Is Google Analytics illegal in the EU?

min read

A New GDPR ruling in Europe has called the analytics platform into question

Download guide to GDPR
is-google-analytics-illegal-in-the-eu

Google Analytics is one of the best tools to gain detailed information on your customers and prospects so you can sell your products more effectively. Without it, it can be difficult to get the insights and data you need to engage with your prospects and grow your business.

However, a recent court ruling in Austria has called the use of Google Analytics into question, potentially making it illegal in the near future. This is bad news for all of us engaged with digital marketing. Like millions of others, I’m sure you’re currently feeling unsure what to do now, concerned about a new potential risk, or confused about what the heck just happened, but I hope that in the next few paragraphs I can give you a better understanding of what has happened and the potential implications. 

*Disclaimer: The information presented in this article by no means is meant to represent legal advice. Its purpose is to inform interested parties into our perspective of the ruling and possible implications based on our knowledge and experience.

What happened?

On December 22, 2021, Austrian data regulator “Datenschutzbehörde” was evaluating the privacy measures of NetDoktor, a medical news company. NetDoktor, like many websites, uses Google Analytics to track the pages visitors read, how long they spend on the website and other information about their device.

After evaluating the evidence and hearing arguments from both Google and NetDoktor, the Datenschutzbehörde ruled that the usage of Google Analytics breaches the European Union’s General Data Protection Regulation (GDPR). In the ruling, the regulator determined that IP address data should be treated as personal data given its potential to be combined — like a “puzzle piece” — with other digital data to identify a visitor.

Additionally, the court found that data had been exported to the USA due to the way that Google Analytics is implemented. This was, again, in direct violation of Chapter V of the EU’s General Data Protection Regulation (GDPR), which deals with data transfers out of the bloc.

The EU has argued in the past that US laws do not protect the privacy of people living outside of the US as well as they do for US citizens, and therefore disallows general transfer of that information without prior consent. Under current US surveillance laws such as Section 702 of the Foreign Intelligence Surveillance Act and Executive Order 12333, it’s possible for US surveillance agencies to collect huge amounts of data from European citizens. To make matters worse, Google stored data in plain text, proving to be an inadequate level of protection for personal data.  As Matthias Schmidl, the deputy head of the Austrian data regulator, stated, “Website operators cannot use Google Analytics and be in line with GDPR.”

What could it mean for you?

The recent challenges faced by Google Analytics have the potential to cause a ripple effect throughout the digital marketing industry. Should other European countries follow Austria’s example, it could mean that Google Analytics and other platforms like it will become illegal in Europe.

The scenario isn’t unrealistic. Regulators in 30 European countries are currently investigating other cases, which cover both the use of Google Analytics as well as Facebook Connect, the social media company’s tool to link your account to other sites. Country-specific websites belonging to Airbnb, Sky, Ikea, and The Huffington Post are also subject to complaints.

As a digital marketer operating within or outside of Europe, you may find yourself unable to market your business in Europe with the assistance of adtech companies such as Google or Facebook.

Of course, adtech firms like Google could take steps towards adhering to the GDPR, such as ensuring that data is hosted in and never leaves Europe, but this functionality does not currently exist.

Should the ruling remain in place and adtech firms not change their data processing approach, you could expect:

  • Limited to no use of US-based platforms like Google Analytics for European prospects.
  • Any services that could send private data into the US may be deemed illegal.
  • You will be limited to using companies that host and process data within Europe.

What should you do?

While it’s true that Austria is just one country and other European countries may view the situation differently, it doesn’t mean you should fail to anticipate the potential changes you can make right now to your digital marketing approach.

If you market in Europe or process European private data, you should begin to assess how you process that data and if any of it leaves Europe. Platforms like Google Analytics or even certain plugins on your website that send data back to the US should be reassessed.

It may still be too early to replace those tools as of yet. The benefits of using data analytics tools like Google is undeniable, so remaining flexible in the face of future decisions will be critical moving forward.

Having said that, here are a few things you should be doing during this time:

  • Stay up-to-date with any upcoming regional court rulings.
  • Stay current on developments such as Google Analytics 4 that automatically anonymises IP addresses.
  • Look for opportunities to host data yourself or directly in Europe.
  • Evaluate alternatives to US-based adtech.

Moving forward

It seems that the most prudent way forward is a "wait and see” approach. Should other cases throughout Europe prove to follow Austria’s lead, we could see Google Analytics lose favour within European marketing departments. However, due to the reliance on the platform and its undeniable effectiveness, you shouldn’t be too hasty with abandoning the tool completely.

Of course, hopefully we will see Google itself could make changes to how they process data to adhere to the GDPR. They already host data for Google Workspace customers within Europe, so they have various alternative methods already available to them in order to stay compliant and within regulation.

If you feel that your website could be at risk of violating GDPR or you just want it to be performing better, consider taking our website audit.

At Demodia, we believe your website should play a strategic role in your sales and marketing process, but we also know how difficult the creation of a quality, reliable site that is designed to generate leads can be. This is why we have spent the last 12 years designing, developing, and maintaining high-performing websites for dozens of B2B clients in Europe and worldwide - and we can do it for you too.

Here’s how:

  1. Take our website audit - During this free audit, we will review your online business goals and determine the effectiveness of your current website.
  2. Build your website - We provide you with the processes, design, messaging, and resources to build a high-performing website.
  3. Watch performance improve - Watch as your search rankings, volume of traffic and number of online leads increase.
Book an audit
Key Takeaways From the Latest Company Acquisitions
branding

Key takeaways from the latest company acquisitions

As we recently predicted, 2014 will be a big year for acquisitions and mergers. Just three months into the new year and some of the biggest...

the-top-3-social-media-management-platforms
branding

The Top 4 Social Media Management Platforms

Does social media sound like a scary prospect for you? You may not understand how to get started, or have already started and are seeing no growth. ...

essential-analytics-and-metrics-to-track-your-email-and-website-performance
branding

Essential analytics and metrics to track your email and website performance

Before we jump into specific metrics, let's take a moment to understand the importance of analytics. Imagine driving a car without a dashboard – you...