or making -tracking it on the web. These organizations, not Google, control what data is collected by these tools and how it is used.”
Featured Image: sdx15/Shutterstock
[ad_2]
Source link
