At first sight, Collecting data from internet users has never been very legal. Subject to more and more regulations every year, with a view to protecting the personal data of each user. It is still collected, just as assiduously, and is becoming an essential tool for corporate marketing teams. From the website of the corner store to the big Adidas sales websites. All its companies are crazy about its data, allowing them to offer the most suitable advertising to seduce their customers even more easily. It’s a real gold mine, as long as everything is done with everyone’s consent, of course. And Google choose this particular niche to propose a new tool that revolutionize the world : Google Analytics.
Therefore, that has never been the case. And it is not the request of our small cookies each time a web page is opened that will allow us to protect ourselves from this. Especially when a tool like Google Analytics exists. Used today by almost all websites in the world. Its availability in France allowed us to obtain it thinking that its use was legal. When in reality it is very far from it.
Who is the European GDPR do ?
The GDPR, which came into force in Europe in May 2018, is supposed to protect our data. Not at all respected by the American giant. However, internet police like the CNIL, never having levied a lawsuit on Google’s arm. No one worried about being an outlaw anymore. Why be afraid if the crime in question is never punished?
Since February 2022, after a large number of complaints were filed by the NOYB association. The CNIL and its European counterparts have decided to take responsibility, and the consequences are not very pretty. But the only problem that surfaced was that of data transfers from Europeans to the United States. And not the pure and simple collection of its data. Even if this action remains illegal, it is much lighter in consequences than the other. Maybe the GDPR just regulates this data collection. These issues are more political, not letting the American secret services have access to everyone’s personal data. While they should also be social, preserving the privacy of citizens.
Think about it, when we see what companies are doing with it, wouldn’t it make more sense to ban collection? Or is the privacy of European populations not so important to them ? Certainly, it allows them to sell anything to anyone, to practically turn our brains around. But despite all this, companies continue to pretend that consumer purchases are purely rational. We should start thinking seriously about the issue, right?
What Google Analytics did was really outlaw ?
According to the CNIL “transfers to the United States are not sufficiently supervised at present. Indeed, in the absence of an adequacy decision (which would establish that this country offers a sufficient level of data protection under the GDPR) concerning transfers to the United States, the data transfer
can only take place if appropriate guarantees are provided for this flow in particular. This was not the case. Indeed, if Google has adopted additional measures to regulate data transfers within the framework of the Google Analytics functionality, these are not sufficient to exclude the possibility of access by American intelligence services to this data. This explains to this day, that measures must be taken.
It has therefore decided to give formal notice to the site manager in order to bring this processing into compliance with the GDPR, if necessary by ceasing to use the Google Analytics functionality (under current conditions) or by using another tool. not entailing a transfer outside the EU. The site manager in question has one month to comply.
Regarding the audience measurement and analysis services of a website, the CNIL recommends that these tools be used only to produce [anonymous] statistical data (https://www.cnil.fr/fr/lanonymisation-de -personal-data), thus allowing an exemption of consent if the data controller ensures that there are no illegal transfers. The CNIL has also launched an evaluation program to determine the solutions exempt from consent.
