Italy's Data Watchdog Latest To Warn Over Use of Google Analytics (techcrunch.com) 5
An anonymous reader quotes a report from TechCrunch: Another strike against use of Google Analytics in Europe: The Italian data protection authority has found a local web publisher's use of the popular analytics tool to be non-compliant with EU data protection rules owing to user data being transferred to the U.S. -- a country that lacks an equivalent legal framework to protect the info from being accessed by US spooks. The Garante found the web publisher's use of Google Analytics resulted in the collection of many types of user data, including device IP address, browser information, OS, screen resolution, language selection, plus the date and time of the site visit, which were transferred to the U.S. without adequate supplementary measures being applied to raise the level of protection to the necessary EU legal standard.
Protections applied by Google were not sufficient to address the risk, it added, echoing the conclusion of several other EU DPAs who have also found use of Google Analytics violates the bloc's data protection rules over the data export issue. Italy's DPA has given the publisher in question (a company called Caffeina Media Srl) 90 days to fix the compliance violation. But the decision has wider significance as it has also warned other local websites that are using Google Analytics to take note and check their own compliance, writing in a press release [translated from Italian with machine translation]: "[T]he Authority draws the attention of all Italian managers of websites, public and private, to the illegality of transfers made to the United States through GA [Google Analytics], also in consideration of the numerous reports and questions that are being received by the Office, and invites all data controllers to verify the compliance of the methods of use of cookies and other tracking tools used on its websites, with particular attention to Google Analytics and other similar services, with the legislation on the protection of personal data." A Google spokesperson issued the following statement: "People want the websites they visit to be well designed, easy to use, and respectful of their privacy. Google Analytics helps publishers understand how well their sites and apps are working for their visitors -- but not by identifying individuals or tracking them across the web. These organizations, not Google, control what data is collected with these tools, and how it is used. Google helps by providing a range of safeguards, controls and resources for compliance."
Google is reviewing the Italian DPA's decision, according to the spokesperson.
Protections applied by Google were not sufficient to address the risk, it added, echoing the conclusion of several other EU DPAs who have also found use of Google Analytics violates the bloc's data protection rules over the data export issue. Italy's DPA has given the publisher in question (a company called Caffeina Media Srl) 90 days to fix the compliance violation. But the decision has wider significance as it has also warned other local websites that are using Google Analytics to take note and check their own compliance, writing in a press release [translated from Italian with machine translation]: "[T]he Authority draws the attention of all Italian managers of websites, public and private, to the illegality of transfers made to the United States through GA [Google Analytics], also in consideration of the numerous reports and questions that are being received by the Office, and invites all data controllers to verify the compliance of the methods of use of cookies and other tracking tools used on its websites, with particular attention to Google Analytics and other similar services, with the legislation on the protection of personal data." A Google spokesperson issued the following statement: "People want the websites they visit to be well designed, easy to use, and respectful of their privacy. Google Analytics helps publishers understand how well their sites and apps are working for their visitors -- but not by identifying individuals or tracking them across the web. These organizations, not Google, control what data is collected with these tools, and how it is used. Google helps by providing a range of safeguards, controls and resources for compliance."
Google is reviewing the Italian DPA's decision, according to the spokesperson.
Google helps by providing..... (Score:5, Informative)
Google helps by providing as little as possible in the way of configuration that would not send all that data to Google to begin with.
I've seen the setups for google analytics, and the defaults are... Oh boy...
And trying to change those requires a bit more knowledge than I imagine a random "web designer" has, if they even know they're supposed to change those.
Re: (Score:3)
Time to switch... (Score:3)
I often see Google Analytics JS snippets on websites & wonder, "Who ever looks at that data & do they even have the background knowledge & skills to make anything meaningful & useful from it. It's one thing to have data & metrics & pretty graphs from analyses about it. It's another to know what it means & what you can do about it. I very much doubt that many people who run websites with Google Analytics JS snippets included have any idea what they're doing. It's simply funneling their site visitors' data to Google & the US govt.
This is why everyone should use NoScript.... (Score:3)
....(or a equivalent add-on) when they browse the net. The one thing I've never allowed is Google Analytics and I, for one, would highly recommend everyone else follow that example.
And using such a tool with your browser allows you to see just how much crap is pulled into a page from outside sources. It's positively scary, especially when you consider most web developers are so sloppy about security, especially yours. And much of the outside stuff isn't really needed to display a page, so why is it there?
I block by default and only allow enough thru to display a page. And there is always the option of not browsing to a site that has too many questionable outside sources being pulled in. Just do a CTRL-U (works on most browsers I've used) to see the source of a page and just try to read thru the garbage you find there on most sites.
Re: (Score:2)
I sometimes wonder if I can get rid of the ad-blocker, but I'm too lazy to do the relevant experiment. Actually, I might just do that right now.