On 12 May 2020,German Data Protection Conference (‘DSK’) issued guidelines on the use of Google Analytics in the non-public sector (‘the Guidelines’). The guidelines have been issued in consequence of the DSK’s decision that Google Analytics is not a Data Processor but a Data Controller or Joint Data Controller. Google Analytics contended that the data it collects does not allow identification of persons. However, the German Data Protection Conference concluded that it does and it further confirmed that this category of data falls under personal data of GDPR.
The Guidelines thus provide for changes in Google Analytics’ policies. The changes are suggested through the guidelines keeping in mind its users by providing them a explicit privacy policy and respect the rules of transparency. The guidelines also lays down that the user consent must be flexible, informative and positive and also allow easy withdrawal of the same.
The main items within the guidelines are as follows:
1. Personal data
Tips:
- Privacy Policy-It is important to maintain an updated privacy policy in consonance with GDPR. The Privacy Policy needs to be self-explanatory answering fundamental questions with respect to data (process, retention and refusal,etc). Personal data as well as specific category of personal data has to be given particular attention in privacy policy with respect to GDPR.
- Data Governance-It is important to plan every aspect of data. As it may happen that subsequent to data being collected it may either be processed, retained or deleted. This required meticulous planning as any data leak may attract penalties or loss of reputation.
- DPIA-Data Protection Impact Assessment is a clinical method of assessment of journey of data right from the data subject to the controller. It analyses and detects any possible leaks which can be corrected or repaired.
Read here: Taxpayers’ personal data under risk
Leave A Comment