Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsAdapting to the DPAs with anonymized data
Every so often court decisions come along and shakes things up. The Google Analytics case law is a perfect example.
Companies operating in Europe had been operating in a gray area. They valued the information that Google Analytics provided but had grave doubts about whether or not they could legally provide the information to Google that they did provide through Google Analytics. Then came the Google Analytics decisions which confirmed their worst fears. Even providing the IP addresses to Google was a violation of the General Data Protection Regulation (GDPR).
Google is based in the United States and the United States has not been found to be adequate under the GDPR. That means that the easiest way that companies can provide data from the European Union to the United States is unavailable to them. Because the United States doesn’t provide adequate privacy protections, companies can’t provide the data of people within the European Union abroad to the United States.
The alternatives to an adequacy decision add significant transaction costs.
So, for now, companies need to forgo getting the analytics data that they used to receive from Google or seriously risk getting fined by regulators.
Looking towards the future, however, Google is looking to make sure that all of their Google Analytics users are able to use their product in a way that is compliant with data privacy laws such as the GDPR. They are planning to discontinue Universal Analytics by July 2023. Customers who continue to use Universal Analytics up until that point will be transitioned to its replacement, Google Analytics 4 (GA4).
GA4 does not log or store IP address information. GA4 uses anonymized IP addresses.
IP addresses count as personal data under the GDPR. Anonymized IP addresses don’t.
Typically, companies don’t want anonymized data because they value attribution. GA4 will have some features for data-driven attribution to approximate the value that Universal Analytics was able to provide to customers.
In other contexts, companies will be collecting data about their site visitors and app users. In that circumstance, when they are processing the data of data subjects, they will have to comply with other provisions of the GDPR, such as data subject rights.
Data subjects can request that controllers perform specific actions with their data, such as correction or deletion. Clarip provides fully automated data subject request fulfillment so that when these requests come in our software can resolve the request and your employees can keep doing what they do best. Clarip provides other privacy compliance solutions such as automated data mapping, website scanning, consent management, vendor management, and much, much more. Visit us at www.clarip.com or call us at 1-888-252-5653 to learn more.
Email Now:
Mike Mango, VP of Sales
mmango@clarip.com
