On December 22, the Austrian data regulator, Datenschutzbehörde, said the use of Google Analytics on NetDoktor breached the European Union’s General Data Protection Regulation (GDPR). The data being sent to the US wasn’t being properly protected against potential access by US intelligence agencies, the regulator said in a decision that was published last week. Days earlier it was revealed that European Parliament’s Covid-19 testing website had also breached GDPR by using cookies from Google Analytics and Stripe, according to a decision from the European Data Protection Supervisor (EDPS).

The two cases are the first decisions following a July 2020 ruling that Privacy Shield, the mechanism used by thousands of companies to move data from the EU to the US, was illegal. These landmark cases will likely pile pressure on negotiators in the US and Europe who are trying to replace Privacy Shield with a new way for data to flow between the two.

Read more:

Burgess, M. (2o22 January 19). Europe’s Move Against Google Analytics Is Just the Beginning. Wired. https://www.wired.co.uk/article/google-analytics-europe-austria-privacy-shield