[Germany] Several federal and regional government officials in Germany are trying to put a ban on Google Analytics, the search giant’s free software product that allows website owners and publishers to get detailed statistics about the number, whereabouts and search behavior of their visitors (and much more).
According to an article in today’s Zeit Online (poor Google translation here), multiple federal and state government officials charged with guarding over national data protection are convinced that Google Analytics is against the law in Germany and are mulling imposing fines on companies who use the service to gather detailed stats based on their website visitors’ usage patterns without the explicit consent of those visitors.
Still according to the Zeit Online article, an approximate 13% of German website publishers (meaning those with sites that have .de as their TLD) currently use Google Analytics, including several websites of leading media organizations, political parties and pharmaceutical companies. The government officials are particularly wary about the information Google is able to collect on websites of health insurance companies and the like, saying Google could conceivably create profiles of people that would include information about their interests, lifestyles, consumption patterns, political and sexual preferences.
This isn’t the first time German privacy protection officials have voiced their concerns about the Google Analytics service, as it had earlier criticized the search giant over keeping everyone ‘in the dark’ about which information they’re collecting exactly and how much identifiable data is sent to and stored on servers located on U.S. soil. German laws prohibit such data to leave the country, they claim.
Google Germany’s Per Meyerdierks, however, says the company is well within its rights to process user data in the United States because it respects the Safe Harbour treaty between the EU and the USA. He argues that an opt-out would be entirely unnecessary, and that users always have the option to refuse cookies anyway.
One German lawyer that gets cited in the article says the penalties could amount up to €50,000 (about $75,000) per website that uses Google Analytics to keep track of its visitors’ usage patterns.
I don’t believe it.
In Shermany we take ze privacy of ze peeple wery seriously. Only ze government has ze right to spy on ze peeple. Zat’s why ze government released a trojan to protect oll ze computers in Shermany.
I get it, because all you know about Germany is some infantile propaganda that was passed on to you by ignorant people and hollywood scripted games, you are using a derogatory, mocking tone to show your ignorance. Classy!
So, that this post brings up a valide point regarding digital privacy and identity is irrelevant to you and your fellow curmudgeons, right?
Would you also be so mocking if Wal-Mart decided that they would implant a recording and tracking device in the products they sell without your expressed permission? Then they could listen in on your conversations at home, see how and where you use the product you purchased, know when you enter their, or your competitors’ store when you wear the clothes with the attached tracking device, etc. Wouldn’t that be great?
Of course Germany is also known for it’s terrific sense of humour.
This is great news for startups of all other countries. Bye German competition! Have fun not knowing what your traffic is doing? (German govt should take note…)
Sorry, that’s BS.
Although it might be the case in a few years, the World does not yet depend 100% on Google.
There are countless alternatives to GoogleAnalytics:
http://mashable.com/2009/01/12/track-online-traffic/
Want to know who’s tracking you using GoogleAnalytics?
Firefox has an add-on: https://addons.mozilla.org/en-US/firefox/addon/5631
-> Tell your browser to delete the cookies (FF: “Private Data”, in Settings: check “Cookies” ) when you close it.
You should also delete “SuperCookies” (based on Flash).
This add-on can do that: https://addons.mozilla.org/en-US/firefox/addon/6623
That’s rather noob isn’t it?
I built my own… Analytics doesn’t tell you what you need to know. In any event Piwik is an alternative for many.
This is just older.
There are many other alternatives to get off from Google Analytics.
That’s boarig..
Regards,
Aria Kerry.
Professional Design Expert.
website design
web design
They do know that the only data that Analytics collects is data that the user is freely giving, right?
Maybe. But does the user know that?
When I say “user” I mean mom and pop, not your average techie.
Ignorance is no defense in the legal world, I think.
Yeah, but in Germany, the Government uses to protect peoples from their ignorance, I’m not just sure they know what Google analytics is exactly and how it works, I’m having the feeling like, the german Government has a very big concern seeing Google collect datas at all stages of the web, without knowing exactly what is done from those datas.
