Home Health Google Analytics, the Guarantor and the holes of the GDPR

Google Analytics, the Guarantor and the holes of the GDPR

by admin
Google Analytics, the Guarantor and the holes of the GDPR

The provision of the Personal Data Guarantor just made known with which the use of Google Analytics by a company was declared illegal highlights the “holes” of the GDPR, the attempt to plug them at all costs and the inability ( or the lack of will) to pursue the political choice of protecting European digital sovereignty to the end.

The investigation

For the Guarantor, the use of Google Analytics violates the privacy regulations


The provision is effective, at least formally, only for the company that has been subject to verification. In reality, however, it is applicable in more general terms and therefore constitutes a sort of Faq to understand whether or not you can continue to use Google Analytics on your site.

Without going around it, the position of the Italian Guarantor is explicit: Google Analytics cannot be used because the way the service is designed allows the American authorities to also access the personal data of European users and there are no “security measures” that Google’s customer may use or think of contractually imposing on the US multinational.

Break free from the slavery of analytics (of all analytics)

by Andrea Monti



That the overwhelming power of Google – and Big Tech – over our data is a very serious problem is evident. That the massive accumulation of citizen data, pardon, European users is a distorting element of the market is equally clear. Just as there is no question that American national security policy also rests on the private technology industry. However, the nobility of the end – stemming the transfer of personal data to the US – hardly justifies the use of an improper means, namely the forcing of the GDPR.

See also  Be the Freest Beggar "Bum Simulator" will be released at the end of August. If you can't beg for money, you can beat people on the street | 4Gamers

Is Google Analytics illegal? The answer in ten questions (plus one)

by Andrea Monti



The reasoning of the Authority, in fact, is based on an interpretation of the Regulation which is made to say what, in reality, is not written anywhere, and that is that personal data would also be completely anonymous for the operator of a site. but what can be de-anonymized in total autonomy by Google. Therefore, “personal data” would be the unique online identifiers that allow both the identification of the browser or device of the user visiting the website, and of the site manager himself (through the Google account ID); address, website name and navigation data; IP address of the device used by the user; information relating to the browser, the operating system, the screen resolution, the selected language, as well as the date and time of the visit to the website “. However, it is enough to do a very simple experiment to understand the weakness of the Guarantor’s interpretation. By logging into any Wordpress-based blog without registering, and then observing what data can be obtained using Matomo, the “data protection friendly” competitor of Google Analytics, we would discover two very clear things: the first is that there is no way to know who is behind the terminal used for the connection. So, we are not talking about personal data and the GDPR does not apply. The second is that Matomo basically collects the same data as Google Analytics, with the difference that the first non crosses the data anonymous with other information, the second, almost certainly yes.

See also  How to properly measure blood pressure at home before communicating it to your doctor

All this highlights the limitations of the GDPR.

In fact, to want to grant everything to apply the rule to those who use Google Analytics without identifying users it would be necessary to demonstrate the awareness that every single IP sent to Google is effectively de-anonymized, because the GDPR applies to single individuals and not to generic categories of subjects. Furthermore, it should be overcome the fact that the GDPR applies to those who process personal data and not to those who collect anonymous data and forwards them, as such, to a third party who instead could de-anonymize them. Instead, it should be the latter to be subjected to checks and controls because the hypothesis is that it is the one that re-aggregates the information and therefore performs the treatments regulated by the European standard.

But if this is the point, then in assessing the position of the Italian company, the Authority should also have opened a proceeding against Google to verify, for example, if, like Matomo, it planned to use the analytics platform without crossing the anonymous data received with those he already owns and if it allows the user of the service to independently protect the data in question in order to avoid cross-referencing with other information. If so, in fact, the data anonymous sent by the various webs around Europe would certainly remain so and the problem would be solved.

Otherwise, Google would have to comply with the obligations and prescriptions issued by the national protection authorities by interacting directly con each individual of which it processes the data.

See also  Are Whatsapp messages "correspondence"? The answer (positive and banal) comes from afar

The issue of who is directly subject to the GDPR, however, does not only concern Google but also involves the Big Tech companies that participate in strategies for the digitization of public services such as Cloud PA.

It would therefore be legitimate to expect – indeed, to require – that the Authority continue the courageous path it has just begun with this provision and open an overall investigation on all the data collection and analysis tools used by Big Tech and which provide clear indications to institutions and companies instead of leaving them prey to fear, uncertainty and doubt. If, on the other hand, the Guarantor remained inert, the temptation to think of a downside game would be too strong, that all in all things are fine and that, as they say in Rome, as for him, he does not cringe.

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy