Swedish company Tele2 gets GDPR fine for using Google Analytics

Personal data in the U.S.

As we pointed out in an earlier


blog post


,
there is already a lot of controversy surrounding GA. The Austrian Privacy Foundation NOYB has a whole host of complaints submitted around GA and the fact that Google by the U.S. government mandatory can be to European make personal data available.

It is for this reason that in 2020 the European Court of Justice put an end to the Privacy Shield, the treaty that regulated data sharing between Europe and U.S. companies. Since then, U.S. companies and organizations, such as GA, can only exchange personal datan if they provide Standard Contractual Clauses
.

In order to use these clauses, there do provide for an equivalent level of protection. This does not happen to this day does not.

National protection authority criticizes Tele2’s inadequate technical data protection measures

Also in this case, the national protection authority concluded that the technical measures taken by Tele2 to protect personal data were grossly inadequate to provide an equivalent level of protection. Indeed, only general model contracts were provided, without considering specific technical measures that could have been taken.

GDPR fine of 1 million euros for inadequate data protection with Google Analytics

Using a model contract in this case is insufficient to guarantee this level of protection. For these reasons, the authority determined that Tele2 must pay a fine of one million euros.Tele2 has since voluntarily stopped using Google Analytics.

This is not the first time a company has been taken to task for using GA. The protection authorities of Austria, Norway and Italy have also already concluded that the use of GA goes against the provisions of the GDPR.