The default settings for Google Analytics are not GDPR compliant. But changing these settings affects collection for all of your GA traffic. I'm curious what most people do here... the way it's presented it feels like you have to nerf GA so that it's compliant in the EU, but then it's nerfed for all traffic. Do you manage multiple accounts: 1 for EU 1 for the rest?
> If you use Google Analytics, you process personal data of your website visitors with the analytical cookies. That has consequences for their privacy. In principle, you must comply with both the Telecommunications Act (informing your visitors and asking for permission) and the General Data Protection Regulation (GDPR).
> Note: use of Google Analytics may soon not be allowed
> The Austrian privacy regulator completed an investigation into the use of Google Analytics by an Austrian website in January 2022. According to the Austrian supervisory authority, Google Analytics does not comply with the GDPR in this investigated case.
> The AP is currently investigating two complaints about the use of Google Analytics in the Netherlands. After completing that investigation, in early 2022, the AP will be able to say whether Google Analytics is now allowed or not.
Same problem with Facebook login and many other commonly used libs. The default setup is always set to be as permissive as possible.
At some point we need to understand this is deliberate and fine the companies for not having GDPR complaint products (in default configuration)
Edit: to answer your question, a British privacy organisation tested this on mobile apps and found that almost all were using third party components with default configuration that would phone home.
This is btw why I closed my Spotify account. Not sure if they have fixed it now but back then it contacted Facebook regularly despite me not using Facebook login and turning off all analytics. Researcher found that this was due to premissive defaults.
Now if Spotify can't get it right, I don't think your average startup can either. Hence the problem should be fixed at the root.
> If you use Google Analytics, you process personal data of your website visitors with the analytical cookies. That has consequences for their privacy. In principle, you must comply with both the Telecommunications Act (informing your visitors and asking for permission) and the General Data Protection Regulation (GDPR).
> Note: use of Google Analytics may soon not be allowed
> The Austrian privacy regulator completed an investigation into the use of Google Analytics by an Austrian website in January 2022. According to the Austrian supervisory authority, Google Analytics does not comply with the GDPR in this investigated case.
> The AP is currently investigating two complaints about the use of Google Analytics in the Netherlands. After completing that investigation, in early 2022, the AP will be able to say whether Google Analytics is now allowed or not.