Google Analytics is in the sights of the authorities, because of the use and processing of certain data. If it is an essential tool in terms of referencing and data monitoring, it is necessary to pay attention to its configuration to be in GDPR compliance.
If some announced a removal of the tool in France, others envisaged a different use. In order for the processing to comply with the GDPR regulationyou will have a few tasks to perform.
Pay attention to the configuration of Google Analytics
Individuals and professionals mainly use Google Analytics, as it is the most widely used tool for website data tracking. It is therefore difficult to miss Google Analytics since it is complete and above all free, when other solutions can be relatively expensive.
For the moment, vagueness reigns, Google has not necessarily communicated and no sanction has really fallen, there are however rumours. The latter arose out of complaints filed by the NOYB association. The use of the data is therefore not compliant with, in particular, a transfer to the United States. However, you can minimize the impact.
- Check all the data you transmit with Google Analytics.
- Depending on your needs, reduce some usage and delete some data if you don’t use it.
- For example, to reduce the duration of cookies, you can limit the retention of data in the ” Property ” then ” Tracking Information “.
- You can also make IPs anonymous for be GDPR compliant. This is also a feature of GA4.
Provide alternatives to Google Analytics
If Google Analytics were to be removed in France and Europe in the worst case scenario, you can still consider possible alternatives. There are indeed many solutions that allow you to collect information linked to your website.
Whether it’s your personal blog or for a site used for professional purposes. Here are some available alternatives:
- Matomo: it is free and it is particularly renowned for its respect for data and privacy.
- Plausible: it is paid, but it is effective in measuring traffic on your site.
- Analytic Abla: it’s free and it lingers on the audience.
You can always install a new solution in parallel with Google Analyticsthis in order to take advantage of the new features offered by another tool. You will not be penalized if however a drastic limitation was put in place. To the extent that the world of natural reference relies on the collection of statistics, the interest of having one or more analysis tool(s) is obvious.
What are the risks involved?
For the moment, no official information seems to be available from the CNIL or from Google. Patience is therefore required, but this case shows that you should not always focus on a single tool. If this were to be deleted, you could find yourself in an embarrassing situation if you do not take the initiative.
- Google therefore did not receive a formal notice, but GDPR compliance could be expected.
- For now, you do not risk any financial penalty if you use Google Analytics, but everyone remains responsible for the information collected, processed and stored. Being in compliance is important and you should not wait.
- If you have a website, you must therefore respect all GDPR requests mentioned by the CNIL.
If you are considering using an alternative, go with a solution that fully complies with the GDPRthis will save you from getting lost in the many parameters. Google had also specified that it would offer new ones, so that users could personalize the tool.
The primary objective would be to comply with the rules while offering the best statistics to customers. You should therefore consider the main Google Analytics indicators and see if they do not conflict with the GDPR.
Tech giants and data
Google was not the only player impacted by this processing of personal data which gave birth to the GDPR. Indeed, Meta had been at the heart of several rumors about the closure of Facebook and Instagram in Europe. This shows that GDPR compliance can be quite difficult. Markus Reinisch, however, clarified that the rumor was unfounded.
The tech giants are therefore impacted by the legal framework concerning the transfer of data. Nevertheless, NOYB documents nevertheless show that sites must imperatively comply with the requirements of the GDPR. A formal notice would have been received by Decathlon, Auchan and Sephora.
Even if you have not been alerted to such compliance, it may be wise to set up Google Analytics and review the policy for the storage of personal data. You could find yourself in a problematic situation because of a complaint filed by the CNIL.