Scroll Top

Italy’s Data Protection Authority rules against agency using Google Analytics


Italy’s Data Protection Authority rules against agency using Google Analytics

Following the footsteps of AustriaGermany and France, the Italian Data Protection Authority has ended up being the current regulator to find making use of Google Analytics to be non-compliant with E.U. data protection regulations.

The Garante per la Protezione dei Dati Personali, in a press release published last week, called out a regional web publisher for utilizing the widely used analytics tool in a manner that allowed key little bits of users’ personal data to be unlawfully moved to the U.S. without needed safeguards.

on-demand GDPR Services

A partner you can depend to help your organisation meet GDPR compliance. All you need to know, to keep your business safe from Google Fonts Violates GDPR cases reported.

This includes interactions of users with the sites, the individual pages went to, IP addresses of the devices used to access the websites, internet browser specifics, information associated with the gadget’s os, screen resolution, and the picked language, in addition to the date and time of the check outs.

The Italian supervisory authority (SA) said that it arrived at this conclusion following an “intricate fact-finding workout” it began in cooperation with other E.U. data protection authorities.

The agency stated the transfer of personal details violates the data protection legislation because the U.S. is a “nation without a sufficient level of protection,” while highlighting the “possibility for U.S. government authorities and intelligence companies to gain access to individual data moved without due assurances.”

The site in question, Caffeina Media SRL, has been given 90 days to move away from Google Analytics to be compliant with GDPR. In addition, the Garante drew web designers’ attention to the unlawfulness of information transfers to the U.S. originating from making use of Google Analytics, advising that site owners switch to alternative audience measurement tools that meet GDPR requirements.


Compliant + sustainable long-term GDPR operational behaviour. A rock-solid foundation for privacy procedures and Google Fonts Violates GDPR mandate compliance.

“Upon expiry of the 90-day deadline set out in its decision, the Italian SA will check that the information transfers at issue are certified with the E.U. GDPR, consisting of by way of ad-hoc evaluations,” it specified.

Previously this month, the French data protection guard dog, the CNIL, issued updated assistance over the use of Google Analytics, repeating the practice as prohibited under the General Data Protection Regulation (GDPR) laws and offering affected companies one month to comply.

“The application of data encryption by Google has shown to be an insufficient technical procedure since Google LLC encrypts the data itself and has the commitment to give gain access to or provide the imported data which is in its belongings, consisting of the file encryption secrets required to make the data intelligible,” the regulator stated.

Google told that it’s evaluating the most recent decision. In January 2022, the tech giant worried that Google Analytics “does not track people or profile people across the internet” and that companies can manage the information gathered through the service.

The Mountain View-based firm, which hosts all the data collected through the analytics platform in the U.S., also stated it offers an IP address masking function that, when allowed, anonymizes the info in regional servers before it’s transferred to any servers outside the E.U.

It’s worth noting that this is not the first privacy-related complaint EU customer rights have made about Google’s practices. They also raised a grievance concentrated on its collection of area data back in 2018– however it took till February 2020 for Google’s lead EU data manager, Ireland’s Data Protection Commission (DPC), to begin questions. And, more than 2 years later on, that data probe IS STILL ongoing.

data protection OFFICER

Identify high-risk problems from Google Fonts Violates GDPR report. Administrative access and rights management with serious consideration are the foundation for a safely guarded online presence for your domain.

Not sure that our recurrent data protection offer is worthy of long-term consideration? Contact us today for a WP/Woo GDPR audit! Decide after you compare RISK + IMPACT versus COST.