Recently, The CNIL announced the formal notice of the Website using Google Analytics. The reason? The American solution would not respect the GDPR rules on data protection. To better understand this decision, let us return in detail to the way in which Ga Collect your datawhat it does and what can be alternatives for your site. You will understand that you have every interest in going through an RGPD agency to be accompanied on a compliance of your site.
What is cookies?
Cookies are Text files container of Small data elements – as a username and password – which are used to identify your computer when you use a computer network. Specific cookies, called HTTP cookiesare used for Identify users specific and improve your Internet browsing experience.
Data stored in a cookie are Created by the serverduring your connection. These data are marked with a unique identifier For you and your computer. When the cookie is exchanged between your computer and the network server, the server reads the id And knows what information serves you specifically.
Before going further, it is important to distinguish Two types of cookie ::
- “Magic” cookies are an old computer term which designates packets of information which are sent and received without modification. They are generally used to connect to computer database systems, such as the internal network of a company. This concept is prior to the modern “cookie” that we use today.
- HTTP cookies are a version Rehabilitation of “magic cookie” Designed for Internet browsing. The http cookie is the one we use Currently To manage our Online experiences. This is also what some malicious people can use to spy out Online and steal your personal information. It is this type of cookie that can collect your more or less personal information.
What is Google Analytics?
Google Analytics is A web analysis service. The tool provides statistics and analysis tools for purposes optimization On search engines (SEO) and marketing. This service is part of the marketing platform for Google and is available for free For anyone with a Google account.
Google Analytics is used for follow ups websites and collect information on visitors. He can, in particular, help companies:
- Determine the main sources traffic,
- Assess the success of activities and marketing campaigns,
- Discover models and trends in user engagement,
- Get other information on data demographic.
All of this data can be used for Analyze customer behavior, improve marketing campaigns and thus increase traffic and retention on your site.
You will understand, Google Analytics analyzes all visitors' actions on Your website. Even if this data is extremely precious for businesses, it is important to know how Google Analytics harvests them.
From a purely technical point of view, Google Analytics works with Javascript. Java beacons then run In the Source Source Code Internet in question for harvest data.
If we place ourselves on the user sidethese Java beacons set up cookies on the browser used, which makes it possible to harvest all kinds of information, sometimes very sensitive. This data can be very detailed and include behavioral habits, preferences etc. This is how targeted advertisements appear.
Google Analytics and the GDPR
You probably already know, but visitors (located in Europe) on your website have the right to confidentiality of their data. This rule, It's the GDPR (General Data Protection Regulations). It is the same rule for the 27 countries of the European Union: Lvisitors have the right to refuse or not the processing of their data.
The explicit consent of the user must therefore be requested to use all types of cookies. But, use Google Analytics returns to place tracers automatically on your site. The visitor is therefore “Follow -up” by default, Without any consent being requested.
Why did the CNIL prohibit the use of Google Analytics in France?
The CNILNational Data Protection Commission, is the French data protection agency. Created in 1978the CNIL is an independent administrative body which operates in accordance with the data protection law of the January 6, 1978modified on August 6, 2004. The CNIL is in charge of watching To what IT remains at the service of citizens.
The CNIL is therefore the Privacy defender on the Internet. Why did he act? Quite simply because it was seized by more than 100 complaints from the Noyb association, concerning the transfer of data collected to the United States. Risk? That this data is directly Used by American intelligence services.
The CNIL then carried out an analysis work with its European counterparts to see the exact conditions of these Transfers to the USA. The conclusion is clearly : the CNIL has judged that the transfer of data to the United States was, for the moment, Not framed enough.
Data transfer to another country constitutes a violation of articles 44 and following of GDPR. Website owners using Google Analytics must therefore find an alternative solution immediately.
What alternatives to Google Analytics?
Recent decisions will therefore-maybe-force you to turn to an alternative solution to Google Analytics. Here is some tools that might interest you:
Matoma
If you are concerned about data security, Matoma is a good option that will offer you more or less the same features that Google Analytics. Developed by a Frenchman, this project open source allows you to be 100 % data owner and protect user confidentiality.
Be careful, however : Matomo will cost you 19 € per month. This price does not include several key features that GA offers free of charge, Like Heatmaps For example. Nor does it include key features such as A/B tests and multi -channel allocation, which are also lacking in GA.
Fathom
Fathom is another alternative to GA, confidentiality. The objective of the tool is provide quick access to simple measurements from a website or as many sites as possible. Fathom is not free, but you know why: the company offers a product at a reasonable price (from $ 14/month) for a confidentiality and increased data security compared to GA.
Analytics Suite 2
Used by Over 20,000 sites around the world, analytics suite 2, a solution developed by Atontiernet, is A French tool directly recommended by the CNIL. With a pleasant interface and impressive functional richness, all of the data collected are stored on European servers.
Navigation analysis, marking, reporting etc. : YOU will not lose much in quality compared to GA. In terms of prices, no information is available on their site.
Digital regulations: other changes for 2022
DSA and DMA, here are two acronyms that you will have to know if you work in the digital world, especially in the E-commerce.
DSA (Digital Services ACT) is legislation that can scare “GAFA. Indeed, this text aims algorithms search engines that will now have to share their information with researchers for “Better understand the evolution of online risks”.
This text also aims to delete illicit content as well as the Moderation of content called sensitive. This aims to protect citizens by fighting against disinformation, news fakes and thus comes in addition to the GDPR.
The DMA (Digital Market Act) or legislation on the digital marketsaims to rebalance the balance of power between Internet users and internet giants by imposing on them new rules. For example, Google will not be able to highlight one of its products on its search engine if an alternative exists. This will allow the smallest or new players to make a place on the market.
Finally, it is important to highlight that Internet access providers as well as Mobile operators must now communicate Data very important: greenhouse gas emissions linked to their Internet and mobile consumptions. This must allow Awareness of subscribers to the impact of their digital activity on the environment.
Make yourself accompanied by experts to comply with the GDPR
You have understood by reading our article, if your website is for Europeans, you are affected by the GDPR. If you want to comply, you will not be able to continue using Google Analytics as long as the Google servers data are not hosted in Europe. It will therefore be necessary to plan to “get out” from this tool for measuring audiences and migrating to a solution such as Matomo. By entrusting this mission to experts, you will even be able to perpetuate your Google Analytics account data by merging them with your new Matomo account so that you do not lose anything from your precious traffic history. Our Churchill agency is part of the TACTEE group which encompasses several expertise centers to accompany you always further and on all the digital issues that you may encounter, including the RGPD compliance of your site. Do not wait any longer to consult us and benefit from our expertise in order to obtain a tailor-made support solution in the compliance of your website.
Contact our TACTEE agency to comply with GDPR!
