ITALY is the third country in the European Union (EU) after Austria and France to declare Google Analytics banned.
The decision was made by Italy’s data watchdog Garante, the Italian Data Protection Authority, in harmony with other European privacy authorities.
According to Garante, the problem is that Google transfers users’ personal data to the United States (US).
Google is a US “electronic communication service provider” which is lawfully bound to give data to US intelligence services when requested meaning the EU cannot secure the privacy of its citizens.
Websites operating Google Analytics (GA) without the protective measures in the EU General Data Protection Regulation (GDPR) breach data security laws as users’ data is transferred to the US.
In addition, despite different suggestions from Google, France’s CNIL (Commission Nationale de l’Informatique et des Libertés) after deliberations concluded that it is impossible to use Google Analytics compliantly.
Schrems II invalidated the privacy shield stating two reasons why safeguards for data transfer to the US were not in place.
First, the Court of Justice of the European Union discovered that US surveillance programs do not meet the requirements of Article 52 of the EU Charter on Fundamental Rights.
Second, the court resolved that, with respect to US surveillance, EU data cases lack judicial redress and do not have a right to an effective solution in the US, as required by Article 47 of the EU Charter.
However, the EU member states are taking action to protect the privacy of their citizens. This has been done through the Austrian DSB, French CNIL and the Italian Garante.
Despite Google’s announcement that Universal Analytics will sunset G4 Analytics from July 1, 2023, it does not have any significant impact on GDPR compliance.