(beta comment)
and yet the ignorant sometimes need protection, which is why we have all those warning signs abuot improper use on microwaves and plastic bags over here.
Is all the “Angst” justified? Dunno, but I find this paranoia easier to accept than the Canadian government planning to allow the music industry to break into your computer on suspicion of copyright infringement. Sounds like ze Germans would not be too keen on that sort of thing.
True, ignorance is no excuse. And while we’re on the topic, I’m the prime minster on Nigeria and would love to organize a business deal with you for the sum of $43,000,000. (for the low, low, single transaction fee of $65).
Ignorance may not be a defense, but ignorance that would cause morally culpability would require active disregard. How much can a person reasonably be aware of, especially when the laws, rules, regulations, guidlines, terms, etc. one expects others to be aware of are written in incomprehensible lawyer-ese, hidden away where no one will see it or notice the tiny little link that takes you there even if you wanted to attempt to read the terms, and other traps that are sprung on consumers who are reasonably trying to be knowledgeable and informed?
The problem with people who spout the “ignorance is no defense before the law” lazy kind of syllogism are going to be, either on the doling end of the law, or not affected by it. It’s plain and simply a lazy and selfish postition to hold, à la, ‘as long as they don’t come for me I don’t care’.
well, that’s not entirely true. German law distinguishes between “personenbezogenen Daten” (personal data, e.g. your name) and “personenbeziehbaren Daten” (“personal obtainable” data, i.e. data which could be used to obtain personal data).
It is debatable under German law right now if your IP address falls into the latter category. If yes, Google Analytics will technically be illegal in Germany.
So, is ‘tail -f /var/log/apache/access_log’ illegal in Germany too?
Scott
Let me correct myself. I mixed something up. Storing IP addresses in combination with other data (let’s say your email address) is not really allowed unless the user gives you an opt-in.
The problem is that Google Analytics transmits and stores your IP address on their US-based servers and that it’s not clear what is happening to this data. And this is what contradicts the German privacy protection laws, I guess.
Obviously tailing a file is not illegal, but the access_log itself may be illegal if you put too much information in it. See this article about a sentence of a court in Germany on the subject http://www.out-law.com/page-9505
Well, I think there are two things that have not been taken into account by the German authority:
1. Google does NOT provide any report containing data about IP addresses
2. Google deletes all collected IP addresses after a certain amount of time (ie 30-60 days)
Since we are one of the few Google Analytics Authorized Consultants in Germany we cannot aggree to that kind of paranoia. There are much more severe malicious activities caused by malware and spyware than to blame Google for collecting data and providing website owners with useful insight information.
But IF this is really an issue, everybody’s free to buy Urchin Software which is completely self contained and will store data only inhouse.
Cheers,
webalytics
If that’s true..then would that not render most US or other country based services (like Facebook and other applications that track your ip address) illegal as well?
It must be all that personally identifiable information Google stores in Google Analytics… oh wait, it DOESN’T do that…
I’d be more concerned about the information Google collects from search behavior, but it still doesn’t differ that widely from information any other ad network collects.
Get a grip people. Freedom ain’t free, and the internet isn’t anonymous.
Can you be sure about that? Yes, it doesn’t SHOW personally identifiable information, but they may still store it.
It’s quite plausible that they’d store IP addresses and Google Accounts.
So what? That’s how “the internet” works. If you’re going online, you should be aware that your “ip address” is tracked by a all websites you’re visiting (and some additional companies like Google Analytics, Advertising Companies etc).
If someone is afraid about this, he shouldn’t go online, or, if anyone is that paranoid, switch off cookies and redial/reconnect to the internet after each website visit (hoping he gets a new dynamic ip).
Nobody, and especially the government, should ask german website owners to remove third party stuff (widgets, analytics, etc), just because the ip is transferred outside of Germany.
Oh, sorry, I forgot that it’s not prohibted. It’s “only” necessary to ask the user for permission before anything like that is done (like via popup). And, it’s not sufficient to write this in your terms of use. The visitor has to explicitly opt-in for this.
