Following the footsteps of Austria and France, the Italian Data Protection Authority has become the latest regulator to find the use of Google Analytics to be non-compliant with E.U. data protection regulations.
The Garante per la Protezione dei Dati Personali, in a press release published last week, called out a local web publisher for using the widely used analytics tool in a manner that allowed key bits of users’ personal data to be illegally transferred to the U.S. without necessary safeguards.
This includes interactions of users with the websites, the individual pages visited, IP addresses of the devices used to access the websites, browser specifics, details related to the device’s operating system, screen resolution, and the selected language, as well as the date and time of the visits.
The Italian supervisory authority (SA) said that it arrived at this conclusion following a “complex fact-finding exercise” it commenced in collaboration with other E.U. data protection authorities.
The agency said the transfer of personal information violates the data protection legislation because the U.S. is a “country without an adequate level of protection,” while highlighting the “possibility for U.S. government authorities and intelligence agencies to access personal data transferred without due guarantees.”
images from Hacker News