Search
Close this search box.

Italian Supervisory Authority denies use of Google Analytics

The Italian supervisory authority has reprimanded the use of Google Analytics as it violates the GDPR because it transfers data to the USA, even when anonymized, as explained below:

The Italian SA came to this conclusion after a complex fact-finding exercise it had started in close coordination with other EU data protection authorities following complaints it had received. The Italian SA found that the website operators using GA collected, via cookies, information on user interactions with the respective websites, visited pages and services on offer. The multifarious set of data collected in this connection included the user device IP address along with information on the browser, operating system, screen resolution, selected language, date and time of page viewing. This information was found to be transferred to the USA. In determining that the processing was unlawful, the Italian SA reiterated that an IP address is personal data and would not be anonymized even if it were truncated – given Google’s capabilities to enrich such data through additional information it holds. Source: garanteprivacy.it

the Italian SA reiterated that an IP address is personal data and would not be anonymized even if it were truncated – given Google’s capabilities to enrich such data through additional information it holds.

Google Analytics response

Italy thereby follows suit with the strict stance of Germany & France and others. The Italian authority has stated to all websites using Google Analytics or similar services to revisit the use of tracking services or find a suitable alternative. It has given a 90-day (September 2022) deadline when it will revisit ad-hoc inspections on these matters.

Recent proposals from Google to circumvent this issue, even as recent as June 2022 negotiations, have not been fruitful and Google’s proposals of anonymization and encryption do not solve the issue of the transfer and entry of data in the United States. A country which the GDPR does not consider with appropriate data protection.

How Complianz can help?

Besides any legal updates when necessary, and preventive communication for all our users. The denial of the use of Google Analytics in its current approach is why we started Burst Statistics, a locally hosted, privacy-friendly statistics tool for the most important metrics for your website.

Join 1M+ users and install The Privacy Suite for WordPress locally, automated or fully customized, and access our awesome support if you need any help!

Complianz has received its Google CMP Certification to conform to requirements for publishers using Google advertising products.