Google Analytics is dead


3 minutes

Is Google Analytics Really Banned? In January 2022, a decision by the Austrian data protection authority caused a stir. Google Analytics is banned has been …


Is Google Analytics Really Banned?

In January 2022, a decision by the Austrian data protection authority caused a stir. Google Analytics is banned has been reported in many media.

In this decision, the integration of Google Analytics on websites was considered unlawful. There are a variety of reasons for how this decision was made, but these are not relevant for companies in the current situation. Rather, the question is whether this prohibition is absolute or whether it only had to be pronounced in the specific case on which the decision was based.

The short answer

given the way Google Analytics is built into most websites, it is banned and the agency’s decision came as no great surprise to those in the know.

Continue to use Google Analytics

But legally secure! Test now for 14 days free of charge.

The long answer

there is no fundamental ban, but the legal basis for processing and for transmission to countries outside the EU must be chosen with great care.

The problem of Google Analytics consists of two parts.

Firstly, data is read from the user’s device and information is stored there (cookies), which is not absolutely necessary for the operation of the website, and it is passed on to a third party (Google) who processes the data for its own purposes. According to Section 165 of the Austrian Telecommunications Act (TKG 2021) and Section 25 of the German TTDSG, this is only possible with consent.

Secondly, Google not only processes the data within the European Union, but also transfers it to the USA, using the Standard Contractual Clauses (SCC) approved by the EU Commission.

Many websites fail at the first hurdle, namely obtaining valid consent. Processing begins before the user has even consented, the information is incomplete and misleading, and “dark patterns” are used to “nudge” the user into giving their consent, e.g. by hiding setting options or a prominent and sympathetic appearance of the “Accept all” button. Consent obtained in this way is invalid and the entire processing becomes unlawful.

In order to obtain valid consent, it must meet the following criteria:

  • It must be obtained before activating Google Analytics
  • She must be well informed
  • She must be voluntary
  • It just has to be revocable

Once you have obtained consent for the processing itself in this way, you can take care of the second area of concern, namely transfers to countries outside the European Union.

In exceptional cases, i.e. not as a rule, the GDPR also allows consent as the legal basis for this transmission to other countries. Since the processing of the data is practically inextricably linked to the transmission, both processing steps can be obtained with consent.

And so Google Analytics can be used again on websites.

As a website operator, you must expect that some of your users will not give their consent. Studies have shown that a large proportion of website visitors are no longer measured in this way, and this naturally leads to problems in comparison with previous data or the calculation of conversion rates from online marketing campaigns.

Think about implementing other analysis tools on your website, which are legally valid even without consent, in order to be able to measure these visitors as well.

Recommended articles

The role of AI in GDPR compliance

With the rise of artificial intelligence (AI) and its increasing use in various industries, it is becoming crucial for organizations to understand the role of AI in ensuring GDPR compliance.

Browser Fingerprinting and the GDPR

Browser fingerprinting is a technique used by websites and advertisers to track and identify a user’s device and online behavior based on information collected from their web browser. This information may include technical details about the device, software, and network, as well as user-specific information such as language preferences, time zone, and browsing history.

5 common GDPR myths debunked

The General Data Protection Regulation (GDPR) is a set of regulations introduced by the European Union (EU) in 2018 to ... Weiterlesen ...

Server Side Tracking GDPR compliant

How to implement server side tracking/tagging in compliance with GDPR? What needs to be considered in relation to the GDPR? ... Weiterlesen ...
Thank you for visiting, the website of legal web GmbH in Österreich. We use technologies from partners (2) to provide our services. These include cookies and third-party tools to process some of your personal data. These technologies are not strictly necessary for the use of the website, but they do enable us to provide a better service and to interact more closely with you. You can adjust or withdraw your consent at any time.
asd as asd