The Austrian Data Protection Authority ("Datenschutzbehörde" or "DSB") has decided on a model case by noyb that the continuous use of Google Analytics violates the GDPR.
In 2020, the Court of Justice (CJEU) decided that the use of US providers violates the GDPR, as US surveillance laws require US providers like Google or Facebook to provide personal details to US authorities. Austrian DSB decision is the first to be issued.
Data protection authorities may now gradually declare US services illegal, putting additional pressure on EU companies and US providers to move towards safe and legal options.
The GDPR foresees penalties of up to € 20 million or 4% of the global turnover in violation cases, but Austrian DPA's decision is not dealing with a potential penalty, as this is seen as a "public" enforcement procedure, where the complainant is not heard.
There is no information if a penalty was issued or if the DSB is planning to also issue a penalty.
UniConsent have a detailed article How to make your Google Analytics GDPR Compliant with UniConsent about the best practices of using Google Analytics on your website:
UniConsent is a part of Transfon's privacy-first User Experience Platform serves tens of millions of users per day to provide a seamless privacy experience for both users and publishers in the age of post GDPR. Contact us to know more: email@example.com
Meta's 'Pay or Okay' Model: Legal and Ethical Implications for Publishers
UK ICO Call for Reject All Button on Cookie Banners: Navigating Compliance and Privacy
IAB TCF 2.2 Deadline: Upgrade to IAB TCF 2.2 by November 20, 2023
IAB TCF 2.2: Transitioning to TCF 2.2
Google Certified CMP: UniConsent CMP Receives Official Certification as a Google-Certified Consent Management Platform (CMP)
Google certified CMP: UniConsent CMP Initiates Certification Process for Google's Certified CMP