• Blog
  • Norwegian Data Protection Authority's Conclusion on Google Analytics Violation Under GDPR

Norwegian Data Protection Authority's Conclusion on Google Analytics Violation Under GDPR

Simon Coulthard March 08, 2023

2-minute read

The Norwegian data protection agency, in a still-pending complaint coordinated by Noyb, came to the preliminary conclusion that the usage of Google Analytics was in violation of the GDPR's transfer requirements. 

Before a formal decision is made, the parties to the cases are given the chance to remark on the matter.

The findings were made public on March 1, on its website, and it plans to adopt a final judgment from late April.

The Background of Google Analytics Violations

The Noyb organization has complained to the EEA's data supervisory authorities about a number of European websites. According to Noyb, websites that use Google Analytics, an American analytic tool, violate the General Data Protection Regulation (GDPR) by sending users' personal data outside of the European Economic Area.

The Norwegian website, one of the ones that received complaints, formerly made use of Google Analytics. As a result, the Norwegian Data Protection Authority analyzed the situation. 

Their initial finding is that the transfer regulations of the GDPR were broken by the usage of Google Analytics. In order to provide the parties in the case a chance to comment on the results before we reach a decision, Datastylnet has now sent them prior notice.

The European Data Protection Board (EDPB) has created a separate working group to manage complaints because there have been so many at the European level about the use of Google Analytics. The GDPR must be interpreted uniformly across the EEA by the data supervisory authorities.

The usage of Google Analytics violates privacy laws, according to decisions made by the data supervisory authorities of Austria, France, Italy, and Denmark as well as the data supervisory authority for EU entities (EDPS). 

“Norway is clearly in line with the rest of Europe under noyb's opinion on the use of Google Analytics”, said Tobias Judin, section manager at Datailsynet.

The data supervisory authority in Liechtenstein has also expressed concerns about the tool, and the Danish Data Protection Authority likewise comes to the same conclusion in a guidance on the subject.


What Did the Authorities Recommend?

There may be repercussions for other Norwegian websites if the Norwegian Data Protection Authority rules that the website's usage of Google Analytics violated the GDPR. Thus, they again urge people to look into Google Analytics' alternatives.

When a decision has been taken, they will give more specific information on what is applicable and what they anticipate from Norwegian websites. At the earliest, this might not happen until the end of April.

If you’re interested in finding an alternative, TWIPLA is a GDPR-compliant website intelligence platform. Privacy by design ensures that it meet's the requirements of this strict data privacy law, and can be used without creating data privacy compliance work.

It also provides various levels of privacy protection you can make use of depending on the country’s law.

Get Started for Free

Gain World-Class Insights & Offer Innovative Privacy & Security

You might also like
What is GDPR. Implications of GDPR on Marketers
09 February 2022What is GDPR. Implications of GDPR on Marketers
US and EU Agree New Trans-Atlantic Data Privacy Framework
New EU-US data privacy framework now in force
07 September 2023 - by Simon CoulthardUS and EU Agree New Trans-Atlantic Data Privacy Framework
Delaware Personal Data Privacy Law to Arrive in January 2025
New DPDPA law in Delaware
15 September 2023 - by Simon CoulthardDelaware Personal Data Privacy Law to Arrive in January 2025

Insights to Your Inbox

Receive a monthly summary of website intelligence news, advice, and also product updates. And don't worry, we won't tell sales!