It is immensely easy is to find information on a person from the Internet these days.
The CEO of Apple, Tim Cook said, “If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it.”
The European Union’s “General Data Protection Regulation,” also known as “GDPR,” was celebrated as a revolution in legislation for Internet privacy. It was a reaction to long-term concerns in the EU about information collection and data use by certain tech giants like Facebook and Apple.
What GDPR Regulations Mean for Internet Users and Site Owners
The GDPR gave sweeping, new, controlling powers to individuals and their data. This includes the right to demand that companies they work with online reveal how their data is used, as well as the ability to ask corporations to destroy their data, which is a tenet of the law known as “the right to be forgotten.”
The European GDPR seems like a temporary Band-Aid on a gaping would of personal assault. Personal information is already leaking out everywhere, all over the world, and especially after many large databases like Yahoo, Dropbox, JP Morgan, Twitter, and billions of personal accounts have been breached and violated.
The General Data Protection Regulation is an EU law that established strict requirements on how data of EU citizens may be handled. It was enforced on May 25, 2018, and affects companies, organizations, and web sites large and small that handle personal data of users from the EU.
- Contact forms, email subscriptions and anything where the personal data is explicitly requested and submitted directly by the user
- Cookies and online tracking
Fines Pay Up, So Don’t Gamble with Data
The American-Dutch politician, Gijs de Vries said, “If you exchange information internationally, you must strengthen data protection. Those are two sides of the same coin.”
The GDPR law also imposed the world’s stiffest potential privacy fines of up to 20 million euros, or 4% of a company’s global annual revenue for the previous year for the most offensive violations. According to CNBC, Google was hit with a $57 million fine in January over how it used data for ad targeting (they are fighting it). Facebook was also fined about $645,000 over the Cambridge Analytica scandal involving the alleged misuse of their customers’ personal information for election research conducted by Trump’s presidential campaign.
Legally speaking, the EU regulators can tell companies that they have 90 days to rectify whatever breach of data conduct; otherwise after the 90 days, they cannot use the data. Losing money may be no big deal for billionaires, but hitting them where it counts – with data that is the core component of their business – will.
Google Analytics is Google’s widely used, traffic analytics tool that allows web site owners to get in-depth, real-time insight into how their web site is being used, how much, and by whom. Have you ever wondered how users find your web site, how they move around in it, how long they stay, and where they go from there? That’s all in Google Analytics. Whether you’re polishing up the final touches for a new online business, or considering the implementation of a new marketing campaign for your web site, you’ll likely need Google Analytics to get there.
It’s a system that works for many businesses and digital marketing companies the world over. As such, Google Analytics is essentially a user data processing tool. But data processing can get kind of personal.
What is Considered “Personal Data” in the GDPR?
The issue for web site owners when it comes to using tools like Google Analytics is the broad definition of “personal data” listed in the GDPR: “not only IP addresses, contact information, and sensitive data such as medical and financial records are personal, but also any data which can identify someone “directly or indirectly” using “all means reasonably likely to be used.” If you add in pseudonymous data, online identifiers and cookies, the GDPR states can be combined with other data to create “profiles of the natural persons and identify them.” This means you and Google Analytics data processing are sharing data – because you are allowing Google to access data, and Google is supplying you with data in the form of reports. It is considered a breach of privacy if Google Analytics agrees to share “personally identifiable” data, so where do things like IP Addresses, user names, email addresses required for log in, etc., come into play? Exchanging “personally identifiable” is not supposed to happen (but unfortunately, it does).
Privacy Requirements for Using Google Analytics
In order to maintain transparency and comply with privacy regulations, Google requires businesses to adjust their Privacy Policies before using their analytics services. Cookies have multiple uses and are often the tricky part of ensuring compliance with the Google regulation. They serve a range of different purposes: functionality, performance, statistics, and targeted marketing. Some are necessary for a web site to work and some are not. Some enhance user experience; some serve for monitoring or user profiling. Generally speaking, cookies do track users’ actions and are therefore subject to the GDPR.
As the ‘Google Analytics Terms of Service’ states:
Google also requires that your privacy practices comply with “all applicable laws,” and this means internationally, as well. In most cases, it will include laws implemented by the United States, Canada, The European Union, and Australia.
Can you guarantee that your web site and web practices are GDPR compliant? Let Local Management help you!
Local Management for GDPR-Compliant Web Sites
Local management is your award-winning Internet marketing, lead generation, and local SEO company of South Florida! As owners of web sites, you are the responsible party for the personal data of your visitors which is handled on your web site. However, if someone is managing your web site for you, don’t you want to make sure their practices are both ethical and legal? Local Management is the premier Internet marketing company, and our GDPR-compliant services include local search marketing, customized web site design, mobile marketing and so much more!
If you would like more information on what you can and should do to make your use of Google Analytics GDPR compliant, Local Management is here to help. To find out more about Google Analytics GDPR readiness, see privacy.google.com/businesses to learn more about Google’s data privacy policies and approach; as well as their data processing terms and data controller terms.
Have questions about the GDPR and what it means to you and your business? Do not hesitate to reach out to Local Management today!