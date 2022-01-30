



A summary of the facts so far and what you can do to protect yourself today.

In light of recent media attention and speculation about the legality of Google Analytics within Europe, Reprise has decided to create a document that shares our views on recent events. We aim to be more clarified based on the current information available and provide some recommendations to mitigate the risks associated with Google Analytics and European data protection laws.

That said, you should be aware of this document with the following disclaimer:

This document does not constitute legal advice, as we are not legal experts. The purpose is to provide timely information related to the field of specialization, which is the Google Analytics platform itself. Seek guidance from a qualified professional legal expert to fully comply with European data protection laws or other regional / national laws.

What happened in Austria?

On January 13, the Austrian Data Protection Agency (DPA) determined that the use of Google Analytics on Austrian websites violated the EU’s General Data Protection Regulation (GDPR) (source). A specific breach is that an Austrian website provider transferred personal data to Google in the process of using Google Analytics to track the behavior of the website.

The definition of personal data here is defined as personal user ID, IP address, and browser parameters. Interestingly, under the GDPR Act, Google argued that only the exporter of the data (the owner of the website) was responsible and the importer (Google) was not responsible, so only the owner of the website. Was responsible.

In addition to this, the DPA said the law was particularly broken as this personal data was imported into the United States and subject to U.S. law, such as making that data available to the U.S. government in certain circumstances. I am.

Google support

According to Google, despite the fact that this data has been transferred from the EU to U.S. servers, it’s confusing that precautions have been taken to keep it operating within European law. I am. They publish two important pieces of content in response to the ruling, including one that explains some key facts about Google Analytics and how it is used, and one that directly addresses Google’s position on the GDPR Act and its interpretation. Did.

https://blog.google/around-the-globe/google-europe/google-analytics-facts/

https://blog.google/around-the-globe/google-europe/its-time-for-a-new-eu-us-data-transfer-framework/

In the article, Google states that the responsibility for GDPR compliance ultimately rests with Google Analytics customers. In addition, we will give you an overview of the user controls you can use to help with compliance. This list contains the following recommendations:

Turn on IP anonymization or IP masking. This means collecting only part of the user’s IP address, allowing basic geographic targeting to continue to be used, but with less accuracy. For example, a user’s IP address could be 128.99.1.12, but Google Analytics collects only the first three blocks, so it collects only 128.99.1.0. In addition, Google recommends that you partially or completely disable data collection on certain pages. This is easy in some industries, such as banks, where you don’t want to track certain behaviors within your online banking portal. However, it is worth considering what personal data may be exposed to your website and proactively prevent its collection. In addition to this, Google Analytics has a setting that limits the amount of time that certain types of data are stored before they are automatically deleted. There is also a User Deletion API for complying with the right to be forgotten. Google also recommends that you leverage legally compliant consent messages within your website to give you control over the information collected, such as the provisions that allow or prohibit cookies. Finally, Google not only recommends (and enforces) organizations not collecting personally identifiable information (PII) within the Google Analytics platform. What’s confusing about this is that Austrian DPA and Google have different definitions in this regard. If DPA determines that IP addresses and user IDs make up personal information, Google’s definition isn’t.Our verdict

After all, our verdict is not important in court, but we would like to share our conclusions as the presentations of the facts on both sides are so different.

Is Google Analytics illegal?

Google Analytics as a service seems to be legal in Europe, as evidenced by the lack of claims filed against Google. However, improper use of the platform may be considered illegal. The pitfall here is that using Google Analytics out of the box isn’t enough to comply with European requirements. In the most common version of GA (Universal Analytics), features such as IP anonymization are not enabled by default. However, IP anonymization is enabled by default in the new Google Analytics 4, fulfilling Google’s promise of a more privacy-centric platform. In addition to this, if an organization uses Google Analytics to intentionally or inadvertently collect personal information, there is little that Google can do to prevent this (actively auditing and calling such violations). I’m trying to do that). At this time, the decision applies only to Austria and is not final, as reported in the technical publication Wired. Websites across Europe are suddenly trying to stop using Google Analytics.

What about Google Analytics alternatives?

As shown above, improper use can violate the GDPR law, no matter which analytics platform your organization uses. However, most analytics platforms, including Adobe Analytics, use the same type of user ID and IP address, so don’t rush to start the vendor selection process. Many less-established web analytics platforms have also jumped into the news as a way to turn Google Analytics customers into their platforms, but when reading their view of the situation, some expert Remember to exercise your skepticism. However, if you are considering an alternative platform, Reprise will assist you in the selection process.

Where are you from here?

