7/1/2023 0 Comments Google data breach 2022![]() ![]() Indeed, organizations may be obliged by authorities of third countries to disclose personal data hosted on servers located in the European Union.” Standard contractual clauses also do not suffice to bridge the legal gap on data exports, the CNIL also emphasizes - noting that it’s not possible to configure Google Analytics so that it does not transfer Europeans’ personal data outside the bloc and further warning: “Even in the absence of transfer, the use of solutions offered by companies subject to non-European jurisdictions is likely to pose difficulties in terms of access to data. intelligence services to the personal data of European users when using the Google Analytics tool alone,” it writes in response to the question of whether it’s possible to rely on additional safeguards Google claims it applies to the tool. “None of the additional guarantees presented to the CNIL as part of the formal notice would prevent or render ineffective the access of U.S. The CNIL’s FAQ on use of Google Analytics goes on to suggest it is essentially impossible for EU based organizations to use the tool without applying certain additional safeguards of their own. ĮU-US data transfers deal could be finalized by end of year, says bloc They must therefore turn to a service provider offering sufficient guarantees of conformity,” the CNIL warns in the guidance. ![]() “All data controllers using Google Analytics in a similar way to organizations must now consider this use as illegal under the GDPR. And it’s likely that the risk of fines for non-compliance is stepping up now that regulatory guidance on the issue is getting more detailed because it means there are fewer plausible excuses for not having made the necessary changes. So the bottom line is EU websites can either make changes to their use of Google Analytics or risk regulatory enforcement - which could include an order to amend their processes and a financial penalty for being in breach. (It will also almost certainly face fresh legal challenges to test whether the deal is just as flawed as the earlier ones, as data protection experts suspect.) cloud services that take Europeans’ data over the pond for processing ahead of an actual replacement deal being formally adopted by the EU - which the Commission has suggested may not happen until the end of the year. announced ( in March) a political deal on a replacement transfer mechanism.īut, as the CNIL notes, their joint statement is not a legal framework and cannot be relied upon by users of U.S. Privacy Shield) over the risk of unlawful access to Europeans’ data by U.S. for processing by Google - an export of personal data that lacks adequate legal protections in the wake of a 2020 decision by Europe’s top court that invalidated a flagship data transfer agreement (aka, the EU-U.S. The legal issue - which does not just affect use of the popular analytics tool in France but across the entire EU - hinges on user data being transferred to the U.S. It has also confirmed that it has since issued formal notices to other organizations to bring their use of Google Analytics into compliance. France’s data protection watchdog, the CNIL, has issued updated guidance on use of Google Analytics following a decision earlier this year that found a local website’s use of the tool to be in breach of European Union law. ![]()
0 Comments
Leave a Reply. |