Some time ago, I wrote a short post about my feelings towards web analytics which were sparked due to a spike in visitors on my site (mainly coming from Hacker News). Due to that surge, I decided to part ways completely from any sort of tracking since, for me, it was mainly an unnecessary dopamine fix rather than anything useful.
Today I stumbled upon big news on the front of the legitimacy of web analytics from the point of view of privacy. Turns out, as most suspected, it’s not so good, at least according to Austria’s data protection authority.
Basically, this case dates back to the invalidation of Privacy Shield data sharing system between the EU and the US because of overreaching US surveillance. Turns out that many companies in the US have largely ignored this invalidation happened in 2020, and despite this, they have still continued to transfer data from the EU to the US. The Austrian DPA held that the use of Google Analytics by an Austrian website provider led to transfers of personal data to Google LLC in the US in violation of Chapter V. of the GDPR.
Future of Google Analytics in EU
In the long run, there will be two options: Either the US changes its surveillance laws to strengthen their tech businesses, or US providers will have to host the data of European users in Europe. This kind of transcontinental transfer is currently (as of the time of writing this) only illegal Austria, but Dutch’s DPA (data protection authority) has stated that Google Analytics “may soon no longer be allowed”.
In any case, this is a great thing for privacy in the EU, and hopefully, many more countries will join Austria in this effort. You can follow what countries have started to follow this at Is Google Analytics ILLEGAL in your country?