Skip to content
EU firms face fallout from ruling against Google

 | News Today

EU firms face fallout from ruling against Google

| Business Top stories | Today Headlines


European businesses are facing uncertainty over the use of a popular Google analytics tool after a regulator found it broke privacy laws, the European Union’s latest salvo against major American technology companies.

The Austrian data protection regulator’s decision, published last week, could upend the business practices of companies across Europe, as regulators in the 27 EU countries are also preparing legislation on social media content. Lawmakers are due to vote this week on a bill, which includes provisions cracking down on targeted advertising online.

The Austrian regulator has ruled that an Austrian website, which it did not name, breached EU General Data Protection Regulation by using Alphabet Inc.

Google Analytics, a tool that tracks how people use websites and transfers personal data to the United States from the EU.

The decision is part of a long-running clash between tough EU privacy laws and US surveillance measures. The Austrian website used cookies to collect data such as IP addresses and other information that could identify users, and the information could potentially be accessed by US intelligence authorities upon request, the regulator said.

The decision has implications beyond Austria. “I’m sure Google Analytics practices are pretty much the same across the EU, so they would violate GDPR across the EU,” said David Martin Ruiz, senior legal officer at the European Consumers Organisation, an organization based in Brussels. defense group.

EU companies could take several steps to comply with the ruling. They could stop using Google Analytics and switch to European alternatives, or they could encourage Google and other US technology providers to set up data centers in the EU in partnership with local companies, ensuring that Consumer data remains within the block.

“It’s a slippery slope towards European digital isolation. If Europe wants to become a global data hub, you need to be connected with the outside world,” said Alexandre Roure, head of public policy at the Brussels office of the Computer and Communications Industry Association, a trade group of which Google is one of its members. “There are immediate effects for European and American businesses,” Roure said.

The Austrian regulator rejected Google’s safeguards, including promises to challenge government data requests. The Austrian website using Google Analytics had failed to properly configure the tool to anonymize IP addresses, the regulator said. Despite this technicality, the regulator said an IP address is personal data because it can be combined with other information to identify a website user.

Google said in a blog post on Wednesday that it “has been providing Analytics-related services to global enterprises for more than 15 years and in that time has never received” the type of user data request from agencies. US national security that the Austrian regulator considers a risk.

A Google spokesperson referenced the blog post when asked to comment on the regulator’s decision. The blog post called on the EU and US to agree on a new data framework to ensure the flow of information between them. He did not say whether Google would appeal the decision.

Jeroen Terstegge, a partner at Netherlands-based consultancy Privacy Management Partners Coöperatie UA, said it can be difficult for companies to determine which privacy protections apply to data transfers to the United States. . “You never know exactly when the guarantees are good enough,” he said.

More from WSJ Pro Cybersecurity

The Austrian regulator’s decision is the latest rebuff from companies that transfer personal data to the United States. In 2020, the highest court in the EU ruled that the Privacy Shield, a device widely used to transfer data across the Atlantic, was illegal. Since then, regulators have said companies must use alternative legal options and implement safeguards to ensure Europeans’ data is kept away from US government surveillance.

EU regulators have leveled several rebukes at big US tech companies in recent months. This month, the French privacy watchdog fined Google and Meta Platforms $169 million. Inc.

Facebook $67 million for making it too difficult for website users to reject cookies, which are used to track their browsing behavior.

The Austrian regulator’s decision was published by NOYB, a Vienna-based non-profit whose name means “None of your business”, which filed a complaint against the Austrian website. NOYB said it filed another 100 similar complaints with EU regulators last year.

On January 13, the same day NOYB published the Austrian decision, the Dutch privacy authority said it was investigating two complaints about Google Analytics. “The use of Google Analytics may soon no longer be permitted,” the Dutch regulator wrote in an update to an online guide to using Google Analytics and respecting privacy.

Write to Catherine Stupp at Catherine.Stupp@wsj.com

Copyright ©2022 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8

EU firms face fallout from ruling against Google

| Breaking News Updates Local news
wsj

Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.