Swedish company Tele2 gets GDPR fine for using Google Analytics

The Swedish Data Protection Authority has imposed a €1 million GDPR fine on the Swedish
telecom provider
Tele2. The authority considers that the company, by using Google Analytics (hereinafter: GA) personal data to the US and that it has not taken the necessary technical measures to protect the persoonsdata adequately protected.

Personal data in the U.S.


As we pointed out in an earlier


blog post


,
there is already a lot of controversy surrounding GA. The Austrian Privacy Foundation NOYB has a whole host of complaints submitted around GA and the fact that Google by the U.S. government mandatory can be to European make personal data available.

It is for this reason that in 2020 the European Court of Justice put an end to the Privacy Shield, the treaty that regulated data sharing between Europe and U.S. companies. Since then, U.S. companies and organizations, such as GA, can only exchange personal datan if they provide Standard Contractual Clauses
.

In order to use these clauses, there do provide for an equivalent level of protection. This does not happen to this day does not.

National protection authority criticizes Tele2’s inadequate technical data protection measures

Also in this case, the national protection authority concluded that the technical measures taken by Tele2 to protect personal data were grossly inadequate to provide an equivalent level of protection. Indeed, only general model contracts were provided, without considering specific technical measures that could have been taken.

GDPR fine of 1 million euros for inadequate data protection with Google Analytics

Using a model contract in this case is insufficient to guarantee this level of protection. For these reasons, the authority determined that Tele2 must pay a fine of one million euros.Tele2 has since voluntarily stopped using Google Analytics.

This is not the first time a company has been taken to task for using GA. The protection authorities of Austria, Norway and Italy have also already concluded that the use of GA goes against the provisions of the GDPR.

Conclusie

More and more European data protectionsAuthorities are tapping companies on the finger for using GA. It is therefore time for bedrives are going to switch to alternatives who are GDPR- Proof are. You can always contact an accredited DPO for advice around the best alternatives to GA.

Delen:

Meer berichten

nis2 incident aangeven

To report an NIS2 incident

With the introduction of the NIS2 directive in the EU, cyber incident reporting will become mandatory for many companies. This means that

Partners

©DPO Associates Alle rechten voorbehouden. Privacy verklaringCookie verklaring | Algemene voorwaarden