Comment by calibas
3 years ago
If I understand this correctly, the issue isn't Google Analytics specifically, but "because it transfers users’ data to the USA, which is a country without an adequate level of data protection".
So this could also apply to any company that sends PII to the USA?
At present, there is no legal basis for a company covered by the GDPR to send personal data to the US or a US-owned company. The US needs to repeal the CLOUD Act, and maybe one or two other things, in order to make this situation work again.
Is that for US- or Italian-based users? What if this is an Italian company running a global website with data from non-GDPR country users?
You can find the scope of the GDPR in Article 3 of the GDPR: https://gdpr-info.eu/art-3-gdpr/
Read these as individual clauses; the Regulation applies if any one of them is met. An Italian company serving customers anywhere in the world is covered by the first clause.
GDPR covers EU citizens. I don't think it says anything about non-EU citizens.
6 replies →
Any company that sends personal data to the USA, yes.