Agreed, that should be taught in schools.
I adblock analytics, another thing to teach kids to do.
If this is the case, and since all internet protocols send source IP along (if they expect a reply), then the only legal and compliant thing to do is to shut down the internet at the German border, otherwise IP end up at the foreign server.
Very interesting! It is very interesting development. I will be very curious how Google reacts and what other repercussions take place!
Maybe the German government should look into what Google can collect and what they can not collect via web analytics before they come to the conclusion that Google could be building profiles of users based on the analytic data.
MMM seems like a good way to track Paedophiles to me…….. whats the problem, Guilty concious ?
Fair points around privacy this is something that should always be discussed no matter what the solution is.
Do they plan on issuing fines if you use Google Analytics?
Its a simple option to just exclude all German visitors traffic by using Google Analytics filters if they are serious about that fine…
This is ridiculous. Google Analytics is based on the web site access log file. Every web server out there is running server software that collects that information. The German government is about to ban the entire web.
I should be more exact and say that Google Analytics, at least the majority of the information it collects, is the same information that all web servers collect.
How Google could build personal profiles based on GA data?
Most of the data that is collected does not contain personal identifiable information – these are clickstream data. Of course some website owners can implement GA to track user-related data but then it is the responsibility of the company – not from Google.
It is true that Google collects a LOT of information and that it allows Google to have a good understanding of general behavior, trends,…
(see one of my post: http://www.kaizen-analytics.com/2009/10/google-trends-for-websites-do-you-trust.html)
But they don’t make user-level profiling (or am I naive?).
As someone commented, then they should ban Google search as well.
And Google Toolbar. And Google Mail. And….
Hey maybe they should just ban the Internet
Agree it also shows a lack of knowledge & understanding (on Web analytics in general).
Michael
In adition to this it is impossible to track individual visitors. In fact, you may not add any personally identifiable information to your GA tracking.
Compare this to a few paid packages out there and you’ll notice that they do allow this and in fact go very far.
One package allows you to select all e-mail addresses from users that abandoned their cart at step X so that you can e-mail them.
I seriously doubt that any of the people involved have even used GA…
Isn’t this the entire point of safe harbour, binding contracts etc was about – but it seems kneejerk – agree with previous posts – they need to quantify what could be assembled as user defining data.
YOU ALL JUST DON”T GET IT
Understanding how the interwebs works is not important. When it come to technology the proper response is to think with your gut – not your brain!
If you don’t believe me just ask great men like Rupert Murdoch or Ted Stevens.
Screw reality. I think Germany is just taking a page from these great technological guts.
+1
Wrong. You DO HAVE to think.
And if you do so, you’ll see that Germany is rightfully concerned.
Btw.: You only need to log into a Google service once and all the (GA-equipped) sites you’ll visit from that moment on can be linked to your Google account.
=> A nice & complete personal profile of yours.
Hi All,
There seem to be a lot of comments here from people who think that Google knowing a lot about you is a bad thing.
We are all currently bombarded with well over 2000 adverts and marketing messages everyday with a tiny fraction of these being relevant or even remotely interesting. I must at this point admit I am a marketer so am bias, but what Google is trying to do is understand the needs of individuals and so that busineses can cater for those needs. In the long term it will be a benefit for consumers.
A very good point made in the comments is that those that do not want any of this can simply turn off cookies and not sign up for the free applications and services that Google offer. Nobody is forced to have any of these.
And, just a last comment re the suggestion that people should just go with their gut instinct… Gut instinct will only work for the very few and they will usually have built up years of experience that most will only be able to aspire to (that is how they got to the top! along with knowing the right people and being in the right place at the right time).
Good decisions are always INFORMED decisions, if a decision is not informed then it is a guess. I do not think that Rupert Murdoch guesses much, he will make decisions based on his years of experience in media. Marketing can be the difference between a good year and a poor year, and as many people will know a poor year can mean redundancies and companies going bust!
Currently the data collected cannot be linked to a physical individual (only the IP address could be considered as doing this). If data starts collecting personal information (such as name, address) rather than demographic data then I will expect opt in schemes.
