The Swedish Authority for Privacy Protection, IMY, has just fined €1 million to two local companies for using Google Analytics and warned two others against using the Analytics platform.

Citing the usage of Google Analytics is against GDPR; the authority said transferring and storing the personal data of Swedish citizens in the US is unsafe and thus prohibited. The penalised companies are given a month to set proper data protection measures by the court.

Penalising Against Google Analytics Usage

The Swedish privacy regulator, Integritetsskyddsmyndigheten (IMY), has fined two local companies this week, citing their usage of the Google Analytics tool for web statistics. Though being one the best web statistics tools out there, Google Analytics is deemed unsafe by the EU regulators since it’s American.

The Schrems II judgment from July 2020 is the base of this decision, which ruled that any data transfers to the US through the “Privacy Shield” mechanism were illegal. This forced the EU local firms to use alternatives to Google Analytics since Google transports the data sucked from its analytics app.

Yet, two local firms had used Google Analytics, attracting a fine of 12.3 million SEK (€1 million/$1.1 million) by IMY. Below is the list, along with two other firms that IMY warned of using Google Analytics. The authority has asked these firms to set appropriate data security measures by the end of July.

  • Tele2 SA – Administrative fine of 12,000,000 SEK
  • CDON AB – Call for GDPR compliance and an administrative fine of 300,000 SEK
  • Coop SA – Call for GDPR compliance
  • Dagens Industri – Call for GDPR compliance

An Austrian digital rights organisation initialised this case called None of Your Business (NOYB), which claims that the data shared by Google Analytics with the US include personal information, thus putting the local firms’ and citizens” data at risk. Usage of Google Analytics has been deemed unsafe by the data regulators of Austria, France and Italy earlier.