Google Analytics what quickly deemed unlawful by two data protection authorities. In both cases, the transfer of data to the US through the tracking tool what the reason. The contribution shows that there are good alternatives that are legally compliant. Even conversion tracking can be done without Google Analytics.
Introduction
The Austrian data protection authority had conducted an investigation on the basis of a complaint from the data protection organization noyb and found that consent for the use of Google Analytics what missing. Specifically, it what about consent under Art. 49 Abs. 1 b GDPR .
The French data protection authority CNIL came to a similar conclusion, but went further in my understanding. The CNIL argued that Google Analytics is not usable at all in the EU because Google does not do enough to protect the data of European citizens from access by American intelligence services.
The Netherlands have also announced that they will issue a ruling on Google Analytics. One doesn't need to be a seer to guess that it won't turn out well. Generally, I've been convinced for a long time now: Google Analytics can (at most) be used lawfully after prior consent. An exception is the server-side tracking.
Decisions by authorities do not automatically mean a ban. However, they have some relevance. Courts may possibly take them into account.
Google Analytics processes all analytics data in the US, as Google itself had to admit. The Cloud Act, as well as other American laws (such as EO12333, FISA 702), give American authorities far-reaching powers that are not compatible with the GDPR.
There is probably only a ban in a legal sense if either a competition infringement has been provided with an injunction; in this case, the ban would only apply to one market participant. It would be similar if an authority had issued a resolution against a market participant. Or, if the BGH or the ECJ had rendered such a judgment and it would be applicable to other individual cases. What I mean to say: The question of the ban is rather philosophical in nature. The risk of getting into trouble is certainly much greater when Google Analytics is used.
For most website operators, Google Analytics has a marginal benefit of exactly zero.
My unsubstantiated claim. Instead of the border benefit, one could even speak of a benefit.
I claim from experience: Most operators of German websites do not need Google Analytics in general. Many would not be worse off if they didn't even have a visitor counter on their website. But even the benefit gain, which Google Analytics allegedly has compared to other analytics tools, is mostly zero. This benefit gain is also called marginal benefit.
For those who absolutely need to know how many visitors their own website has, I present below some data protection compliant possibilities. Not only simple Visitor Counting is possible with this. Even detailed statistics can be generated and evaluated in a data protection compliant manner. These details are almost never needed. But they suggest that you get everything you need. So you save yourself one or the other discussion with people who want to measure everything, although no more sales revenue is generated thereby.
As if that weren't enough, conversion tracking is also possible without Google Analytics. It may be hard for some to imagine, but a life without Google is possible. This also applies when online marketing is at the forefront. Even your smartphone works without sending data to Google.
Website Visitors Analysis
Simplifying, I'm talking about visitor counting here. As I will show you shortly, these analysis tools do much more than that. I am sure: Most of you don't need this many information. Not to mention the even more comprehensive statistics Google Analytics provides.
Here are some recommendations for analysis tools that I can particularly give:
- Piwik
- Trackboxx
- WordPress statistics
- Log File Analyzer (here I'll limit myself to a random example. You will certainly find more examples using a search engine)
I am familiar with the first two mentioned tools. I know that the provider of Trackboxx attaches great importance to data protection. Even fingerprinting was aligned so that it is in line with TTDSG.
Piwik
Matomo should be installed locally. Local operation means that the service runs on its own server, preferably on the same server as your website is running. Matomo will then not send data to third parties. This differs from the cloud service of Matomo which runs on the server of the Matomo provider. That is legally possible but requires a suitable contract such as an DPA.
The Matomo configuration should also be adjusted so that no cookies are used. Details can be found in my article on Matomo. Matomo can be easily integrated into WordPress with a plugin, for example. The basic version is free and misses no important features.
Trackboxx
Trackboxx is an analytics tool of a German provider. In contrast to Matomo, Trackboxx is chargeable. For this reason, the tool appears easier to handle and offers good support. As far as I understand it, Trackboxx is intended to be easy to use and has perhaps taken the lead over Matomo in this regard. As shown by the dashboard, it is indeed possible with Trackboxx to gain a well-founded overview of visitors to a website.
The Trackboxx-dashboard shows all important information. A graph shows the visitor trend. Those who want to know which pages and contributions are most popular must only scroll down in the dashboard.
My name is Klaus Meffert. I have a doctorate in computer science and have been working professionally and practically with information technology for over 30 years. I also work as an expert in IT & data protection. I achieve my results by looking at technology and law. This seems absolutely essential to me when it comes to digital data protection. My company, IT Logic GmbH, also offers consulting and development of optimized and secure AI solutions.