Untill then I will continue to gather as much information (legally) as I can about the people that interact with my site and there needs with the aim to serve these needs in the best possible way.
Haha, definitely +1 to Kevin Pike. My sentiments exactly regarding Murdoch and Stevens.
Honestly, this is so ridiculous it shouldn’t bear commenting. Yes, the web has serious privacy concerns, but there are far more pressing things out there besides Analytics. WTH the recording industry.
So turn your cookies off. Not too tough.
How is this different than surveillance cameras in a retail store, or airport or, (I’m sure) a government building in Germany? I guess they’re claiming that the problem is the data is then exported. But the point being, a user is willingly (virtually) entering a domain. The server belongs to the host… they can monitor the happenings on that server in their best interests. Within reason, of course.
Also… Google is not the only analytics player in the game. Serious retailers will use a commercial vendor like Omniture (now Adobe) or Coremetrics. Why all the GOOG hate?
“Google Inc. is expressly acknowledges, in its regulations to be accepted when using the right one, beyond the individual user by means of a unique identifier data obtained with other previously stored data “associate something like Gmail” and to share this information with third parties. ”
This is something that Omniture doesn’t do. Your data is kept privately.
Let’s not forget that this is “Die Zeit” reporting… not exactly known to be the most IT savvy publication out there. Who knows what they actually asked…
The assumption that “data is being exported” is wrong, anyway. It would be correct if the data was collected on the site first and then sent to the US, but the way it works, the browser connects to the US and that’s how data is collected. If that was illegal, Germans wouldn’t even be able to connect to any website outside Germany.
EU Governments, in general, have been astonishingly paranoid at web technologies and PII. While they are right in being concerned, the heavy-handed ways they are going about it are only going to stifle things in the EU-Zone.
I guess GA noticed that Germany started to build tanks…again…
While the measure might seem drastic, I actually think this scrutiny makes sense. Google DOES collect all this information, and there is NO WAY to guarantee this information won’t be misused by personalizing by linking it to personalized services (e.g. Google Mail, AdWords or Checkout). And Google WILL misuse this information, if it’s in Google’s commercial interest. Just wait a few years…
On my web sites, I would actually never ever use Google analytics.
Ron
Just out of curiosity, what about other analytic programs i.e. Omniture or Coremetrics. I don’t know German law but i would imagine that if one analytic program such as Google analytics is illegal then the more advanced ones like what i mentioned above would be considered illegal too. Just a thought, it seems more like a witch hunt than anything else…..
What we can say is that Google is a special case, because they are building huge monopolies or otherwise dominate the Web like no other company in the World.
hmm so finally its getting noticed by all…
Oh bother. My wife and I are in the UK but have a couple of domains on a host that is located in Germany. We also use GA.
Are we about to be clobbered by this nonsense or is it just German residents?
Silly Germans. Can’t they do anything right when it cones to the public? They either want a police state or a nanny state. Pffft.
Get google, fb and the fbi in a room together and they could patch out in 15 minutes a pretty comprehensive life story for anyone 30 years of age and younger in the U.S.
I agree this is wacked. Google Analytics doesn’t really give you any private (personal) information about visitors. It doesn’t give out IP addresses either (that might be against some laws).
I get so mad at the German government and its completely outdated privacy laws. People get cease-and-desist orders for EVERYTHING these days. Stupid old politicians have no idea of how much this slows down new business and tech ideas. And ruthless lawyers make big bucks suing small companies and private people because of hidden doors in old-fashioned laws.
Get your shit together Germany, no surprise people migrate to the US, UK or Australia en masse!!!
Disclosure: I’m German living in Australia.
Oh yes! Australia makes it much better. Muahahahahahahaha!!!111
For more information please ask the EFA:
http://www.efa.org.au/
Well, its good that there’s some talk about the dark cloud of data processing Google applies to data gathered by the millions of Google Analytics installations worldwide.
