Privacy & Information Security Law Blog

According to a press report dated October 2, 2010, the German state data protection authorities responsible for the private sector (also known as the “Düsseldorfer Kreis”) continue to consider the use of Google Analytics on company websites to be illegal.  The Düsseldorfer Kreis reached this decision at a recent meeting of its Telemedia working group.  The group has indicated that it hopes to continue negotiations with Google.  Dr. Alexander Dix, the Berlin Commissioner for Data Protection and Freedom of Information who was interviewed on this issue, stated that although Google has undertaken some efforts to improve Analytics, that the DPAs do not consider these efforts to be sufficient.  The DPAs have given Google eight weeks to improve the service.  If Google fails to do so, the DPAs will commence enforcement actions against German companies using Google Analytics on their websites.  The DPAs are primarily concerned with the fact that the Google Analytics software illegally transfers users’ IP addresses to the United States.  According to Dix’s statements, such transfers are prohibited without the users’ consent.

In November 2009, the German DPAs issued a resolution which included requirements for website analytics software based on the data protection provisions of the German Telemedia Act. In May 2010, Google released a Google Analytics Opt-out Browser Add-on that allows webmasters to activate an “IP Masking” function to anonymize information collected by tracking mechanisms by removing a portion of IP addresses prior storing them.