In this guest post, Hoang Nguyen (main photo), chief data and technology officer at Howatson+Company, argues the EU outlawing Google Analytics is set to have reverberations around the globe…
The Europeans are strictly enforcing non-compliance to the GDPR, and American big tech is not immune. If you follow tech blogs, your feed would have been full Thursday last week as Google Analytics was declared illegal in Austria. But there’s more to the story than the headline suggests, and more Australian companies need to be doing to prepare for a digital world that is becoming more private as each year passes.
What you need to know
- US and European privacy legislation is increasingly in conflict with each other.
- America’s Cloud Act requires all US companies to store data in the US and must provide access to that data to US intelligence services.
- The GDPR protects Europeans against how their personal information is collected and stored and expressly prevents European citizens from being surveilled by any foreign company (America included).
Google Analytics is in breach of the GDPR
- In August of 2020, an Austrian Google user was personally identified by Google after using an Austrian health website. This person brought a claim against Google to the Austrian Data Protection Authority.
- Google analytics provides a setting in Google accounts to stop Google from evaluating use of third-party website in detail, which suggests Google is able to merge usage data with an individual. This data is then stored in the US and is a violation of GDPR.
- Last week, an Austrian court ruled the data transfer as illegal and therefore Google in breach of GDPR.Other European courts, especially Germany and the Netherlands are expected to make similar findings in the coming months.
- This has implications for Google, and companies that operate in Europe who use Google Analytics.
- Companies operating in Europe must determine if running Google Analytics on their websites will risk a penalty for violating the GDPR.
There is a simple process for you to be GDPR compliant in EU while using Google Analytics
- The Dutch Authority for Personal Data has updated its guidance on the “privacy friendly set up of Google Analytics.”
- We have outlined an approach to maintain marketing intelligence while ensuring privacy compliance below.
The deeper story for IT professionals
“Google Analytics declared illegal in the EU” is a sensational headline. And with the majority of European websites running GA, are we soon to return to the dark ages of website analytics? We believe the likely implications of the ruling will be far less dramatic. A closer review of court documents suggests the issue is configuration related, not the product itself. That’s less exciting but regardless, non-compliant use of GA across the EU creates vulnerability to large fines from European authorities.
Let‘s understand the configuration issue further. As stated in the court documents, “due to a possible configuration error, the respondent did not activate the IP anonymisation function in all cases.” By not anonymising the IP address, the user could be identifiable, thus is considered PII, which under the GDPR is a major breach.
Fortunately for the citizens of the EU, should US intelligence services have accessed the non-compliant data in question, the value associated with identifying the European citizen is not reversable. Court documents stated, “it is not to be expected that US authorities would have additional information that would enable them to identify the data subjects behind the first party cookie values ‘gid’ and ‘cid’ or behind an IP address.” The site in question also possesses “no authentication system and did not use a user ID function.” Therefore, these identity values are not traceable back as PII.
What happens now? If you’re an Australian business operating digital assets in the EU, do you need to pull GA down tomorrow? Best to seek your own legal guidance on that question, but we suggest some immediate actions:
- Review your platform configurations, especially ID synchronisation, data collection and sharing options. This preparation must span your entire mar-tech platform.
- Prepare for and have a contingency plan for data analytics and behaviour collection plans. If not in response to this court ruling and the rise of European GDPR compliance rulings, then for vendor mechanisms such as Apple’s ITP and IDFA, and the imminent death of 3rd-party cookies. One option is to use an edge-based analytics service that is privacy-first, non-cookie based, and immutable to the ad-blocking and analytics tool. Another solution is to have the system and platform collect and process authenticated traffic data that is secured, consent-based, and compliant.
The commercial internet is younger than the age the average Australian buys a home loan. Google itself is only 24. While it’s unimaginable to live without the internet, we’re only just starting to regulate it and reduce its by-products of harm. Privacy is an area governments can legislate and are increasingly holding brands and tech companies to account. If you haven’t invested in people and processes to ensure your privacy compliance, now is the time to do so.
B&T’s sister publication Travel Weekly will be hosting its annual Travel Daze conference in Sydney on June the 9th and better still you’re invited and, even more fantastically, tickets are free! Yep, zilch, zero, nix! The full-day event will be staged at Paddington’s Chauvel Cinema in inner-Sydney and boasts an incredible and eclectic speaker line-up […]
On election day, instant grocery company VOLY, took to Sydney electorates to call out the wild and confusing things that make up our election process. The campaign featured a combination of walking billboards, social media and surprise ‘Democracy sausage’ deliveries to polling booths across Sydney. VOLY was able to cut through the noise and position […]
Plummeting prices of cryptocurrencies, hacking and stealing of overpriced non-fungible tokens, an uncontrollable market that seems to operate on the moods of those who run it… All these are elements which are making marketers pull the breaks on their plans to invest within the world of digital real estate. But is all this coming to […]
In this guest post, Stu Wragg (main photo), chief strategy officer at Herd MSL, says your best work so often happens when you’re well out of your comfort zone… There’s a lot to be said for feeling comfortable but when it comes to professional development, it’s uncomfortable experiences, not comfortable ones, that matter most. For […]
Introducing youtime.com – a considered curation of content, products and services all designed to help enhance your ‘you time’. Unlike anything else in the Australian market, youtime is set to lead the way in a new-age breed of digital destinations; where editorial leads eCommerce, retail becomes a service, shopping meets experience, and everything is grounded […]
SBS has today launched SBS WorldWatch, an all-new free-to-air multilingual news channel. The dedicated 24-hour channel features news bulletins from leading international broadcasters in more than 35 languages and is home to SBS’s Arabic and Mandarin television news bulletins – SBS عربي News and SBS 中文 News. The launch of the channel builds on SBS’ […]
Xandr today announced three key senior appointments to the team, the first under new ANZ managing director, Nicole Prior, as the company eyes expansion. Mark Serhan is appointed to the newly created role of commercial director, Philip Coetzee becomes associate director – product management, and Archana Ganesh becomes associate director – APAC product support lead. […]
The Australian Fashion Council (AFC) – the peak body for the Australian fashion and textile industry – has launched Australian Fashion Trademark. The Australian Fashion™ and ‘Fashion Evolution: From Farm to Industry’ launched at Afterpay Australian Fashion Week. Over the next 10 years, the industry has the potential to deliver an additional $10.8 billion in […]
According to reports, the SpaceX and Tesla owner, Elon Musk, asked a flight attendant for an “erotic massage” then proceeded to touch her inappropriately without her permission. He then gave her over $350,000 to keep her from talking about it. The report, which originally came from the Insider, cites a close friend of the flight […]