June 23 2022

Google: Privacy Guarantor stop the use of Analytics. Data transferred to the USA without adequate guarantees

The new communication from the Privacy Guarantor arouses surprise and a radical change (for the worse) for insiders.

ROME: June 23, 2022:

The website that uses the Google Analytics (GA) service, without the guarantees provided by the EU Regulation, violates the data protection legislation because it transfers user data to the United States, a country without an adequate level of protection.

 

This was stated by the Privacy Guarantor at the conclusion of a complex investigation launched on the basis of a series of complaints and in coordination with other European privacy authorities. From the investigation of the Guarantor it emerged that the managers of the websites that use GA collect, through cookies, information on the interactions of users with the aforementioned sites, the individual pages visited and the services offered. Among the many data collected, the IP address of the user's device and information relating to the browser, the operating system, the screen resolution, the selected language, as well as the date and time of the visit to the website. This information was found to have been transferred to the United States. In declaring the unlawfulness of the treatment it was reiterated that the IP address is personal data and even if it were truncated it would not become anonymous, given the ability of Google to enrich it with other data in its possession.

Following these investigations, the Guarantor adopted the first of a series of measures with which he cautioned Caffeina Media Srl which manages a website, ordering it to comply with the European Regulation within ninety days. The time indicated was deemed appropriate to allow the manager to adopt adequate measures for the transfer, under penalty of suspension of the data flows carried out, through GA, to the United States.

The Guarantor highlighted, in particular, the possibility for US government authorities and intelligence agencies to access personal data transferred without due guarantees, noting in this regard that, in the light of the information provided by the EDPB (Recommendation no. 1/2020 of 18 June 2021), the measures that integrate the transfer tools adopted by Google do not currently guarantee an adequate level of protection of users' personal data.

On this occasion, the Authority draws the attention of all Italian managers of websites, public and private, to the illegality of transfers made to the United States through GA, also in consideration of the numerous reports and questions that are being received by the Office. And invites all data controllers to verify the compliance of the methods of use of cookies and other tracking tools used on its websites, with particular attention to Google Analytics and other similar services, with the legislation on the protection of personal data. .

Upon expiry of the 90-day term assigned to the company to which the provision is addressed, the Guarantor will proceed, also on the basis of specific inspection activities, to verify compliance with the EU Regulation of data transfers carried out by the owners.

Do you have doubts? Don't know where to start? Contact us!

We have all the answers to your questions to help you make the right choice.

Chat with us

Chat directly with our presales support.

0256569681

Contact us by phone during office hours 9:30 - 19:30

Contact us online

Open a request directly in the contact area.

INFORMATION

Managed Server Srl is a leading Italian player in providing advanced GNU/Linux system solutions oriented towards high performance. With a low-cost and predictable subscription model, we ensure that our customers have access to advanced technologies in hosting, dedicated servers and cloud services. In addition to this, we offer systems consultancy on Linux systems and specialized maintenance in DBMS, IT Security, Cloud and much more. We stand out for our expertise in hosting leading Open Source CMS such as WordPress, WooCommerce, Drupal, Prestashop, Joomla, OpenCart and Magento, supported by a high-level support and consultancy service suitable for Public Administration, SMEs and any size.

Red Hat, Inc. owns the rights to Red Hat®, RHEL®, RedHat Linux®, and CentOS®; AlmaLinux™ is a trademark of AlmaLinux OS Foundation; Rocky Linux® is a registered trademark of the Rocky Linux Foundation; SUSE® is a registered trademark of SUSE LLC; Canonical Ltd. owns the rights to Ubuntu®; Software in the Public Interest, Inc. holds the rights to Debian®; Linus Torvalds holds the rights to Linux®; FreeBSD® is a registered trademark of The FreeBSD Foundation; NetBSD® is a registered trademark of The NetBSD Foundation; OpenBSD® is a registered trademark of Theo de Raadt. Oracle Corporation owns the rights to Oracle®, MySQL®, and MyRocks®; Percona® is a registered trademark of Percona LLC; MariaDB® is a registered trademark of MariaDB Corporation Ab; REDIS® is a registered trademark of Redis Labs Ltd. F5 Networks, Inc. owns the rights to NGINX® and NGINX Plus®; Varnish® is a registered trademark of Varnish Software AB. Adobe Inc. holds the rights to Magento®; PrestaShop® is a registered trademark of PrestaShop SA; OpenCart® is a registered trademark of OpenCart Limited. Automattic Inc. owns the rights to WordPress®, WooCommerce®, and JetPack®; Open Source Matters, Inc. owns the rights to Joomla®; Dries Buytaert holds the rights to Drupal®. Amazon Web Services, Inc. holds the rights to AWS®; Google LLC holds the rights to Google Cloud™ and Chrome™; Microsoft Corporation holds the rights to Microsoft®, Azure®, and Internet Explorer®; Mozilla Foundation owns the rights to Firefox®. Apache® is a registered trademark of The Apache Software Foundation; PHP® is a registered trademark of the PHP Group. CloudFlare® is a registered trademark of Cloudflare, Inc.; NETSCOUT® is a registered trademark of NETSCOUT Systems Inc.; ElasticSearch®, LogStash®, and Kibana® are registered trademarks of Elastic NV Hetzner Online GmbH owns the rights to Hetzner®; OVHcloud is a registered trademark of OVH Groupe SAS; cPanel®, LLC owns the rights to cPanel®; Plesk® is a registered trademark of Plesk International GmbH; Facebook, Inc. owns the rights to Facebook®. This site is not affiliated, sponsored or otherwise associated with any of the entities mentioned above and does not represent any of these entities in any way. All rights to the brands and product names mentioned are the property of their respective copyright holders. Any other trademarks mentioned belong to their registrants. MANAGED SERVER® is a trademark registered at European level by MANAGED SERVER SRL, Via Enzo Ferrari, 9, 62012 Civitanova Marche (MC), Italy.

Back to top