Home Content Studio CMOs Beware: Recent Google Analytics Decisions In The EU Put Data At Peril
Content Studio

CMOs Beware: Recent Google Analytics Decisions In The EU Put Data At Peril

By AdExchanger Content Studio

SHARE:

By Anders Pilgaard Andersen, senior vice president, general counsel, Adform 

Recent decisions by multiple EU data protection authorities signal the use of Google Analytics violates the EU General Data Protection Regulation (GDPR). These decisions sound a warning not only to the many companies using Google Analytics but, more broadly, to any company using US-based ad tech and mar tech platforms, since most companies collect and transfer the same types of protected data.

If this sounds like your company, here’s what you should know – and what you should be thinking about as you consider how to respond.

A flurry of GDPR rulings against Google Analytics

The most recent cascade of decisions and statements send a signal that European enforcement authorities may no longer tolerate US access to data of European citizens.

In early January, the European Data Protection Board (EDPB) publicly reprimanded the European Parliament for breaching the GDPR through its use of Google Analytics. A week later, the Austrian Data Protection Authority published a decision stating the use of Google Analytics violates the EU General Data Protection Regulation (GDPR).

The Austrian decision was soon followed by similar decisions or press statements by the Dutch, Danish and French data protection authorities.

These decisions generally state the existing setup – where data about European citizens is collected, transferred to and stored in the US – is in breach of Article 44 of the GDPR. More specifically, authorities ruled the transfer of personal data to the US failed to be protected from the US government’s ability to look into the data under US surveillance laws.

In the past, the EU and US managed to resolve such issues through the now-invalidated Privacy Shield. But that perspective has clearly changed due to so many similar rulings over a short period of time.

Moreover, the rapid echoing of this position-change across Europe, as well as a short one-month compliance window in a French case, make it clear that authorities see this as an urgent issue and will expect companies to respond quickly.

A turning point for advertisers using US-based ad tech and mar tech

The rulings against Google Analytics represent a potential bombshell for the advertising industry, given the widespread use of US-based ad tech and mar tech platforms. Any such platform which, similar to Google Analytics, processes cookie data of European data subjects is likely affected here.

Further, the French DPA said this extends to “other tools used by sites that result in the transfer of data of European internet users to the United States.” The Danish DPA noted that more cases will be issued across the EU.

Advertisers and publishers need to act now

IAB Europe continues working to make the Transparency and Consent Framework (TCF) the first GDPR-backed certification seal or code of conduct under Articles 41-42 of the GDPR for the ad tech industry. Such seal or code of conduct for the TCF as a framework would bring clarity to all stakeholders in the online advertising industry, from advertisers and technology providers to publishers and end users alike.

But can companies using US-based ad tech and mar tech afford to wait for further clarity or guidance from IAB Europe or from EU authorities? Or, at a minimum, what should advertisers and publishers do now?

The first step is to gather leading stakeholders from marketing, legal and compliance, IT operations and IT security to begin answering the following questions:

  • What data do you collect? Where is it stored? Who can access it? Ensure a full understanding of your own – and your vendors’ – flow of data.
  • How do your contractual obligations impact your compliance requirements?
  • How can you do more from a technical and security perspective – e.g., Can data be anonymized before shared?
  • Based on the above answers, do you feel confident you can continue working with US-based vendors, or should you consider alternatives?

Highly regulated industries with high attention to compliance (e.g., financial companies, telcos, etc.) are likely already in the process of determining how to reaccess their advertising vendors based on these decisions. But really, any company operating in Europe who collects data on its customers should immediately pause to begin a reevaluation exercise, like the one outlined above, to determine if it is compliant with these new decisions regarding services from US-based platforms.

 

 

 

 

Tagged in:

Must Read

PODCAST: AdExchanger Talks

How ‘Wrapped’ Insights Become Audience Segments

How does Spotify translate quirky Wrapped labels, like “divorced dad hipster,” into ad audiences? And is AI-generated content safe for brands? Spotify’s Global Head of Ad Product Katie English weighs in.

Marketers

Pirated Sports Streams Are Warping TV’s Most Important Ratings

Although tides of ad revenue flow based on the ratings of certain tentpole TV events, a new crop of scammers now operate illicit sports livestreaming rings, and there’s almost nothing broadcasters can do about it.

CTV roundup

AI Is Redefining Premium Content – Which May Not Be A Good Thing

At AdExchanger’s Programmatic AI conference, media experts discussed how the rise of AI-generated content is changing the industry’s understanding of “premium” content.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
The Big Story Podcast
PODCAST: The Big Story

Prog AI Live: AI’s Slippery Slop

Recorded live in Las Vegas at Prog AI, the AdExchanger team tackles a tricky question: As AI floods the feed with chaotic, addictive content and people engage with it, what does “premium” even mean anymore?

AdExplainer

The Programmatic Auction Is Changing In Real Time – Here’s How

Two decades after the first RTB auction, programmatic is more complex than ever – and that’s before you even consider generative AI.

Marketers

Publicis Acquires LiveRamp In A Major Shakeup For Indie Data Collaboration

Hundreds of exasperated and unexpected ad industry phone calls were made on Sunday, as agencies and ad tech vendors discussed the fallout of Publicis Groupe’s $2.2 billion acquisition of LiveRamp over the weekend.

Popular

  1. AdExplainer

    The Programmatic Auction Is Changing In Real Time – Here’s How

    Two decades after the first RTB auction, programmatic is more complex than ever – and that’s before you even consider generative AI.

  2. AI

    AI Needs Humans In The Lead, Not Just In The Loop, Says JPMorgan Chase Programmatic Lead

    Automation has its place, but good marketing still needs “heart and science,” according to JPMorgan Chase’s Melissa Bonnick. Humans aren’t going anywhere.

  3. CTV roundup

    AI Is Redefining Premium Content – Which May Not Be A Good Thing

    At AdExchanger’s Programmatic AI conference, media experts discussed how the rise of AI-generated content is changing the industry’s understanding of “premium” content.

  4. Marketers

    Pirated Sports Streams Are Warping TV’s Most Important Ratings

    Although tides of ad revenue flow based on the ratings of certain tentpole TV events, a new crop of scammers now operate illicit sports livestreaming rings, and there’s almost nothing broadcasters can do about it.

  5. Marketers

    Publicis Acquires LiveRamp In A Major Shakeup For Indie Data Collaboration

    Hundreds of exasperated and unexpected ad industry phone calls were made on Sunday, as agencies and ad tech vendors discussed the fallout of Publicis Groupe’s $2.2 billion acquisition of LiveRamp over the weekend.