I don’t think this is the end of the story. Last year, a $ 1 billion fine was imposed for violating the GDPR. What is unclear is whether the GDPR law will be further modified to provide a viable future for digital advertising while balancing personal privacy needs. As recommended in a recent Google article, we need a more consistent approach to data transfer frameworks in the EU and the US and data privacy around the world. But apart from that, there are also calls for Google to offer a localized Google Analytics service based on the EU that solves the key issues highlighted by the Austrian DPA. Individual user privacy needs to be a priority in our industry, but we need to find a solution that does not sacrifice the ability of digital professionals to create useful, relevant and effective digital experiences for our users. I have.

Protect yourself

As mentioned above, consult a legal expert to ensure legal compliance with the GDPR framework. In addition to this, we’ve put together a list of activities you can start right away to reduce the risk of violating the GDPR rules.

Consent management

Make sure that the website consent has been received correctly. For users in the EU, not only do you need to ask for consent to track users, but you also need to wait for that consent before launching analytics and ad tags. Inconsistent with the GDPR guidelines, it’s very common to see the analytics code fire before the user agrees. Work with an analyst to assess if this is the case. In addition to this, we will investigate the rules related to cookies and tracking consent banners.

By using this site, you will often see a cookie banner indicating that you have agreed to our tracking and cookie policies. It is not GDPR compliant, which requires explicit affirmative action to obtain consent. Opt-out of tracking with a consent management solution should be as easy as opt-in. There should be no design obstacles that make the opt-out process more complicated than opt-in. We are also encouraged by industry leaders to continue tracking users. What happens if the user opts out of a cookie but does not use a cookie, IP address, or assign a user ID. This will maintain a complete measurement without collecting any kind of personal information.

IP anonymization

As we have seen, in the Austrian ruling, IP addresses are considered PII. When a user visits your website, you can choose to be completely anonymized or simply mask the user’s IP address. To do this, add a field to your Google Analytics tracking code variable and set anonymizeIp to true.

Google Analytics 4

As we’ve seen, the new Google Analytics (GA4) was developed with a greater focus on privacy in both apps and web tracking. With a variety of options and features such as automatic IP anonymization, highly customizable advertising privacy features, and data retention policies, it provides tools to meet compliance requirements without compromising the platform’s capabilities.

For both privacy and performance reasons, if you haven’t started migrating to GA4 yet, we recommend that you do so as soon as possible.

Server-side tagging

Server-side tagging provides another layer of protection against improper data processing. Instead of sending the data directly from the user’s browser to the Google server, you can create intermediate steps that give you more control over data anonymization and consent. See the following figure comparing client-side tagging (running in the user’s browser) with server-side tagging.

This intermediate step can be performed using the Google Tag Manager server side, which can be deployed in an organization-owned and operated cloud environment. Here you can add checks and filters to verify that the user’s consent is actually obtained before sending the event data to Google Analytics. You can also add a filter to search for potential PII to prevent that data from reaching the analytics platform. For example, you can search for an email address, IP address, or phone number in your data and create a rule to prevent that data from being forwarded. You can also add an important step to force IP anonymization of all data transferred to Google Analytics based on the Austrian DPA decision.

Server-side tagging is also useful for implementing next-generation conversion tracking, such as Google’s Enhanced Conversion API and Facebook’s Conversion API. While keeping user consent at the center, it effectively guarantees the future against browser tracking prevention. Reprise has successfully implemented server-side tagging for various clients across the region for this very purpose. Please contact me if you want to learn more.

Privacy audit

Finally, there are various ways organizations can accidentally break the GDPR guidelines. We encourage you to conduct a privacy audit to ensure that you are proactive about compliance. Typical privacy audits include, but are not limited to:

Evaluate the permissions of people inside and outside your organization. Examine all platforms for PII that can be illegally collected. Find out how and where the data is extracted or collected. Audit data collection practices to ensure that tracking and advertising consent is legally achieved. Make sure the IP address is anonymized. Limit advertising capabilities to those that meet your organization’s privacy policy. Limit data retention to the required period. Create a means to promote the right to be forgotten by users.Overview

The full meaning of the DPA decision is not yet known, and the story is expected to evolve in the coming months. What is clear, however, is that organizations must act swiftly to reduce the risk of being caught on the other side of the GDPR regulator. In particular, there are some concrete steps you can take now to do the right thing by European law and European inhabitants. Start conversations with marketing, technology, and leadership stakeholders to ensure that everyone understands the risks and potential solutions. By devoting yourself to this conversation, you can begin a significant transition to durable measurements that ensure the future of your organization, even in the face of the increasing technical and legal challenges faced by marketers.

Contact us if you want to reduce your risk of GDPR while using Google Analytics.

Sources 1/ https://Google.com/ 2/ https://reprisedigital.com/insights/is-google-analytics-illegal-in-europe/ The mention sources can contact us to remove/changing this article

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos