Security News > 2022 > June > Italy Data Protection Authority Warns Websites Against Use of Google Analytics
Following the footsteps of Austria and France, the Italian Data Protection Authority has become the latest regulator to find the use of Google Analytics to be non-compliant with E.U. data protection regulations.
The agency said the transfer of personal information violates the data protection legislation because the U.S. is a "Country without an adequate level of protection," while highlighting the "Possibility for U.S. government authorities and intelligence agencies to access personal data transferred without due guarantees."
The website in question, Caffeina Media SRL, has been given a period of 90 days to move away from Google Analytics to ensure compliance with GDPR. In addition, the Garante drew webmasters' attention to the unlawfulness of data transfers to the U.S. stemming from the use of Google Analytics, recommending that site owners switch to alternative audience measurement tools that meet GDPR requirements.
Earlier this month, the French data protection watchdog, the CNIL, issued updated guidance over the use of Google Analytics, reiterating the practice as illegal under the General Data Protection Regulation laws and giving affected organizations a period of one month to comply.
"The implementation of data encryption by Google has proven to be an insufficient technical measure because Google LLC encrypts the data itself and has the obligation to grant access or provide the imported data which is in its possession, including the encryption keys necessary to make the data intelligible," the regulator said.
The Mountain View-based firm, which hosts all the data collected through the analytics platform in the U.S., also said it offers an IP address masking function that, when enabled, anonymizes the information in local servers before it's transferred to any servers outside the E.U. It's worth noting that this feature is enabled by default with Google Analytics 4.
News URL
https://thehackernews.com/2022/06/italy-data-protection-authority-warns.html