Google Analytics violates the GDPR, French privacy regulator rules

France’s privacy regulator (CNIL) today ruled that Google Analytics violates the EU General Data Protection Regulation, because of illegal data transfers to the US.

France’s privacy regulator says “Google additional measures to regulate data transfers are not sufficient to exclude the accessibility of this data for US intelligence services,” and that there is a risk for “French website users who use this service and whose data is exported.”

CNIL is giving websites one month to stop using Google Analytics.