Stijn VanhandsaemeJun 8, 2022
RT @TC_IntLaw
🇫🇷DPA’s #SchremsII FAQ say ALL websites using Google Analytics violate #GDPR unless they use a proxy. @CNIL, like🇦🇹DPA, says risk-based approach (& absence requests for 🍪data)=irrelevant. The mere possibility of access to 🇪🇺data “seriously undermines the rights of data subjects” https://twitter.com/cnil/status/1534185078254981122
CNIL on Twitter

“#GoogleAnalytics : vous vous questionnez sur les mises en demeure de la CNIL concernant l'utilisation du service par des organismes ? Explications 👉 https://t.co/OmGgLGiY1N 💡 Comment mettre son outil de mesure d’audience en #conformité avec le #RGPD ? 👉 https://t.co/aHqutbHWhm”

Twitter
Show threadexpatJun 8, 2022
@yichalal This is the sort of thing that would be good to add on to other #GDPR complaints. E.g. if you complain to a DPA that a data processor refused to give you a copy of your file, check to see if their website uses non-anonymous #GoogleAnalytics & if so then add that onto your complaint as an extra item. DPAs are so flooded w/complaints it wouldn’t be worthwhile as a sole complaint.
Show threadexpatJun 8, 2022
@yichalal Considering use of non-anonymized #GoogleAnalytics is a #GDPR breach, it would be useful to test whether a site is in violation. The answer is #PrivacyScore.org
Show threadStijn VanhandsaemeJun 8, 2022
@expat Nice to see your involvement here but I just checked that tool (we had exactly this idea a few years ago actually but didn't find the right public partners) and it does not seem to be very correct in its judgement. A few tests showed Google analytics not being detected besides numerous other trackers.
Show threadexpat
@yichalal I appreciate the heads up about #PrivacyScore’s false negatives. My process would most likely be to pull down the j/s list in uMatrix & if google analytics is listed then I would chk privacyscore just to see if anonymization is implemented. Is there a better approach?
Jun 9, 2022 at 4:42amWeb