German Company’s Use of Google Analytics ‘Breached GDPR’ ⇥ theregister.com

Lindsay Clark, the Register:

Datenschutzbehörde, or DSB, has found that a German publisher, not named in the case, was in breach of Article 44 of the General Data Protection Regulation (GDPR) in the use and operation of Google Analytics – commonly used throughout web publishing and ecommerce – because of its movement of personal data to the United States.

In 2020, the EU Court of Justice struck down the so-called Privacy Shield data protection arrangements between the bloc and the US in what is now known as the Schrems II ruling, which has ramifications for US cloud providers, social media sites, and providers of online tools.

Datenschutzbehörde, Austria’s data protection authority, specifically cited the risk of espionage by U.S. intelligence agencies as a reason why this publisher’s use of Google Analytics violates GDPR rules. That is not an unreasonable concern. While users in some countries may benefit from having the protections of the U.S. legal system to avoid domestic overreaches, it is detrimental for users in Canada and many European countries.