Google Analytics is now illegal in Austria

What This Means for Businesses and How We Advise Users to Act on it.

In January 2022, the Austrian Data Protection Authority (“Datenschutzbehörde” or “DSB“) has ruled that Google Analytics is illegal in accordance with Austrian privacy laws. The DSB specifically is concerned that data which is transferred and stored in the United States is potentially exposed to sleuthing from authorities and Google themselves.

💡 Download: Molzana Quick Take Document (Opens New Tab)

The implications for Google Analytics users

The ruling effectively determines data collection from Austrian authorities by Google Analytics is illegal. This decision could, and probably will, have consequences beyond Austria and outside of Google. Other vendors such as Facebook, who process and store user data overseas would, by virtue of the DSB ruling, now also be breaking Austrian law.

You should also review the above for each and every third-party vendor tag, pixel, or cookie you deploy on-site.

Austria is in the EU which implemented GDPR (General Data Protection Regulation) in 2016. GDPR would likely fall into line with the Austrian ruling, meaning the consequences could be far more widespread.

What should Google Analytics customers do?

In short, there is no iron clad or definitive guidance on this given the proximity to the ruling at the time of writing. Simply put, as Google Analytics has been deemed non-compliant, it is now illegal to deploy in Austria. 

As mentioned, many other European markets are likely to follow suit, there are a few steps we would recommend taking initially whilst we understand the full impact of the decision.

  1. Google Analytics 360 (Premium) clients can delegate data storage locations at a property level. This means that you could feasibly store data locally to where it is collected.
  2. Google Analytics (Standard) customers cannot delegate where data is stored and processed. We suggest: 
    • Ensuring your GA setup is in line with guidance around GDPR user privacy. In short, we advise using Google Analytics anonymized IP function which scrubs user data at the end of each visit so they cannot be tracked beyond that with any degree of accuracy. You can set up anonymized IP to be dynamically controlled by the user’s privacy and cookie preferences.
    • You may choose instead to only deploy Google Analytics to users who explicitly opt into analytics/statistics cookies via your site or app’s privacy settings
    • Or you may choose to suppress Google Analytics cookies entirely for users in Austria.

There is no silver standard guidance at this stage, but the above should be practices your site is deploying in line with GDPR right now.

Thinking long-term

As mentioned above, this is unclear. There are feasibly a few options from your side and Google’s side that are longer-term options: Google starts storing and processing Google Analytics data locally/in-market or region, in a manner that is compliant with any privacy legislation

If Google cannot find a way to become compliant, the only solution would be to remove Google Analytics in the markets and regions. In this event, replacing it with another web analytics vendor might be required.  Only avoiding Google is not going to be good enough in and of itself. You will need to consider: “Is the technology you move towards compliant in regard to international, national, and local data privacy laws such as GDPR & CCPA? Not only in terms of data collection but also data storage and processing.”

Research Google Analytics alternatives

Specific to Web Analytics, you might consider other tech vendors:

  • Adobe Analytics – an enterprise-level solution that will require a high technical investment owing to significant implementation time. Additionally, Adobe carries a license fee in the 10’s and 100s of thousands of dollars per instance. Adobe can store data locally, for instance in London, which would help with compliance on the face of it. 
  • Privacy-conscious and “ethical” web analytics solutions such as Matomo offer data ownership, including on-premise data storage.
  • You may have read moving to server-side data collection methods will actively “solve” issues. However, the problem here is not with data collection. It is with the method and location of storage.

Deploying server-side Google Analytics tracking therefore will not be enough in and of itself, you will need to understand what happens to the data after it is collected, specifically where it is stored. There is a degree of control here, in terms of decentralising data storage, but this will need to be configured carefully and deliberately.

In Summary

The Austrian DSB ruling presently deems the usage of Google Analytics illegal. This is a fast-moving situation that could have implications for tech vendors, other markets, and regions.

You will need to proactively ensure all data collection by Google Analytics and other third-party vendors on site are in accordance with GDPR. There is and has been a responsibility for website and app owners to suppress tracking in line with a compliant privacy & cookie policy. You should be at the very least deploying tags, pixels, and other tracking technology against this.

Google may alter the way their product collects and processes Google Analytics data, but we will have to bide our time to see if a) this is going to be the case and b) whether it is deemed compliant.

This ruling is the first big shove of big tech firms regarding data capture, storage, and processing with GDPR. This is a fast-moving topic, as such, we advise keeping across this for the foreseeable future.

Need help?

The Molzana team can help with understanding the implications of the DSB decision. You can contact us directly at: info@molzana.com.

Reporting Consultancy


We provide insights and commentary so you can truly understand website and campaign performance and plan killer optimisations.

App & Mobile Analytics

Digital Analytics Consultancy


Let’s turn your Web Analytics data into insight. Our certified web analytics team have vast expertise across Google Analytics, Google Analytics 360, Adobe Analytics and Tag Management Systems.

Data Strategy


Every business needs a data strategy to understand the needs of their company and make smart technology decisions.

Data Strategy

Business Intelligence


Powerful Business Intelligence solutions that allows for seamless integration of your key data sets, automated and in the hands of your business decision makers.

Business Intelligence

Tag Implementation


With up to 150 tags on some website, Molzana’s tag management and implementation services ensure that your data gets collected while your website remains unaffected.

Report Automation & Dashboards


Elegant and automated, Molzana’s reporting team can create amazing dashboard and report solutions to help your business get to insights and decisions quicker.

Report Automation & Dashboards

Visitor Behaviour


Understanding visitor behavior is vital to understanding how visitors interact with website content and marketing channels.

Visitor Behaviour

Consumer Insight


Consumer Trends & Insight hold the key to understanding your audience. Beyond simple reporting, Molzana can help turn your insight into action.

Consumer Insights

App & Mobile Analytics


We assist in providing powerful insight into iOS, Android & Windows Apps as well as Mobile Websites.

App & Mobile Analytics

Marketing Optimisation


We scrutinise user behaviour, audiences, ad copy and landing pages to improve performance.

Data Strategy

Conversion Rate Optimisation (CRO) Consultancy


Conversion Rate Optimisation is essential for ensuring your site performs in terms of driving sales, leads or sales development.

Report Automation & Dashboards

Data Science


We take your historic data to look into the future with pinpoint accuracy.

Contact Molzana


Molzana

Digital Analytics, SEO & CRO Agency

London & Manchester.


Get in Touch

Telephone: +44 (0) 20 8938 3136
Email: info@molzana.com

London: Bond Works, 77 Farringdon Road, EC1M 3JU
Manchester:
 5 Piccadilly, Aytoun St, M1 3BR


Molzana Logo Blue
  • This field is for validation purposes and should be left unchanged.