Story of the Google Analytics In recent weeks it has destabilized quite a few comp And the public administrations. In the case of complete uncertainty, we tried to rearrange the concepts and find with an expert the best solution available at the moment.
What is Google Analytics and how does it work?
Google Analytics (GA) is a free web analysis service offered by Google in order to track the activities of website visitors and provide the same aggregate statistics to CIOs regarding a series of information: demographic, economic, technical and behavioral. as the best Pietro Biase setscomputer scientist and activist at Monitora PA:
When a user then visits a page with a Google Analytics tracking code, a piece of the code is automatically executed that transmits, via TCP/IP and HTTP protocols, a certain number of information to Google servers that is sufficient to identify the visitor in most cases..
In this regard, the Privacy Guarantor He highlighted that among the many data collected there “The IP address of the user’s device, information about the browser, operating system, screen resolution, selected language, as well as the date and time of the visit to the Website“.
Why is Google Analytics a risk to our personal data?
Let’s start with an undisputed element: Google Analytics is not GDPR compliant. The main reason for what was just said is rooted in the fact that For Google, it is always possible to identify European citizens and track their activity, opinions and interests On all websites (and all apps) that use Google Analytics, to track recordings for personal identification.
In the list indicated in the first paragraph regarding the data collected by Google Analytics, the IP address (personal data in all respects) is indicated. Well, as the privacy guarantor mentioned, even if it’s an IP addressIf it is truncated, it will no longer become anonymous data, due to Google’s ability to enrich it with other data in its possession.“. Therefore, Google Analytics and other similar services are not GDPR compliant because they do not provide the guarantees established by the regulation itself, and thus violate current legislation as they transfer user data to the United States, a country that currently lacks an adequate level of protection.
Caffeina Media Srl: A case that is not at all isolated
Under a clause issued on June 9, 2022, the guarantor required Caffeina Media Srl (which operates certain websites), to comply with the General Data Protection Regulation (GDPR) within ninety days by adopting appropriate measures relating to data transmission activity. Otherwise, data flow to the United States will be suspended.
Because this procedure cannot be considered an isolated case, but It should be understood as an extended recommendation to all companies and public administrations Who are using Google Analytics illegally? Since the privacy guarantor, after the specified 90 days of the company’s receipt of the item, It will start verifying compliance with the GDPR. of data transmissions carried out by data controllers. This means that Website managers have until September 7, 2022 to organize themselves in order to avoid penalties.
Google Analytics Solution 4? No, it is not GDPR compliant.
Google Analytics 4 is not a solution Since, like its predecessor Universal Analytics, by transferring users’ personal data to Google, it cannot be considered in relation to privacy dictates. The problem also in this case lies in the rules of the American legal system that are set Government agencies have very keen powers of access to databases maintained by companies established in the United States Wherever they have servers in the world. Basically, with Google Analytics the method of transferring personal data is different, but a problem Fail to ensure effective anonymization of data Insist – stick to his opinion.
What solutions should be adopted?
exist Several open source alternatives to Google Analytics respect GDPR provisions. Moreover, adopting one of the tools described below will allow data controllers to continue to do so Benefit from the information of visitors to their websites without compromising the rights of citizens.
Let us consider in more detail which program companies and public administrations can choose.
1. Reasonable Analytics
reasonable It is simple and open source web analytics. Created and hosted in the European Union, powered by European-owned EU Cloud Infrastructure, costs around €5 per month and Allows you to import Google Analytics statistics. All site measurements are performed completely anonymously, no cookies are used, and no personal data is collected. All visitor data is processed using servers that are owned and operated exclusively by European companies.
2. Matomo
Matomo It is an open source service that can be adopted by anyone looking for a file Almost complete and accurate statistics service like Google Analytics, but this does not reconstruct the anonymous data in any way. there Free trial for 21 days Then the payment is made by choosing a plan with approximate prices 17 euros per month. Matomo also allows you to do so Use of historical data for Google Analytics It can be imported directly from the respective service.
3. Web Analytics Italy
We close the circle with Specific solution for public administration sites. Italy web analytics It is actually a platform that provides real-time statistics of visitors to public administration websites, and provides operators with detailed reports. Free stats monitoring.
Having suggested these alternatives, it reaffirms the fact that The Privacy Guarantor does not prohibit the use of Google Analytics as such, but prohibits it because it transfers user data to the United States in a manner inconsistent with the provisions of the GDPR. Therefore, programs that are “alternative” to Google Analytics, but perform the same activities, are equally illegal.
As the managing editor Matteo Bartucci of Il Manifesto has correctly confirmedAnd the “Data are the red blood cells of the Internet economy, they carry information and energy on the Internet: whoever has more earns more”. For this and for the above reasons, it is necessary to carefully evaluate the alternatives that can be considered really suitable for replacing Google Analytics.
The solution is as he remembers Guido Scorza privacy guarantor council “It can be neither technical nor political because the truth is that we need an agreement that is able to remedy the situation that arose in the wake of the Schrems II ruling, which abolished the Privacy Shield.”. Agreement, so far, does not exist.
article from Dr. Alessandra Totaro, the data protection officer in several Italian municipalities on behalf of the local authority advisory firm Pabli srl. If your local authority has not appointed a data protection officer, now is the time to do so. Request a quote immediately by writing to [email protected] or Fill out the form.
Source: Pabli srl
“Typical beer trailblazer. Hipster-friendly web buff. Certified alcohol fanatic. Internetaholic. Infuriatingly humble zombie lover.”