Home Content Studio CMOs Beware: Recent Google Analytics Decisions In The EU Put Data At Peril

CMOs Beware: Recent Google Analytics Decisions In The EU Put Data At Peril

SHARE:

By Anders Pilgaard Andersen, senior vice president, general counsel, Adform 

Recent decisions by multiple EU data protection authorities signal the use of Google Analytics violates the EU General Data Protection Regulation (GDPR). These decisions sound a warning not only to the many companies using Google Analytics but, more broadly, to any company using US-based ad tech and mar tech platforms, since most companies collect and transfer the same types of protected data.

If this sounds like your company, here’s what you should know – and what you should be thinking about as you consider how to respond.

A flurry of GDPR rulings against Google Analytics

The most recent cascade of decisions and statements send a signal that European enforcement authorities may no longer tolerate US access to data of European citizens.

In early January, the European Data Protection Board (EDPB) publicly reprimanded the European Parliament for breaching the GDPR through its use of Google Analytics. A week later, the Austrian Data Protection Authority published a decision stating the use of Google Analytics violates the EU General Data Protection Regulation (GDPR).

The Austrian decision was soon followed by similar decisions or press statements by the Dutch, Danish and French data protection authorities.

These decisions generally state the existing setup – where data about European citizens is collected, transferred to and stored in the US – is in breach of Article 44 of the GDPR. More specifically, authorities ruled the transfer of personal data to the US failed to be protected from the US government’s ability to look into the data under US surveillance laws.

In the past, the EU and US managed to resolve such issues through the now-invalidated Privacy Shield. But that perspective has clearly changed due to so many similar rulings over a short period of time.

Moreover, the rapid echoing of this position-change across Europe, as well as a short one-month compliance window in a French case, make it clear that authorities see this as an urgent issue and will expect companies to respond quickly.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

A turning point for advertisers using US-based ad tech and mar tech

The rulings against Google Analytics represent a potential bombshell for the advertising industry, given the widespread use of US-based ad tech and mar tech platforms. Any such platform which, similar to Google Analytics, processes cookie data of European data subjects is likely affected here.

Further, the French DPA said this extends to “other tools used by sites that result in the transfer of data of European internet users to the United States.” The Danish DPA noted that more cases will be issued across the EU.

Advertisers and publishers need to act now

IAB Europe continues working to make the Transparency and Consent Framework (TCF) the first GDPR-backed certification seal or code of conduct under Articles 41-42 of the GDPR for the ad tech industry. Such seal or code of conduct for the TCF as a framework would bring clarity to all stakeholders in the online advertising industry, from advertisers and technology providers to publishers and end users alike.

But can companies using US-based ad tech and mar tech afford to wait for further clarity or guidance from IAB Europe or from EU authorities? Or, at a minimum, what should advertisers and publishers do now?

The first step is to gather leading stakeholders from marketing, legal and compliance, IT operations and IT security to begin answering the following questions:

  • What data do you collect? Where is it stored? Who can access it? Ensure a full understanding of your own – and your vendors’ – flow of data.
  • How do your contractual obligations impact your compliance requirements?
  • How can you do more from a technical and security perspective – e.g., Can data be anonymized before shared?
  • Based on the above answers, do you feel confident you can continue working with US-based vendors, or should you consider alternatives?

Highly regulated industries with high attention to compliance (e.g., financial companies, telcos, etc.) are likely already in the process of determining how to reaccess their advertising vendors based on these decisions. But really, any company operating in Europe who collects data on its customers should immediately pause to begin a reevaluation exercise, like the one outlined above, to determine if it is compliant with these new decisions regarding services from US-based platforms.

 

 

 

 

Must Read

Intent IQ Has Patents For Ad Tech’s Most Basic Functions – And It’s Not Afraid To Use Them

An unusual dilemma has programmatic vendors and ad tech platforms worried about a flurry of potential patent infringement suits.

TikTok Video For Open Web Publishers? Outbrain Built It.

Outbrain is trying to shed its chumbox rep by bringing social media-style vertical video to mobile publishers on the open web.

Billups Launches Attention Measurement For Out-Of-Home

Billups, a managed services agency that specializes in OOH, is making its attention measurement solution and a related analytics dashboard available for general use.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
US District Court for the Eastern District of Virginia, Alexandria

The Google Ad Tech Antitrust Case Is Over – And Here’s What’s Happening Next

Just three weeks after it began, the Google ad tech antitrust trial in Virginia is over. The court will now take a nearly two-month break before reconvening for closing arguments right before Thanksgiving.

Jounce Media's Chris Kane at Programmatic IO NY on Sept. 25, 2024.

The Bidstream Is A Duplicative, Chaotic Mess – But It Doesn’t Have To Be That Way

Publishers are initiating more and more auctions – but doesn’t mean DSPs are listening to more bids, according to Chris Kane.

Readers Are Flocking To Political News, Says WaPo – And Advertisers Are Missing Out

During certain periods this year, advertisers blocked more than 40% of The Washington Post’s inventory over brand safety concerns.