It might increase awareness of the importance of secure data collection and storage and serve as a wake up call for people unaware of the powerful position Google currently has.
Making Google Analytics illigal is of course not a very realistic desire, since it would be impossible to enforce such regulations.
Why do I keep getting Scientology ads on Techcrunch? Ah! It’s because I am German and they are served by Google AdSense and I guess I must have taken an IQ Test on some German website that runs GA. My IQ score came out way below room temperature (in celsius) and the devils at Google cleverly combined this information and can now serve me these hightly targeted ads…
Seriously, I am sick of seeing Scientology ads. And sick of my Government being dumbasses.
Issues like these unfortunately are quite normal over here: Lazy bureaucrats and lawyers who’ve never done any honest work in their lives try to make other people’s life as difficult and cumbersome as possible – especially if those people tend to be entrepreneurially inclined.
The result of this would be quite simple if this was to come true: German Internet enterpreneurs will no longer found German companies but British (or overseas) Ltd.s or Dutch BVs.
There always is a work-around for bureaucratic nonsense but it’s a hassle nonetheless.
We’re running a dating website in Germany, and we were contacted by the federal data protection officer (don’t know if this term does really exist in english) because of our use of Google Analytics a couple of weeks ago.
After receiving the letter I called the guy to ask what exactly he considers as “personal data” which must not be sent to Google (or USA) in general.
This guy really tried to convince me that the IP address would be such “personal data”.
He really didn’t care for my arguments, that an IP address is never ever anything like personal data, or that Google may have the IP anyway (because the most people use Google as search engine of course).
In his opinion website operators in Germany are not allowed to “send” the IP-address to any company outside the EU. This would prohibite use of any web 2.0 like feature (like Google Maps, Facebook Connect, Twitter-stuff etc).
;-P
Google tells me that storage of the IP is the problem, not simply sending it, and that IPs are explicitly listed as personal information in the law, by-law, regulation or whatever governs data protection in Germany. If you run a website as a business you may want to look into your duties, from the sound of it….
John, from a legal view of course the (possible) storage of the IP is the problem. As long as a we cannot prove that the IP is not stored, it is assumed that the address is stored.
But come on… I can’t imagine any website out there which doesn’t store the ip (exceptions may be some anonymizer or illegal services), at least in some logfiles to protect themselves against abuse, attacks or whatsoever.
Therefore in real life this restriction (don’t give ip addresses to someone else unless you can prove he doesn’t store it anywhere) means: don’t use any third party services on your websites.
Because even if you just include advertising tags from foreign companies would mean that you break the law.
I mean… what the hell can Google do with your ip alone? Nothing… anybody who ever tried to figure out who’s behind an ip address (like because of fraud etc) knows that it’s impossible to do this (except for the government, which can try to find this out).
Of course, if someone uses Gmail for his mails, Google Docs for the spreadsheets etc, then maybe, Google could try to connect the IP with your personal data.
But if someone is afraid about that, he simply should stick to Thunderbird, Excel & Co and never create personal accounts on websites. By acting like this, nobody – even Google – will ever be able to connect the IP with a personal identity.
There are better ways to protect your privacy from Google, such as moving to the opt out village:
http://www.theonion.com/content/video/google_opt_out_feature_lets_users
European Law is a little bit complicated and each country – and sometimes county within a country – uses different laws for the same topic. So maybe in Northern Part of Germany (where DIE ZEIT resides) Google Analytics may be banned in the future and in the Southern part it is allowed. Maybe that is the reason for people moving from the North to the South in Germany. They want to use Google etc. freely and don’t want to be “protected” by the county they live in.
i friggin hate the country i am living in -.-
That’s easy to fix
I have my site hosted in Germany whether it would create any problems for my site?
The decisive question is whether or not the IP address would amount as “personal data”.
And if so, whether companies will be willing to share adv revenue on conditions you give data away.
One is clear for sure: your search profiles ( already) worth a lot and on a long run, only service per se ( google, facebook) might prove not being enough for compensation.
