It’s official: Italy bans Google Analytics
After Austria and France, Italy has emerged as the next European nation to ban Google Analytics as a result of data privacy concerns. The ruling was drawn after extensive investigations by Italian data watchdog Garanate and the Italian Data Protection Authority.
The primary argument for the Google Analytics ban is that Google, by American law, must transfer personal user data including IP address, OS, language, browser data and more — from Europe back to the headquarters in the US. For one, the Italian authorities deemed this data flow to be unconstitutional as the personal information being processed was not anonymized. Why is this an issue? Two reasons:
- US surveillance structures do not satisfy Article 52 of the EU Charter on Fundamental Rights, as discovered by the EU’s Court of Justice.
- The EU's Court of Justice concluded that cases involving data breach and/or violation lack sufficient judicial redress, leaving EU citizens with little option if such a situation should arise. This does not align with Article 47 of the EU charter.
“A website using Google Analytics (GA) without the safeguards set out in the EU GDPR violates data protection law because it transfers users' data to the USA, which is a country without an adequate level of data protection” - Italian SA
What does this mean for Google Analytics users in Italy?
Well, the authorities are notifying Italian websites, both public and private, to the illegality of data transfers from Europe to Italy through Google Analytics. The Italian SA has also directed all website operators to verify that the tracking cookies are compliant with standard GDPR regulations. If this is not the case, the Italian SA has provided upto 90 days to implement adequate measures in place to support a compliant data flow. Ultimately, if these requirements are not met, a suspension of Google Analytics data flows to the US will be ordered.
Post 90-days, the Italian SA will continue to verify the compliance of GA data flows to ensure GDPR standards are met by ways of ad-hoc inspections.
“The Italian SA wishes to draw the attention of all the Italian website operators, both public and private, to the unlawfulness of the data transfers to the USA as resulting from the use of GA - partly on account of the many alerts and queries received so far . The Italian SA calls upon all controllers to verify that the use of cookies and other tracking tools on their websites is compliant with data protection law; this applies in particular to Google Analytics and similar services.”
In short, if you’re using Google Analytics in Italy, chances are you’ll need to find a privacy-compliant alternative in coming months. While this may seem like concerning news, it’s actually a fantastic opportunity to pick up a more robust solution.
Looking for Google Analytics alternatives?
Factors.ai has you covered. Factors is, and always will be a privacy-first marketing + web analytics platform. In addition to being GDPR compliant, Factors is compliant with CCPA and PECR as well. What’s more? Factors is SOC2 certified — ensuring industry-standard protection across data security, availability, processing integrity, confidentiality, and privacy.
Although Google Analytics’s upcoming version, GA4, is touted to have significant privacy improvements, the latest updates suggest no real impact on GDPR compliance. Which is why now is the best time to switch to a robust, reliable, privacy-first solution.
Still not convinced? Here are a few more reasons why GA4 isn’t really well suited for business anymore. And schedule a personalized demo here to learn why Factors really is the best alternative!