Back to overview

Google Analytics illegal in the EU

   15.02.2022   GDPR, web analytics, Google Analytics, Matomo, data protection
Google Analytics Illegal | ©

Following on from Austria, France has now also declared Google's web analytics service non-compliant with the GDPR. The reasons, the consequences and the alternatives.

The reasons

The French data protection authority CNIL has deemed the transfer of user data to the United States within the framework of Google's Web Analytics unlawful. It argues that Google is insufficiently protecting the data from access by the U.S. intelligence services. The Austrian data protection authority (DPA) had already issued a similar decision in mid-January.

The consequences

Anyone who transfers analytics data of EU citizens to Google is in violation of the the EU's General Data Protection Regulation (GDPR). The penalties can be severe: Article 83 (5) of the GDPR calls for fines of up to 20 million euros, or 4% of the total annual global turnover in the previous fiscal year, whichever is higher, in the case of particularly serious violations.

The alternatives

So how to run web analytics without creating privacy issues?

  • Anonymize: For one, services that enable complete anonymization of data, including the visitors' IP addresses, can be used. (e.g.  etracker, Matomo or Piwik PRO). This prevents personal data from being processed.
  • On-premise operation: Another option is to choose an analytics platform that offers self-hosting. Storing and processing data on your own infrastructure means you don't share it with third parties in the first place. (e.g. Matomo @ aspectra).