cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Google Analytics cops a European GDPR fine

Hi All

 

Interesting that the Austrians have fined the continuous use of Google Analytics as violating the European Privacy legislation - GDPR.

 

https://www.pymnts.com/google/2022/ruling-google-analytics-violates-privacy-law/

 

It should be an interesting case.  Apparently the case will have a profound effect on US Cloud Services.

 

Regards

 

Caute_Cautim

2 Replies
JKWiniger
Community Champion

Re: Google Analytics cops a European GDPR fine

This has always been something I have always seen both sides on. On the one side, my IP is so I can get to where I want to be, so it should not be used against me. During these times how many of us have simply turned on a VPN and had Google hit us with a captcha just to do a simple search. Or had other sites not allow us entirely? This is uncalled for. On the other side, from a security standpoint, the IP address aides in incident response and finding who or what may have done a bad thing. So where is the line between a company monitoring an IP for security and one that monitors for their own internal benefit? 

 

With the sites that block you for using a simple popular VPN to try to protect yourself don't seem to really care about YOUR security or safety, just theirs! While I do understand how monitoring and blocking certain IP address can seem to reduce a companies attack surface I just believe there has to be far better ways that do not reduce a person's security.

 

Thoughts?

 

John-

Caute_cautim
Community Champion

Re: Google Analytics cops a European GDPR fine

@JKWiniger    I would agree with your point of view and perspective.

 

However, IP addresses can easily be spoofed, masqueraded, so additional measures are required to ensure you are who you state you and that you are actually authorised to have access to that system, web site, data source etc etc.

 

Perhaps we should introduce identity as a pillar, not just user, but application level too or even device, network level - are they authorised to access the particular system i.e. data, application, server, network etc.

 

VPNs are also going out of fashion, and being replaced with Secure Access Service Edge, which is based on application requests rather than IP addresses.

 

If organisations process or control private data, then they must have the appropriate controls in place to ensure a) you are authorised to access it, b) your identity can be proven beyond reasonable doubt - human level, but now we should add additional levels i.e. network, application - no matter where your data exists.

 

Because we have technology capabilities to fake humans, machines and systems - so we need additional measures to provide increased reassurance.

 

Regards

 

Caute_Cautim