The Swedish information safety watchdog has warned firms towards utilizing Google Analytics resulting from dangers posed by U.S. authorities surveillance, following related strikes by Austria, France, and Italy final yr.
The event comes within the aftermath of an audit initiated by the Swedish Authority for Privateness Safety (IMY) towards 4 firms CDON, Coop, Dagens Industri, and Tele2.
„In its audits, IMY considers that the information transferred to the U.S. by way of Google’s statistics device is private information as a result of the information might be linked with different distinctive information that’s transferred,“ IMY said.
„The authority additionally concludes that the technical safety measures that the businesses have taken are usually not adequate to make sure a degree of safety that basically corresponds to that assured inside the EU/EEA.“
The information safety authority additionally fined $1.1 million for Swedish telecom service supplier Tele2 and fewer than $30,000 for native on-line market CDON failing to implement satisfactory safety measures to anonymize the information previous to the switch.
Moreover, CDON, Coop, and Dagens Industri have been ordered to stop utilizing Google Analytics. Tele2 is alleged to have voluntarily stopped utilizing the service.
The investigation, the IMY added, was based mostly on a criticism filed by the privateness non-profit None of Your Enterprise (noyb) alleging violations of the Basic Knowledge Safety Regulation (GDPR) legal guidelines.
The choice is rooted in the truth that such E.U.-U.S. information transfers have been discovered unlawful in mild of potential surveillance worries that information saved in U.S. servers could possibly be topic to entry by intelligence businesses within the nation.
Related issues have led to Meta being levied a document $1.3 billion effective by European Union information safety businesses. That mentioned, the E.U. and U.S. are within the means of finalizing a new data transfer arrangement, referred to as the E.U.-U.S. Knowledge Privateness Framework, that replaces the now-invalid Privateness Protect.