TLDR: To date, France, Italy, Denmark and Austria have banned Google Analytics—a trend that could continue throughout the EU. If your business depends significantly on Google Analytics or EU markets, your analytics practices and revenue could be at stake. Wherever the ROI makes sense, focus on using owned data for the countries affected by the ban, explore alternative tools that are GDPR-compliant, and invest in the education of a Data Privacy Officer to adapt to new and emerging regulatory developments.

Several key EU markets recently moved to ban Google Analytics. Data protection authorities in Italy, France, and Austria have deemed the practice of transferring user web activity and IP data to the US a violation of data protection laws. The bodies found the US lacks adequate safeguards to preserve personal data anonymity.

Businesses whose products, services, operations, and infrastructure rely significantly on Google Analytics would do well to explore alternative strategies and software, planning around the likely consequences of the ban and potential developments in regulation. This also applies if your business takes significant revenue from EU countries.

A potential move away from Google Analytics could make your data less accurate and accessible. It would also require setting up alternative web optimization and tracking mechanisms. Therefore, your CMO and CTO are chief among the people who should know the score.

In this Tough Talks Made Easy, we’ll help you talk them through the impact and outlook of the ban, along with some solutions to consider. The better educated your leaders are, the better prepared you’ll be to weather any disruption.

 

The impact of the ban

The gravity of the situation depends on how much Google Analytics drives your business. If your MOPs and RevOps teams use it greatly, your data collection, reporting, and forecasting powers are at stake.

No longer able to track web activity and IP data created from top-of-funnel initiatives, MOPs and RevOps will need to refocus analytical practices exclusively onto data they already own (e.g., captured leads living inside their system with consent expressed in compliance with the GDPR).

For now, the Google Analytics ban applies only to France, Italy, Denmark and Austria. To keep doing business in these countries, you’ll need to adapt your website and introduce new processes and tools as necessary to comply with both the GDPR and any local requirements. If your business is based outside of these countries, the ban equally affects your ability to use Google Analytics to process data from users in France, Italy, Denmark and Austria.

The key thing to remember: to stay compliant with the GDPR, you cannot transfer web and IP data from these citizens and countries to the US.

Actionable takeaways

Your CMO and IT will need to investigate the changes required to your website, subdomains, and data analytics processes to stop the tracking and transference of website data for these countries and their citizens.

Your CTO should consider the ROI of tools that offer similar capabilities to Google Analytics. Examples include:

Any new tool you consider should allow you to process data from France, Italy, Denmark and Austria in compliance with the GDPR and any country-specific regulations. Your Data Protection Officer (or a consultant with GDPR expertise) is also a good source of counsel on potential changes to your tech stack and infrastructure.

Of course, these changes take time, effort, and resources. If your CMO and CTO need a hand assessing the ROI of making adjustments and implementing more advanced processes, look at how much revenue your business sees from the countries impacted. If less than 5% of gross revenue comes from France, Italy, Denmark and Austria (and their citizens in other countries), it might make sense to rely solely on the data you own.

 

Future EU bans?

While the ban currently applies to just three countries, it’s sensible for leadership to think about how the regulatory landscape might evolve.

EU countries could increasingly move to ban Google Analytics and restrict the transfer of user data from the EU to the US, potentially leading to an EU-wide ban to streamline regulations in the bloc.

A sweeping EU-wide ban would take considerable time to enforce, though it would be a massive blow to companies whose data storage infrastructure is based in the US.

As a means of ensuring GDPR compliance, US companies wouldn’t see much success from storing their user data in the EU.

Companies exempting themselves from transferring data back to the US would ultimately violate the CLOUD Act, which asserts that US businesses must, at request, provide authorities in the US with data stored in their servers, regardless of where those servers are stored.

One emerging piece of legislation to watch is the American Innovation and Choice Online Act. If codified, the bill would ban large tech companies such as Google from using non-public data generated by business users to benefit the covered platform’s own products. The enforcement of new antitrust practices in the US could result in data transfers to the US being deemed acceptable in accordance with the GDPR.

Amidst it all, businesses that prioritize EU markets or have a significant EU presence may increasingly turn away from Google Analytics and adopt tools that guarantee GDPR compliance. A resulting rise in demand and availability of solutions that ensure GDPR compliance can help your CTO identify an alternative that allows you to keep doing business in the EU in the most optimal way.

 

The bottom line

The Google Analytics ban in various European countries is likely not an existential threat to your business—but if your services, operations, and infrastructure relies on the software or you get a significant portion of your revenue from the EU, it’s a situation that demands building resilience.

Wherever the ROI makes sense, turn your focus towards owned data for the countries affected by the ban, explore GDPR-compliant alternatives to Google Analytics, and invest in the education of a Data Privacy Officer to adapt appropriately to new and emerging challenges with data regulation.

Get in touch for more guidance on navigating your RevOps team through the data privacy landscape.