Recherche avancée

Sur d’autres sites (13273)

• Google Analytics Now Illegal in Austria ; Other EU Member States Expected to Follow

  18 janvier 2022, par Erin — Privacy

  Breaking news : The Austrian Data Protection Authority (“Datenschutzbehörde” or “DSB” or “DPA”) has ruled that Austrian website providers using Google Analytics are in violation of the GDPR. 

  This ruling stems from a decision made in 2020 by the Court of Justice of the European Union (CJEU) that stated that cloud services hosted in the US are incapable of complying with the GDPR and EU privacy laws. The decision was made because of the US surveillance laws requiring US providers (like Google or Facebook) to provide personal data to US authorities. 

  The 2020 ruling, known as “Schrems II”, marked the ending of the Privacy Shield, a framework that allowed for EU data to be transferred to US companies that became certified. 

  The tech industry was sent into a frenzy following this decision, but many US and EU companies decided to ignore the case. The choice to ignore is what landed one Austrian business in the DPA’s line of fire, damaging the brand’s reputation and possibly resulting in a hefty fine of up to €20 million or 4% of the organisation’s global turnover. 

  About the Austrian DPA’s Model Case 

  In this specific case, noyb (the European Center for Digital Rights) found that IP addresses (which are classified as personal data by the GDPR) and other identifiers were sent to the US in cookie data as a result of the organisation using Google Analytics. 

  This model case led to the DPA’s decision to rule that Austrian website providers using Google Analytics are in violation of GDPR. It is believed that other EU Member States will soon follow in this decision as well.

  "We expect similar decisions to now drop gradually in most EU member states. We have filed 101 complaints in almost all Member States and the authorities coordinated the response. A similar decision was also issued by the European Data Protection Supervisor last week."

  What does this mean if you are using Google Analytics ?

  If there is one thing to learn from this case, it is that ignoring these court rulings and continuing to use Google Analytics is not a viable option. 

  If you are operating a website in Austria, or your website services Austrian citizens, you should remove Google Analytics from your website immediately. 

  For businesses in other EU Member States, it is also highly recommended that you take action before noyb and local data protection authorities start targeting more businesses. 

  "Instead of actually adapting services to be GDPR compliant, US companies have tried to simply add some text to their privacy policies and ignore the Court of Justice. Many EU companies have followed the lead instead of switching to legal options."

  Removing Google Analytics from your site doesn’t mean that you need to give up website analytics altogether though. There are a variety of Google Analytics alternatives available today. Matomo in particular is a powerful open-source web analytics platform that gives you 100% data ownership and GDPR compliance. 

  

  Matomo is one of the best Google Analytics alternatives offering privacy by design on our Cloud, On-Premise and Matomo for WordPress. So you can get the insights you need while remaining compliant. As the GDPR continues to evolve, you can rest assured that Matomo will be at the forefront of these changes. 

  In addition, all Google Analytics data can be imported into Matomo so no historical data is lost. To make your migration as seamless as possible, we’ve put together a guide to migrating from Google Analytics to Matomo. 

  Ready to begin your journey to GDPR compliance ? Check out our live demo and start your 21-day free trial now – no credit card required.

  If you are interested in learning more about GDPR compliance and Matomo, check out our GDPR resources below :    

  • GDPR Manager user guide
  • How to fill in the information asset registration when using Matomo
  • How to make Matomo GDPR compliant in 12 easy steps
  • How to not process any personal data with Matomo and what it means for you
  • PII, personal data and GDPR. Discover what this means for your privacy
  • How should I write my privacy notice for Matomo Analytics under GDPR
  • Lawful basis for processing personal data under GDPR with Matomo
  • How to complete your privacy policy with Matomo Analytics under GDPR
  • GDPR compliance for Premium Features
  • How to get your Matomo plugin ready for GDPR
  • Subprocessors on Matomo Cloud (subprocessors not applicable to On-Premise)
  • Privacy in Matomo

  What does this mean if you are using Matomo ? 

