In a huge development for the tech industry, the use of Google Analytics on Austrian websites is now illegal.
Now deemed to be in violation of GDPR, Google Analytics will no longer be usable in Austria, and it looks likely other EU nation states will follow suit.
Let’s unpack why this happened, and what this means if you’re a business who tracks their website visitors…
Why did this happen?
This definitive ruling stems from a 2020 decision by the Austrian Data Protection Authority which stated that cloud services which are hosted in the US (like Google Analytics) are fundamentally in violation of GDPR.
Why? Because US law dictates that US authorities have the right to access the personal data stored by these services.
Fast forward to now, and the European Center for Digital Rights (noyb) found that Google Analytics has sent IP Addresses (which are classed as personal data in GDPR) to the US. This provides a model case, and thus the basis for the Austrian Data Protection Authority to rule that all websites using Google Analytics are in violation of GDPR.
What does the future look like for Google Analytics?
With this precedent in place, it’s likely that other EU nations will similarly outlaw use of Google Analytics.
Reacting to the decision, noyb notes that “similar decisions are expected in other EU member states, as regulators have cooperated on these cases in an EDPB ‘task force’”.
Put simply, these developments are evidence of a shift in attitudes towards data privacy. Increasingly, informed consumers are objecting to the notion of being tracked and followed around the internet, and having that data used in ways they have not explicitly consented to.
Is this the end for website visitor tracking?
It’s possible to obtain useful insight about your website visitors while respecting their privacy and remaining firmly within the boundaries of GDPR.
Let’s look at the main factor in all of this: when you use Google Analytics, Google owns the data you collect.
It means that you - as a business - have no control over how Google decides to handle that data… even if they decide to hand that personal data over to US authorities.
Here at CANDDi, we do things very differently. When we provide you data about who is visiting your website and what they’re doing, you - and you alone - own that data.
What’s more, we do not track visitors across multiple websites, which is another big issue in how Google tracks individuals. CANDDi is only interested in your prospects’ activity on a single website: your own.
So, if you are interested in website visitor tracking that will never fall foul of the ever-changing landscape of GDPR, please get in touch! We’d love to chat with you either via our live chat, or on email at email@example.com.