The pitfalls of relying on Google Analytics in a world increasingly focused on user privacy : @VMblog

Article

Search:

Follow VMblog.com:

Improve end user experience in VDI, DaaS and physical endpoint environments

The pitfalls of relying on Google Analytics in a world increasingly focused on user privacy

It's no secret the European Union has stricter data privacy laws protecting consumers compared to the United States.

Accelerating technological advances are creating new challenges for the proper use and storage of consumer information. Data breaches have been an ongoing threat, exposing the sensitive user data of millions of U.S. residents. Even without leaks, businesses like Facebook and Google collect and process user data carelessly. We are seeing the consequences of this play out in European countries like Austria and France, where regulators have ruled that Google Analytics violates EU data protection laws.

Activists are calling for better data protection - EU regulators are listening

Google Analytics is indeed the most popular analytics tool on the market, with a more than 85 percent share of the market. However, Google Analytics and its mother company, Google LLC, have been on the radar of European privacy activists for some time now. Those groups advocate for a system where internet users decide on the collection of their data only after seeing an explanation of how their data will be used.

Reports of questionable privacy practices by Google have led to legal action based on the General Data Protection Regulation (GDPR), an EU regulation that imposes many obligations on those who want to collect and use personal data about users. The recent decision of the Austrian data protection authority, the DSB, constitutes the use of Google Analytics to collect data of EU residents as unlawful under GDPR.

The problems with Google Analytics in the EU (and why U.S. businesses should care)

The critical compliance issue with Google Analytics stems from storing user data, including information about EU residents, on U.S.-based cloud servers. On top of that, Google is a U.S.-owned company and is therefore subject to U.S. surveillance laws. One of them is the Cloud Act, which states that U.S.-based technology companies have to provide the government requested data stored on servers regardless of whether the data are stored in the U.S. or overseas.

Transatlantic transfers of personal data are the most pressing issue with Google Analytics regarding GDPR. In the judgment known as Schrems II, a European court ruled that sending personal data from the EU to the U.S. is illegal if companies can't guarantee this data will be safe from U.S. intelligence. EU consumers are more privacy-focused and privacy-conscious than U.S. consumers, and GDPR compliance shows that a brand takes privacy seriously.

The EU is one of the top markets globally, but to access it, you must play by the rules like GDPR. Therefore, the need for strong privacy regulations in the U.S. is greater than ever. Still, without a comprehensive, blanket solution like GDPR, U.S. companies that collect data on EU residents need to rethink their choices now.

Consider taking a privacy-friendly approach to your analytics

The most privacy-friendly approach would be to switch to an EU-based analytics platform that protects user data and offers secure hosting, ideally in an EU-owned data center. It guarantees that you collect, store and process data according to GDPR.

The less privacy-focused option is to choose an analytics platform with fewer privacy features and mitigate the compliance risk by applying additional security measures like data anonymization. However, this might be only a temporary fix if your analytics still sends the data to the U.S.-based or owned servers, to which the U.S. surveillance laws apply.

Analytics platforms are powerful tools that give organizations the power to gain insights into how visitors use their websites, apps, and products. However, consumers deserve assurances and the confidence that their personal information will be respected and safe. The more entities have access to your data, the bigger the chance of compromised security.

Transparency is key

Being transparent helps convince website visitors or app users to allow for the use of analytical cookies. Using GDPR-compliant analytics platforms could also help with providing a privacy-friendly website or software for visitors or users. Soon, it will become almost impossible to keep operating without rethinking how you handle consumers' data. The best thing to do is to take action and be prepared, as this new wave of legislation appears to be a long-term progression rather than a short-lived trend.

Our intention with Piwik PRO Analytics Suite has always been to give clients powerful analytics capabilities and key privacy and security features-and now we have a free version! The free Piwik PRO Core plan allows everyone to create ambitious analytics projects while building trust with a privacy-friendly approach. If you're interested in connecting with me or learning about alternatives to Google Analytics, visit my company's website at Piwik PRO.

ABOUT THE AUTHOR

Maciej Zawadziński, CEO of Piwik PRO

Maciej-Zawadziński

AdTech and MarTech expert, founder of several successful companies, and online privacy rights advocate. Striving towards more conscious data use and a healthier digital advertising ecosystem, Maciej is devoting his knowledge and skills to developing Piwik PRO, a privacy-focused analytics platform, the perfect alternative to Google Analytics.

Learn more at Piwik PRO.

Published Friday, April 15, 2022 7:32 AM by David Marshall