In January 2022, the Austrian Data Protection Authority ruled that Austrian websites that use Google Analytics are breaching the General Data Protection Regulation (GDPR).
This recent ruling has its roots in a ruling known as Schrems II, which was made by the Court of Justice of the European Union (CJEU) in 2020. The CJEU stated that US cloud service providers are not capable of complying with EU privacy laws, including GDPR. This non-compliance is inevitable due to US surveillance laws, which require US cloud service providers to hand over users' personal data to the US authorities.
Despite tech companies warning that this ruling would have severe consequences for companies and users on both sides of the Atlantic, many companies in both the US and the EU simply ignored the 2020 case. However, one Austrian business has now ended up in court as a result of ignoring the regulations. The company could be facing a fine of up to 20 million euros, as well as reputation damage.
The European Center for Digital Rights brought the case against the Austrian company. They found that IP addresses, which GDPR classes as personal data, were transmitted in cookie data to the US, in breach of the regulations. This illegal data transmission occurred as a result of the company using Google Analytics to monitor traffic to its site.
The Austrian Data Protection Authority took the bold step of ruling that Austrian websites that use Google Analytics are breaching GDPR.
According to Max Schrems, who is honorary chair of the European Center for Digital Rights, similar decisions could now occur in most EU member states. The organization has filed already filed over 100 complaints in almost all EU countries.
Many website providers use Google Analytics to gain insight into how visitors find, navigate, and interact with their websites. However, for website owners in Austria — and perhaps soon in all other EU countries — continuing to use Google Analytics no longer remains a legal option.
Any business currently using Google Analytics should remove it from their website immediately to avoid violating GDPR, which could lead to a significant fine and loss of reputation.
Abralytics is a cookie-free and privacy-focused website analytics service. In addition to respecting the privacy of website visitors, Abralytics also focuses on delivering information to website providers that is jargon-free, easy to understand, and immediately actionable. It can even provide insights in as little as 20% of the time that Google Analytics takes.
Abralytics works with all major website building platforms, such as Wordpress, Squarespace, Wix, or Shopify. Most EU website providers who are currently risking breaking the law by using Google Analytics could quickly and easily switch over to Abralytics to keep their visitors' data — and their own reputations — safe.
Another alternative to Google Analytics is Plausible.io. This open-source web analytics software is lightweight, cookie-free, and fully compliant with GDPR. Plausible.io was created in the EU and is still hosted there, which means that it is a great choice for businesses that are keen to ensure compliance with all EU legislation.
One advantage of using a cookie-free alternative to Google Analytics is that there is no need to obtain GDPR consent from website users. That means no annoying cookie banners — just a website working in the way it was designed to give a great experience to all visitors.
As of January 2022, only Austria has ruled that Google Analytics is illegal — but similar rulings are expected to follow in most if not all other EU member states. Website providers in all EU countries must take action now to avoid fines and reputation damage. It is time for websites across Europe to ditch Google Analytics in favor of a privacy-friendly web analytics alternative.
Sign up for a 30-day free trial of Abralytics today and protect your business.