Right on, Germans – back stab your already ailing web industry! More of the web cake for other countries…
this is dumb … I cant even imagine metrics w/o google analytics
i tried http://websbee.com. it was great ! all popular engines in one.it also goes deep search behind links
The thing is that all of what Google Analytics does, can be cloned by anybody for their own use. Google Analytics simply uses the header data to to compute some statistics. Anybody can do the same! If Google was using some secret data that they gather from another source to make the stats more interesting then that would be something to worry about. Not this.
Are there laws banning brick-and-mortar businesses from counting how many customers enter their stores, what they buy, demographics, etc.?
Ridiculous.
This reminds me a film called Gattaca . . . seriously I think the German government is doing a good thing here.
It’s definitely not a good thing. Currently the government seems only to dislike Google Analytics.
But if we accept that the IP address counts as “personal data”, you can forget about banner advertising on german sites, because this could mean some foreign company could get the IP.
Forget about embedding youtube videos on your blog (hey, youtube even is Google). Forget about adding Facebook Connect, and so…
If the government enforces this, all german websites will have huge disadvantages compared with their international competition.
How lame! So are they going to block analytics provided by other companies too? And stop all webservers from saving log files?
OMG!
I love google analytics and use it basically just for fun.
Pretty soon lawyers will start suing people all over the place over here.
Google Analytics (GA) is a free service offered by Google that generates detailed statistics about the visitors to a website. Its main highlight is that the product is aimed at marketers as opposed to webmasters and technologists from which the industry of web analytics originally grew. It is the most widely used website statistics service, currently in use at around 57% of the 10,000 most popular websites.GA can track visitors from all referrers, including search engines, display advertising, pay-per-click networks, email marketing and digital collateral such as links within PDF documents.Integrated with AdWords, users can review online campaigns by tracking landing page quality and conversions (goals).
Oh please,
dont they have anything else to do?
I the future stands on every german website only one thing: Sorry visitor, we can write no more than this, because all is criminal and not allowed..
The Google Meshup
- Via the search engine google knows what you are seaching in the web.
- Via googlemail, google knows what you are writing to whom.
- Via googlecalendar, google knows what you are scheduling
- Via maps.google knows in what region you are living
- Via Latitude.google, google knows who is in your social network and were they are right now.
- Via analytics, google know what is going on on your website
- Via books.google, google knows what you are reading
- Via google docs, google knows about your business.
Every new google tool is aimed to get a little bit more information about the user
You have to be really stupid not to get it !
Dude, a lot of people ARE, that’s the tragedy of the story…
Hi folks,
it is a little bit complicated, but I’ll try to explain. The news of the german magazine “The Time” are not new. In March 2009 the german agent for data privacy protection had appraise google analytics with a very critical status to german law. His statement:
“Currently, the use of the free Google Analytics service is not permitted by site provider. Google needs to change its configuration so that the parties may exercise their right of appeal, information, and information and effectively carry out erasure of data. For the unlawful use of the service, the website operator liable.”
In according to the german tele media law it is not allowed to capture personal data. The issue are the ip adresses because they are personal data in our law for example. There are much more items in this case in german law. For example: the alternate to get an overview for saling items and pricing in online shops.
I’m glad that the crunchies started this discussion. Maybe now google is willing to negotiate with the german gov. Since a year now the legal situation is very unclear and google wanted to take action to clatrify the legal situation in germany.
Last I checked Google Analytics gives the LEAST amount of info if comparing to other free and hosted services/tools. IP addresses for one…
Wow, it’s a vile things when the government intervention in blogging things.
This is really exciting news and I welcome it. Hopefully, it’s a sign of things to come and the EU privacy rulings will be the start of the end of the Google empire.
So have there been any actual convictions?? Or any prosecutions even?
Brian Katz – Analytics VKI
why only pick on Google analytics? surely omniture, yahoo etc are just doing the same..? does the ruling cover these also?
The German government is exceptionally un-techy. They have not the slightest clue what the web is and how it works.
I guess this is just another sign of their incompetence.
And I still cannot believe that the majority of the Germans keep voting for those parties …