Google Analytics, the world’s most popular web analytics tool, could give U.S. intelligence services access to French website users’ data, France’s watchdog said Thursday.
The data privacy regulator — one of the most prominent and influential in Europe — decided the U.S. tech giant hadn’t taken sufficient steps to ensure data privacy when data was transferred between Europe and the U.S.
According to the CNIL, the French website manager was given a month to comply with EU regulation and that it had issued similar orders to other website managers.
Google didn’t comment on the CNIL decision. In the past, Google has stated that Google Analytics does not track people across the Internet and that organizations using this tool have control over the data they collect.
Noyb (Non Of Your Business), a privacy group founded by Max Schrems, Austrian lawyer and privacy activist who won a high-profile case before Europe’s top court in 2020, complained to CNIL. There was a similar decision by its Austrian counterpart.
Because of similar concerns, the European Court of Justice scrapped the Privacy Shield, which was relied on by thousands of companies for services ranging from cloud infrastructure to payroll and finance.
Large companies, including Google and Meta’s Facebook, have called for a swift agreement on a replacement transatlantic data transfer pact due to the potential legal risks involved.