The Austrian Data Protection Authority ("Datenschutzbehörde" or "DSB") has decided on a model case by noyb that the continuous use of Google Analytics violates the GDPR.
In 2020, the Court of Justice (CJEU) decided that the use of US providers violates the GDPR, as US surveillance laws require US providers like Google or Facebook to provide personal details to US authorities. Austrian DSB decision is the first to be issued.
Data protection authorities may now gradually declare US services illegal, putting additional pressure on EU companies and US providers to move towards safe and legal options.
The GDPR foresees penalties of up to € 20 million or 4% of the global turnover in violation cases, but Austrian DPA's decision is not dealing with a potential penalty, as this is seen as a "public" enforcement procedure, where the complainant is not heard.
There is no information if a penalty was issued or if the DSB is planning to also issue a penalty.
UniConsent have a detailed article How to make your Google Analytics GDPR Compliant with UniConsent about the best practices of using Google Analytics on your website:
UniConsent is a part of Transfon's privacy-first User Experience Platform serves tens of millions of users per day to provide a seamless privacy experience for both users and publishers in the age of post GDPR. Contact us to know more: firstname.lastname@example.org
What is new about IAB TCF: GVL changes and Action Plan of IAB TCF to the Belgian DPA Decision
Reject All button at cookie banner for GDPR in each country
IAB TCF Update, Reduction of the timestamps precision in the TC String
Italy Garante: Guidelines on Cookies & Tracking Technologies takes effect on 9th Jan 2022
Austrian DPA: Google Analytics violates "Schrems II" decision by CJEU
How to Setup Consent Manager: Add a Privacy Settings Link or Privacy Badge on Your Website