Italian Data Protection Authority Latest to Rule Against Google Analytics

To add to its antitrust headaches, EU-wide pressure on website operators to restrain their usage of Google continues to put pressure on the company.

The Italian data protection authority, the GDPD, has ruled that the use of Google Analytics by Caffeina Media Srl is in breach of the EU’s GDPR legislation.

The issue relates to the way Google Analytics transfers browser data to the U.S. for processing. The authority makes the case that the wholesale export of data including IP address, browser information, OS, screen resolution, language selection, plus the date and time of the site visit, does not offer the necessary level GDPR mandated protection against surveillance by U.S. intelligence agencies.

In a statement, the GDPD said it “draws the attention of all Italian managers of websites, public and private, to the illegality of transfers made to the United States through GA.”

The decision follows a similar ruling by the French data protection watchdog, the CNIL, on June 8. The CNIL has issued its own updated guidance cautioning against uses of Google Analytics that would send personal data to the U.S.

Legal issues centered on Google Analytics have been brewing since a 2020 ruling by the European Court of Justice (ECJ) that invalidated the EU-US Privacy Shield. Intended as a legal framework for data-sharing between the European Union and the United States, the ECJ struck the EU-U.S. Privacy Shield down over the risk of unlawful access to Europeans’ data by U.S. intelligence agencies.

Want more news? Subscribe to CPI’s free daily newsletter for more headlines and updates on antitrust developments around the world.