German Data Protection Authority issues warning over the use of Google Analytics

German Data Protection Authority issues warning over the use of Google Analytics

The Rhineland-Palatinate Data Protection Supervision (LfDi) now requires websites to obtain valid consent from the user for using Google Analytics and similar remarketing tools. 5-item checklist to acquire valid consent.

LFDI ISSUES WARNING TO WEBSITES USING GOOGLE ANALYTICS

You cannot place Google Analytics cookies without the site users’ explicit consent!

The State Commissioner for Data Protection and Information Security (LfDI) stated in a recent newsletter that website owners have already been warned that the placement of an analytical cookie, such as the use of Google Analytics and other similar tracking tools will require the site users explicit consent going forward.

This is a translation of that newsletter

” The LfDI has provided instructions to website operators in a number of procedures. This requires that websites must be adapted in such a way that the transmission of user data to other providers is only carried out with the knowledge and active consent of the website users. Specifically, this concerns the use of the services like Google Analytics and Google Remarketing.”

Websites who do not collect valid consent when using Google Analytics or other services which set cookies that collect and process personal data, will be obliged to stop this practice or redesign their website to accommodate data protection regulations, the LfDi declares.

The LfDi are ready to open legal proceedings against websites that do not comply with the instruction.

CONSENT IS VITAL WHEN USING GOOGLE ANALYTICS

The Administrative Court of Mainz (Germany) already established in a similar case that the legal basis under Article 6 of the GDPR also apply when using analysis tools such as Google Analytics.

Websites can no longer claim legitimate interests (article 6, 1(f)) when using services that collect and process website users’ personal data for marketing purposes.

Consent must be freely given and explicit. The LfDi draws attention to the recent EU-Court of Justice decision in the case against Planet49.

Informative cookie banners are no longer sufficient when using cookies that track visitors online (e.g. Google Analytics).

HOW TO OBTAIN VALID CONSENT USING GOOGLE ANALYTICS?

Google Analytics is a widespread tool for audience measurements and traffic analysis. Using Google Analytics, however, comes with some privacy restrictions.

As Google Analytics uses cookies (_ga, _gid being the most common) to collect website visitors’ personal data (IP-address), the European General Data Protection Regulation (GDPR) does require that the processing of this data is based on consent.

To collect valid consent, you need a cookie consent solution (pop-up) must:

·       Informs your site users of the cookies used (who owns them; their purpose; expiry)

·       Provides your site users with the option to decline cookies

·       Blocks cookies from being placed on device until consent is provided

·       Collects and stores user’s consents in case of inspection or complaint

Ensure your website is GDPR and ePrivacy complient

Create a FREE CookieScan account today and start managing your cookie consent.

Get Started