Sweden Worries Over Data Privacy as Google Analytics is Utilized
Sweden has issued an order to four companies, instructing them to cease using a Google tool that assesses and examines internet traffic. The reason behind this directive is that the tool transfers personal information to the United States. Additionally, one of the companies has been fined an amount exceeding $1.1 million.
Sweden’s data protection agency IMY said it had investigated the use of Google Analytics by companies after a complaint was filed by the Austrian data protection group noyb (not your company), which has filed dozens of complaints against Google across Europe.
Noyb claimed that the companies’ use of Google Analytics for online statistics led to the transfer of European data to the United States in violation of the EU’s data protection regulation, GDPR.
The GDPR only allows data to be transferred to third countries if the European Commission has determined that they offer at least the same level of privacy protection as the EU, and a 2020 ruling by the European Court of Justice overturned the EU-US data transfer agreement. insufficient.
The IMY said that it considers the data sent by the four companies to Google Analytics in the US as personal data and that “the technical security measures implemented by the companies are not sufficient to guarantee a level of protection that is substantially equivalent to the guaranteed level. Within the EU . . .”
It imposed a fine of 12 million kroner on the telecommunications company Tele2 and 300,000 kroner on the online marketplace CDON.
The grocery store chain Coop and the Dagens Industri newspaper had taken additional measures to protect the data being transferred and have not been fined.
Tele2 had stopped using Google Analytics of its own accord and IMY ordered other companies to stop using it.
Sandra Arvidsson, IMY’s legal adviser, who led the investigation, said that the agency has made it clear from the decisions what requirements are set for technical security measures and other measures when transferring personal data to a third country, in this case the United States.
Nyob welcomed the IMY’s decision.
“Although many other European authorities (e.g. Austria, France and Italy) have already stated that the use of Google Analytics violates the GDPR, this is the first financial penalty imposed on companies for the use of Google Analytics,” the release states.
At the end of May, the European Commission announced that it hopes to finalize the new legal framework for data transfer between the EU and the United States by the end of the summer.
The RGPD, which has been in effect since 2018, can result in fines of up to 20 million euros or four percent of a company’s global turnover.