An Austrian data protection agent has discovered that a health-centric site has violated the GDPR because of its use of Google Analytics.

A complaint has been made to Google and as it’s found to be transferring site visitors’ personal data for processing to the United States, which spells trouble to US cloud services.

The website lacked an IP address anonymization function and violated the EU’s GDPR, or General Data Protection Regulation by sending user data out the bloc. The regulator noted that US intelligence services make use of identifiers such as unique IDs and IP addresses to conduct surveillance against individuals, and stated that they may already have collected information through the website in question.

The DPA also mentioned that Google lacked sufficient safeguards to block US intelligence services and meet the standards set by the GDPR. At this point it’s unclear whether the site will face a penalty for the breach or not.

Categorized in: