Sign inFree trial
Fathom Analytics blog / Privacy-news

CNIL finds Google Analytics in breach of GDPR

The ruling states that Google Analytics does not protect EU visitor data sufficiently from US surveillance and spying.

Similar to the Austrian DPA findings last month, the French data protection watchdog, CNIL, has found that Google Analytics is now illegal. The ruling states that Google Analytics does not protect EU visitor data sufficiently from US surveillance and spying.

Basically: this new ruling has found that moving data from the EU to the US is unsafe, not “sufficiently regulated,” nor does it offer sufficient protection for EU citizens and their data.

“The US fails this critical equivalence test on account of having sweeping surveillance laws which do not provide non-U.S. citizens with any way to know whether their data is being acquired, how it’s being used or to seek redress for any misuse.” (Source: TechCrunch)

Google declined to comment on this decision and has so far declined to update their software to be GDPR compliant.

The CNIL suggests using an alternative analytics tool that does not involve a transfer outside the EU to ensure GDPR compliance.

Fathom Analytics falls under a “GDPR compliant alternative analytics tool” because we launched EU Isolation last year. Meaning: all EU visitor data we process is done on EU servers owned by an EU company. And, since Fathom Analytics is a Canadian company, we have an adequacy ruling under the GDPR. This means we can work with EU companies and not transfer any personal data (IP) to US-controlled servers.

With 101 complaints filed in the EU in the wake of the Schrems II decision, it’s just a matter of time before more EU DPAs rule similarly against Google Analytics and potentially ban the use of Google Analytics in general.

This also means other companies who use software that runs on US-controlled servers to process data could likely be subject to similar rulings in the future.

Google Analytics is used by about 85% of the internet because people thought it was “free software.” The true cost of paying for software with data is now becoming apparent, and using free software and risking fines or complaints may not be worth the risk moving forward.

You might also enjoy:

Paul Jarvis is a writer/designer and the co-founder of Fathom Analytics. He’s also the author of Company of One and the co-host of the Above Board podcast.

Posted in privacy-news

Get more articles like this each month(ish)

Sign up to be the first to know when new articles like this are published.