In this PrivacyEspresso, Luca Egitto, PrivacyRules expert from the Italian law firm RP Legal & Tax, delves into the intricacies of the recent decision of the Italian DPA on Google Analytics with a specific focus on the possible solutions to these issues at the business and jurisdictional level.
First of all, Luca provides a brief overview of the position of the Garante (Italian DPA), also in light of the previous decisions of the CNIL (French DPA) and DSB (Austrian DPA), and explains the practical impact of these decisions on EU businesses.
As a second step, Luca argues on the possibility to use GA4 or a Proxy to resolve the issue. In general, Luca explains in detail why GA4 cannot be considered a solution at the actual stage and why he would not rely on it at the given time. Differently, the proxy can be considered an effective solution in theory, but that can be really cumbersome to put into practice. For example, most of the Proxy available today are US-based and the EU ones still need to be checked by the companies for GDPR compliance. So this process may result very difficult to be implemented at the economical and business level.
Finally, looking for a solution at the higher/legislative level, Luca warns on the intricacies of the US Cloud Act ad the capabilities of US authorities to get data through it. Based on this, he aims at relevant changes at the US level, possibly starting with the creation of a US privacy authority as a first step. However, such changes require time, so we will probably have to wait till 2023 before having developments on this.