  Our users can rest assured that Matomo remains in compliance with GDPR as all data is stored in the EU (Matomo Cloud) or in any country of your choice (Matomo On-Premise). With Matomo you’re able to continue analysing your website and not worry about GDPR.

  Final thoughts

  For EU businesses operating websites, now is the time to act. While Google pushes out false narratives to try and convince users that it is safe to continue using Google Analytics, it’s clear from these court rulings that the data protection authorities across the EU disagree with Google’s narrative.

  The fines, reputational damage and stresses mounting from using Google Analytics are imminent. Find an alternative to Google Analytics as this problem is not going away. 

  Getting started with Matomo is easy. Make the switch today and start your free 21-day trial – no credit card required. 

• French CNIL recommends Piwik : the only analytics tool that does not require Cookie Consent

  29 octobre 2014, par Matthieu Aubry — Press Releases

  There has been recent and important changes in France regarding data privacy and the use of cookies. This blog post will introduce you to these changes and explain how you make your website compliant.

  Cookie Consent in the data freedom law

  Since the adoption of the EU Directive 2009/136/EC “Telecom Package”, Internet users must be informed and provide their prior consent to the storage of cookies on their computer. The use of cookies for advertising, analytics and social share buttons require the user’s consent :

  It is necessary to inform users of the presence, purpose and duration of the cookies placed in their browsers, and the means at their disposal to oppose it.

  What is a cookie ?

  Cookies are tracers placed on Internet users’ hard drives by the web hosts of the visited website. They allow the website to identify a single user across multiple visits with a unique identifier. Cookies may be used for various purposes : building up a shopping cart, storing a website’s language settings, or targeting advertising by monitoring the user’s web-browsing.

  Which cookies are exempt from the Cookie Consent rule ?

  France has exempted certain cookies from the cookie consent rule : for those cookies that are strictly necessary to offer the service sought after by the user you do not need to ask consent to user. Examples of such cookies are :

  • the shopping cart cookie,
  • authentication cookies,
  • short lived session cookies,
  • load balancer cookies,
  • certain first party analytics (such as Piwik cookies),
  • persistent cookies for interface personalisation.

  Asking users for consent for Analytics (tracking) Cookies

  For all cookies that are not exempted from the Cookie Consent then you will need to :

  • obtain consent from web users before placing or reading cookies and similar technologies,
  • clearly inform web users of the different purposes for which the cookies and similar technologies will be used,
  • propose a real choice to web users between accepting or refusing cookies and similar technologies.

  You don’t need Cookie Consent with Piwik

  The excellent news is that there is a way to bypass the Cookie Consent banner on your website :

  If you are using another analytics solution other than Piwik then you will need to ask users for consent. If you do not want to ask for consent then download and install Piwik or signup to Piwik Cloud to get started.

  If you are already using Piwik you need to do two simple things : (1) anonymise visitor IP addresses (at least two bytes) and (2) include the opt-out iframe solution in your website (learn more).

  Note that these recommendations currently only apply in France, but because the law is European we can expect similar findings in other European countries.

  CNIL recommends Piwik

  We are proud that the CNIL has identified Piwik as the only tool that respects all privacy requirements set by the European Telecom law.

  

  About the CNIL

  The CNIL is an independent administrative body that operates in accordance with the French data protection legislation. The CNIL has been entrusted with the general duty to inform people of the rights that the data protection legislation allows them.

  The role and responsabilities of the CNIL are :

  • to protect citizens and their data
  • to regulate and control processing of personal data
  • to inspect the security of data processing systems and applications, and impose penalties

  Piwik and Privacy

  At Piwik we love Privacy – our open analytics platform comes with built-in Privacy.

  Future of Privacy at Piwik

  Piwik is already the leader when it comes to respecting user privacy but we plan to continue improving privacy within the open analytics platform. For more information and specific ideas see Privacy enhancing issues in our issue tracker.

