Sweden’s data protection watchdog has warned companies against using Google Analytics because of the risks posed by US government surveillance, following similar moves by Austria, France and Italy last year.
The development comes after an audit initiated by the Swedish Authority for Privacy Protection (IMY) of four companies CDON, Coop, Dagens Industri, and Tele2.
“In its audit, IMY considers that the data transferred to the US via Google’s statistical tool is personal data because the data can be linked to other unique data transferred,” IMY said.
“The authorities also concluded that the technical security measures taken by the company were not sufficient to ensure a level of protection substantially consistent with that guaranteed in the EU/EEA.”
The data protection authority also fined Swedish telecom service provider Tele2 $1.1 million and less than $30,000 for local online marketplace CDON for failing to implement adequate security measures to anonymize data prior to transfer.
Additionally, CDON, Coop, and Dagens Industri have been ordered to stop using Google Analytics. Tele2 is said to have voluntarily stopped using the service.
The investigation, added IMY, was based on a complaint filed by the privacy non-profit organization None of Your Business (noyb). accuse violation of the General Data Protection Regulation (GDPR) law.
The decision is rooted in the fact that such EU-US data transfers are deemed illegal given potential surveillance concerns that data stored on US servers may be accessed by intelligence agencies in the country.
Similar concerns have led to Meta being fined $1.3 billion by the European Union’s data protection agency. That said, the EU and US are in the running finish A new data transfer settingscalled the EU-US Data Privacy Framework, which replaced the now invalid Privacy Shield.