Apparently, the US lacks an equivalent legal framework to protect the info from being accessed by US spooks. The web publisher's use of Google Analytics resulted in the collection of many types of user data, including device IP address, browser information, OS, screen resolution, language selection, plus the date and time of the site visit, which were transferred to the US without adequate supplementary measures being applied to raise the level of protection to the necessary EU legal standard.
Google Protections were not sufficient to address the risk, it added, echoing the conclusion of several other EU DPAs who have also found use of Google Analytics violates the bloc's data protection rules over the data export issue.
Italy's DPA has given the publisher Caffeina Media 90 days to fix the compliance violation. But the decision has wider significance as it has warned other local websites that are using Google Analytics to check their own compliance.
Google is reviewing the Italian DPA's decision, according to the spokesperson. It said that punters wanted websites they visit to be well designed, easy to use, and respectful of their privacy.
“Google Analytics helps publishers understand how well their sites and apps are working for their visitors -- but not by identifying individuals or tracking them across the web. These organisations, not Google, control what data is collected with these tools, and how it is used. Google helps by providing a range of safeguards, controls and resources for compliance," the outfit said.