Home Content Studio CMOs Beware: Recent Google Analytics Decisions In The EU Put Data At Peril

CMOs Beware: Recent Google Analytics Decisions In The EU Put Data At Peril

SHARE:

By Anders Pilgaard Andersen, senior vice president, general counsel, Adform 

Recent decisions by multiple EU data protection authorities signal the use of Google Analytics violates the EU General Data Protection Regulation (GDPR). These decisions sound a warning not only to the many companies using Google Analytics but, more broadly, to any company using US-based ad tech and mar tech platforms, since most companies collect and transfer the same types of protected data.

If this sounds like your company, here’s what you should know – and what you should be thinking about as you consider how to respond.

A flurry of GDPR rulings against Google Analytics

The most recent cascade of decisions and statements send a signal that European enforcement authorities may no longer tolerate US access to data of European citizens.

In early January, the European Data Protection Board (EDPB) publicly reprimanded the European Parliament for breaching the GDPR through its use of Google Analytics. A week later, the Austrian Data Protection Authority published a decision stating the use of Google Analytics violates the EU General Data Protection Regulation (GDPR).

The Austrian decision was soon followed by similar decisions or press statements by the Dutch, Danish and French data protection authorities.

These decisions generally state the existing setup – where data about European citizens is collected, transferred to and stored in the US – is in breach of Article 44 of the GDPR. More specifically, authorities ruled the transfer of personal data to the US failed to be protected from the US government’s ability to look into the data under US surveillance laws.

In the past, the EU and US managed to resolve such issues through the now-invalidated Privacy Shield. But that perspective has clearly changed due to so many similar rulings over a short period of time.

Moreover, the rapid echoing of this position-change across Europe, as well as a short one-month compliance window in a French case, make it clear that authorities see this as an urgent issue and will expect companies to respond quickly.

A turning point for advertisers using US-based ad tech and mar tech

The rulings against Google Analytics represent a potential bombshell for the advertising industry, given the widespread use of US-based ad tech and mar tech platforms. Any such platform which, similar to Google Analytics, processes cookie data of European data subjects is likely affected here.

Further, the French DPA said this extends to “other tools used by sites that result in the transfer of data of European internet users to the United States.” The Danish DPA noted that more cases will be issued across the EU.

Advertisers and publishers need to act now

IAB Europe continues working to make the Transparency and Consent Framework (TCF) the first GDPR-backed certification seal or code of conduct under Articles 41-42 of the GDPR for the ad tech industry. Such seal or code of conduct for the TCF as a framework would bring clarity to all stakeholders in the online advertising industry, from advertisers and technology providers to publishers and end users alike.

But can companies using US-based ad tech and mar tech afford to wait for further clarity or guidance from IAB Europe or from EU authorities? Or, at a minimum, what should advertisers and publishers do now?

The first step is to gather leading stakeholders from marketing, legal and compliance, IT operations and IT security to begin answering the following questions:

  • What data do you collect? Where is it stored? Who can access it? Ensure a full understanding of your own – and your vendors’ – flow of data.
  • How do your contractual obligations impact your compliance requirements?
  • How can you do more from a technical and security perspective – e.g., Can data be anonymized before shared?
  • Based on the above answers, do you feel confident you can continue working with US-based vendors, or should you consider alternatives?

Highly regulated industries with high attention to compliance (e.g., financial companies, telcos, etc.) are likely already in the process of determining how to reaccess their advertising vendors based on these decisions. But really, any company operating in Europe who collects data on its customers should immediately pause to begin a reevaluation exercise, like the one outlined above, to determine if it is compliant with these new decisions regarding services from US-based platforms.

 

 

 

 

Must Read

CTV Buyers Are Getting The Show-Level Performance Optimization They’ve Always Wanted

A collaboration between InterMedia Advertising, Peer39 and Pontiac Intelligence provided show-level cost-per-acquisition data for 94% of CTV ad impressions.

Advertisers Await Programmatic Pause Ads

The IAB Tech Lab is working on standardizing programmatic signals for new streaming TV ad formats, including pause ads. Meanwhile, many brands are eager to add pause ads to their repertoire.

Why Media Mergers And Spin-Offs Don’t Always Keep Their Promises

With media megamergers, acquisitions and spin-offs left and right, the media landscape is changing at a pace that is difficult to keep up with.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
TransUnion is partnering with Blockgraph so that advertisers can use its identity data to target, reach and measure TV households across channels.

How This Disaster Relief Nonprofit Tapped First-Party Data To Reach Donors Year-Round

Staying top of mind for potential donors is an ongoing challenge for Direct Relief. Nexxen’s audience curation helped it spread and sustain awareness.

Why Major UK Publishers Are Finally Joining Forces To Curate Ad Inventory

Atria’s collective approach is a response to growing monetization challenges and the need to protect the value of human journalism in the AI era.

Toronto Canada pride parade includes a crowd waving pride flags

Ad Performance And Politics Steered Brand Dollars Away From LGBTQ+ Communities – But The Pendulum Will Swing Back

The current administration has discouraged many marketers and organizations from showing support for the LGBTQ+ community, including during Pride month.