Google Analytics is deemed unlawful in Denmark – now what?

If you live in Europe and work in marketing or data analytics, you might have heard the news. Last week, Denmark was the fourth European country to deem Google Analytics as breaching the EU’s General Data Protection Regulation (GDPR). Following a similar ruling in Austria, France, and Italy, the Danish authorities concluded that, under its default settings, Google Analytics cannot be used lawfully in Denmark.

Given the importance of Google Analytics as a web tracking tool in the martech ecosystem, we wanted to give European marketers insight into these rulings, what they mean for European businesses, and what can be done to mitigate the risks and downsides of this situation. Let’s dive in.

Context

Google Analytics is a web analytics service offered for free by Google. It was launched in 2005 following the company’s acquisition of Urchin. To enable it, users simply add a small snippet of code to their website’s HTML. Once that’s done, they gain access to a complete suite of tools that help them analyze and understand their website traffic – including where it’s coming from, visit patterns, time spent on each page, bounce rates, and much more. In fact, an estimated 35m websites globally are using Google Analytics today to understand how people interact with their sites.

However, the recent rise in concern around data privacy has resulted in new laws and policies challenging tools like Google Analytics. Under GDPR—the strict data protection law that came into effect in 2018—some European courts have deemed Google Analytics unlawful because some of the data collected in Europe gets transferred to the United States. In the words of Makar Juhl Holst, Senior Legal Advisor at the Danish Data Protection Agency:

“The GDPR is made to protect the privacy of European citizens. This means, among other things, that you should be able to visit a website without your data ending up in the wrong hands. We have carefully reviewed the possible settings of Google Analytics and have come to the conclusion that you cannot use the tool in its current form without implementing supplementary measures.”

What this means for Danish businesses

Denmark is the fourth European country to conclude that Google Analytics infringes on GDPR. While it remains unclear what this means for countries that haven’t reached a similar judgement, there is some clarity for Denmark, France, Austria, and Italy.

As stated by Datailsynet, Denmark’s Data Protection Agency:

"Organisations in Denmark that use Google Analytics must therefore assess whether their possible continued use of the tool takes place in compliance with data protection law. If this is not the case, the organisation must either bring its use of the tool into compliance, or, if necessary, discontinue using the tool."

This means that if you’re a Danish business using Google Analytics, you must either implement supplementary measures to bring your use of the tool into compliance or cease using Google Analytics altogether.

What you can do

This verdict leaves Danish businesses with two options:

• Become compliant: Take measures to ensure your use of Google Analytics meets data protection laws.
• Stop using Google Analytics: Cease its use if compliance isn’t possible.

There is still a lot of uncertainty regarding how to achieve compliance. However, one possible solution proposed by the French Data Protection Agency is pseudonymisation via a reverse-proxy. This technique helps avoid any direct contact between the user’s terminal and Google Analytics’ servers.

If your business cannot implement this solution, the alternative is to stop using Google Analytics altogether. Understandably, this may be difficult since Google Analytics plays a central role in many companies’ web analytics efforts. Fortunately, EU privacy-friendly alternatives are emerging—such as Plausible Analytics, which hosts customer data in the EU and is GDPR compliant.

Get started with compliant analytics

If you’re looking for advice on how to ensure your use of Google Analytics is compliant, or if you need alternative tools for your web analytics efforts, don’t hesitate to reach out to one of our experts today!