Swedish Authority Warns companies against using Google Analytics
Four well-known corporations(CDON, Tele2, Dagens, COOP) had been restricted from accessing Google Analytics and fined for violating the regulation by transferring non-public recordsdata to third nations.
Google Analytics is a platform that collects recordsdata out of your net sites and apps to acquire reviews that offer insights into your replace.
The Swedish Authority for Privateness Security (IMY) has audited how four corporations employ Google Analytics for net statistics and came across non-public recordsdata being transferred.
IMY issued an administrative fair staunch-trying of 12 million SEK in opposition to Tele2 and 300,000 SEK in opposition to CDON; Tele2 has no longer too long ago stopped using the statistics instrument on its own initiative.
According to the allegations raised by the organization, None of your replace; these corporations were audited by the European Court docket of Justice (CJEU) for transferring non-public recordsdata.
According to the tips security regulation GDPR, non-public recordsdata also can fair be transferred to third nations, i.e. nations originate air the EU/EEA, if the European Commission has determined that the country in question has an ample diploma of security for non-public recordsdata that corresponds to that all the intention by the EU/EEA.
Nevertheless, the CJEU ruled by the Schrems II ruling that the US could perchance no longer be belief of to enjoy such an ample diploma of security on the time of the ruling.
In its audits, IMY considers that the tips transferred to the US by Google’s statistics instrument is non-public recordsdata because it can perchance even be linked with various odd recordsdata transferred.
The businesses also enjoy no longer taken passable security measures in going by recordsdata to meet the security that is guaranteed all the intention by the EU/EEA.
According to actual advisor Sandra Arvidsson, who led the corporations’ audits, it is certain what requirements are placed on technical security measures and various measures when transferring non-public recordsdata to a third country.
According to the CJEU, If the European Commission doesn’t decide on an acceptable diploma of security, which is definite on usual contractual clauses, these usual contractual clauses also can fair must be supplemented with extra protections if it is serious to preserve the protections that the clauses are supposed to give.
All four corporations enjoy basically basically based their choices on the switch of non-public recordsdata by Google Analytics on usual contractual clauses.
Nevertheless from IMY’s audits, it looks that no longer one of the corporations’ extra technical security measures are passable.
IMY issues an administrative fair staunch-trying of 12 million SEK in opposition to Tele2 and 300,000 SEK in opposition to CDON, which has no longer taken the same wide protective measures as Coop and Dagens Industri. Tele2 has no longer too long ago stopped using the statistics instrument on its own initiative.
IMY orders the many three corporations to prevent using the instrument.
These choices enjoy implications no longer fair staunch for these four corporations but additionally can moreover provide steering for various organizations that employ Google Analytics, says Sandra Arvidsson
Source credit : cybersecuritynews.com