Privacy authority ruling due to its use of Google Analytics as US’ protection levels for personal data are deemed inadequate
Swedish telco Tele2 has been fined SEK 12 million (€1.01 million) for breaching GDPR regulations by the Swedish Authority for Privacy Protection (IMY). The fine is part of a wider clampdown on how four Swedish companies have been using Google Analytics. The other three are CDON, Coop and Dagens Industri.
IMY found that Tele2 had been transferring personal data to the US via Google Analytics since August 2020. Under GDPR, personal data may be transferred to countries outside the European Union (EU) and the European Economic Area (EEA) – if the European Commission has ruled that the country receiving the data has “an adequate level of protection for personal data”.
The European Court of Justice decided that the US’s levels do not offer adequate protection and that Tele2 (and CDON) has not taken the same “extensive protective measures” as other enterprises being investigated.
Tele2 recently stopped using Google Analytics of its own volition and IMY has instructed the other three to desist.