Following an audit of four companies, the Swedish data protection authority (IMY) has issued administrative fines to two companies over their continued use of Google Analytics. The IMY issued a €1 million administrative fine to telecommunications provider Tele2 and €25,000 fine for online retailer CDON. One of the four companies stopped using Google Analytics voluntarily, while the other three were ordered to do so.
In reaching its decisions, the IMY also concluded that each of the four companies' supplemental measures were not sufficient.
The two fines represent the first fines following the 101 complaints filed by the Austrian privacy group NOYB.
In a statement, Marco Blocher, data protection lawyer at NOYB, said, "Finally, a DPA has imposed a significant fine for the continued use of a tool that transfers personal data to the United States in violation of the GDPR – and banned the further use of that tool. This is a pleasant change compared to other DPAs simply holding that there has been a violation but creating no incentive to comply in the future. We hope that other DPAs follow the Swedish DPAs example and put an end to unlawful data transfers."
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 4,250 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.