The National Commission for Informatics and Civil Liberties (CNIL) in France believes that the world’s most popular web analytics service, Google Analytics, poses a threat to the privacy of user data. According to the regulator, the IT company does not ensure the appropriate level of confidentiality of European users’ data, in violation of the General Data Protection Regulation (GDPR) applicable in the region.
The regulator notes that the American company does not take sufficient measures to protect the received user data that is transferred from Europe to the United States. According to the GDPR, the company must exclude access to this information by third parties, including secret services. “The existing measures are not sufficient to prevent access to the data of the US secret services. There is therefore a risk for users of French websites using this service and whose data is exported.”the regulator said in a statement.
The heart of the French regulator’s claims boils down to the fact that there are no user privacy laws in the United States that would be equivalent to the GDPR regulation. For this reason, nothing prevents Google from sending Europeans’ data to law enforcement and intelligence agencies. Google has repeatedly stated that its proprietary web analytics service is not used to spy on users and that the data collected is controlled by the platform’s customers.
Along with the CNIL statement, it was announced that the website operator (which website is not specified) has received an order from the regulator to stop using Google Analytics. This is the second such decision by the European regulators. In January of this year, a similar ban on the use of the Google Analytics service was issued by the Austrian regulatory authority.