Amsterdam
Barbara Strozzilaan 1011083 HN Amsterdam
Nederland+31 10 307 7131info@kruso.nl
It began with the Austrian data supervisory authority, which banned the use of Google Analytics in January because it does not comply with GDPR legislation. The Danish Data Supervisory Authority has investigated Google Analytics and concluded that the tool is not legal. But does it matter to you? If you have a website or webshop where you track visitor data, you are most likely one of the many Danish companies that use Google Analytics.
Don't panic, and don't change just to change. The Danish Data Protection Authority has not yet set any conditions for when and how you should deal with the problem. In this blog post, we try to give you an overview of the situation and some potential solutions or alternative tools you can consider.
You might have heard of an Austrian company called NetDoktor that was in the news at the beginning of the year. According to the Austrian Data Protection Authority, Netdoktor involuntarily shared user data from their visitors with Google through the Google Analytics tool. Since Google is an American company, the data that NetDoktor collects is transferred to USA. The problem arises because it breaches the EU's General Data Protection Regulation (GDPR). Since then, the French and Italian and most recently, the Danish data Authority have issued several statements emphasizing to find that using Google Analytics is not lawful.
The main problem is that there is no data agreement between the EU and the US on processing and protecting European citizens' data.
If you use Google Analytics to track user data, you have to decide how to track your user data in the future.
There are several possible solutions to choose from. You can still use Google Analytics as your analytic tool, but this requires you to make some changes. You may also consider looking for new ways and finding alternatives to Google Analytics.
Server-side tagging is a solution that allows you to filter data of information that should not be shared with third parties. This solution allows data to be sent and received from the user's browser to your web server first before being transferred to another location. In this way, greater security and control can be achieved when using Google Analytics.
Advantages of server-side tagging:
Better Data Control: you have complete control over what data each vendor receives.
Improved site performance: by removing or reducing JavaScript running in users' browsers, you get faster page load times and a better user experience.
The Data Protection Authority suggests pseudonymization as a solution to use Google Analytics legally. This can be done by setting up a reverse proxy or a 3rd party server where personal data is replaced by an anonymous value, preventing Google Analytics from seeing the original value. For example, you can anonymize a name by replacing it with a numeric value in a dataset. The relationship between this numeric value and the name is then stored in a second dataset, separate from the first dataset.
In the context of GDPR, pseudonymization is defined as the processing of personal data in which information can no longer be attributed to a specific individual without additional information. Pseudonymization makes information such as personal identification numbers and personal data less accessible to unauthorized users and is a way to comply with GDPR requirements.
To sum up, there are several solutions to use Google Analytics legally. But it also requires you to be prepared to change how your business processes data. This is not always an easy thing to change. Still, as described earlier, you can start by using Server-side tagging to filter sensitive data with a Cloud service or using Pseudonymization to hide data by anonymizing it under other values or data sets.
When considering replacing or changing your analytic setup, it can be quite a mouthful. We are here to help with that. Feel free to reach out if you want to discuss what a potential future setup could look like for you.