CNIL: DSGVO violation through the use of Google Analytics

In the dispute over transatlantic standards for data protection, the French data protection supervisory authority CNIL has made another momentous decision. According to this, the use of Google Analytics violates the General Data Protection Regulation (GDPR), as data would be transferred to the USA. The CNIL now asked the website operator to „bring these processing operations in line with the GDPR, if necessary by no longer using the Google Analytics functionality (under the current conditions).“ Alternatively, tools could be used that did not use transfers to countries that were not GDPR-secure. The measures taken by Google were not sufficient to ward off the possibility of access by US intelligence agencies in order to comply with the European Court of Justice, the French data protection authorities said.