  References

  Learn more in these articles in French [fr] or English :

  • [fr] Sites web, cookies et autres traceurs
  • [fr] Comment me mettre en conformité avec la recommandation “Cookies” de la CNIL ?
  • [fr] Recommandation sur les cookies : obligations pour les responsables de sites ?
  • CNIL Starts Controlling Cookie Settings in October 2014
  • CNIL recommends Piwik for compliance with data protection laws

  Contact

  To learn more about Piwik, please visit piwik.org,

  Get in touch with the Piwik team : Contact information,

  For professional support contact Piwik PRO.

• French CNIL recommends Piwik : the only analytics tool that does not require Cookie Consent

  29 octobre 2014, par Matthieu Aubry — Press Releases

  There has been recent and important changes in France regarding data privacy and the use of cookies. This blog post will introduce you to these changes and explain how you make your website compliant.

  Cookie Consent in the data freedom law

  Since the adoption of the EU Directive 2009/136/EC “Telecom Package”, Internet users must be informed and provide their prior consent to the storage of cookies on their computer. The use of cookies for advertising, analytics and social share buttons require the user’s consent :

  It is necessary to inform users of the presence, purpose and duration of the cookies placed in their browsers, and the means at their disposal to oppose it.

  What is a cookie ?

  Cookies are tracers placed on Internet users’ hard drives by the web hosts of the visited website. They allow the website to identify a single user across multiple visits with a unique identifier. Cookies may be used for various purposes : building up a shopping cart, storing a website’s language settings, or targeting advertising by monitoring the user’s web-browsing.

  Which cookies are exempt from the Cookie Consent rule ?

  France has exempted certain cookies from the cookie consent rule : for those cookies that are strictly necessary to offer the service sought after by the user you do not need to ask consent to user. Examples of such cookies are :

  • the shopping cart cookie,
  • authentication cookies,
  • short lived session cookies,
  • load balancer cookies,
  • certain first party analytics (such as Piwik cookies),
  • persistent cookies for interface personalisation.

  Asking users for consent for Analytics (tracking) Cookies

  For all cookies that are not exempted from the Cookie Consent then you will need to :

  • obtain consent from web users before placing or reading cookies and similar technologies,
  • clearly inform web users of the different purposes for which the cookies and similar technologies will be used,
  • propose a real choice to web users between accepting or refusing cookies and similar technologies.

  You don’t need Cookie Consent with Piwik

  The excellent news is that there is a way to bypass the Cookie Consent banner on your website :

  If you are using another analytics solution other than Piwik then you will need to ask users for consent. If you do not want to ask for consent then download and install Piwik or signup to Piwik Cloud to get started.

  If you are already using Piwik you need to do two simple things : (1) anonymise visitor IP addresses (at least two bytes) and (2) include the opt-out iframe solution in your website (learn more).

  Note that these recommendations currently only apply in France, but because the law is European we can expect similar findings in other European countries.

  CNIL recommends Piwik

  We are proud that the CNIL has identified Piwik as the only tool that respects all privacy requirements set by the European Telecom law.

  

  About the CNIL

  The CNIL is an independent administrative body that operates in accordance with the French data protection legislation. The CNIL has been entrusted with the general duty to inform people of the rights that the data protection legislation allows them.

  The role and responsabilities of the CNIL are :

  • to protect citizens and their data
  • to regulate and control processing of personal data
  • to inspect the security of data processing systems and applications, and impose penalties

  Piwik and Privacy

  At Piwik we love Privacy – our open analytics platform comes with built-in Privacy.

  Future of Privacy at Piwik

  Piwik is already the leader when it comes to respecting user privacy but we plan to continue improving privacy within the open analytics platform. For more information and specific ideas see Privacy enhancing issues in our issue tracker.

  References

  Learn more in these articles in French [fr] or English :

  • [fr] Sites web, cookies et autres traceurs
  • [fr] Comment me mettre en conformité avec la recommandation “Cookies” de la CNIL ?
  • [fr] Recommandation sur les cookies : obligations pour les responsables de sites ?
  • CNIL Starts Controlling Cookie Settings in October 2014
  • CNIL recommends Piwik for compliance with data protection laws

  Contact

  To learn more about Piwik, please visit piwik.org,

  Get in touch with the Piwik team : Contact information,

  For professional support contact Piwik PRO.