French privacy regulator CNIL banned three French websites from using Google Analytics. According to the regulator, some versions of Analytics violate the GDPR.
For some time, the CNIL has warned of Analytics usage violating the GDPR. The Belgian, Austrian and Dutch GDPR regulators hold the same stance. Some versions of Analytics transfer personal data to the United States by default.
Today, the CNIL announced that three websites were banned from using Google Analytics. Identities weren’t disclosed. The sites in question will be given 30 days to stop using the tool. Otherwise, they risk a fine of up to 20 million euros or 4 percent of annual turnover.
Complaints from NOYB
The French cases came to light after the European Center for Digital Rights (NOYB) filed a complaint about several websites exchanging personal data with the United States. Some of the cases concerned data from Google Analytics; others concerned Facebook Connect. It’s unknown whether the CNIL will take action against Facebook as well.
NOYB has been filing complaints about privacy violations by Google Analytics to various European privacy supervisors for some time.