Italian SA Bans Use of Google Analytics

On 17 August 2020, a complaint was lodged with the Italian Supervisory Authority (“SA”) regarding data transfers to the U.S. It was one of the 101 complaints received from NOYB by several European supervisory authorities participating in a task force to ensure a consistent approach vis-à-vis those complaints.

The complaint against Caffeina Media S.r.l. concerns the following situation: the complainant visited the controller’s website while being logged in to the Google account associated with the complainant’s email address.

On the website, the controller has embedded the HTML code for Google Analytics tools. In the course of the visit, personal data relating to the complainant were transferred to the U.S. The complaint was brought against Caffeina Media S.r.l. and Google LLC (in the U.S.), for continuing to accept these data transfers despite their being in violation of the GDPR.

The Italian SA found that Caffeina Media S.r.l. using Google Analytics on its website collected, via cookies, information on user interactions with the respective websites, visited pages and services on offer.

The set of data collected in this connection included the user device IP address along with information on the browser, operating system, screen resolution, selected language, date and time of page viewing.

The Italian SA adopted a decision ordering Caffeina Media S.r.l. to bring the processing into compliance with the GDPR by ninety days. If this is found not to be the case, suspension of the Google Analytics -related data flows to the USA will be ordered. The Italian SA also issued a reprimand to Caffeina Media S.r.l. since the processing operations were found to have infringed Articles 5.1 (a), 5.2, 13.1 (f), 24, 44 and 46 GDPR.

As the controller updated its information notice in pursuance of the GDPR, the Garante did not take any corrective measures in this respect.

You can reach further information here.

Kind regards,

Zumbul Attorneys at Law