Connect with us

Hi, what are you looking for?


Data Protection

Sweden Orders Four Companies to Stop Using Google Tool

Sweden has ordered four companies to stop using a Google tool that measures and analyses web traffic as doing so transfers personal data to the United States, fining one company the equivalent of more than $1.1 million.

Sweden on Monday ordered four companies to stop using a Google tool that measures and analyses web traffic as doing so transfers personal data to the United States, fining one company the equivalent of more than $1.1 million.

Sweden’s privacy protection agency, the IMY, said it had examined the use of Google Analytics by the firms following a complaint by the Austrian data privacy group noyb (none of your business) which has filed dozens of complaints against Google across Europe.

Noyb asserted that the use of Google Analytics for web statistics by the companies resulted in the transfer of European data to the United States in violation of the EU’s data protection regulation, the GDPR.

The GDPR allows the transfer of data to third countries only if the European Commission has determined they offer at least the same level of privacy protection as the EU, and a 2020 EU Court of Justice ruling struck down an EU-US data transfer deal as being insufficient.

The IMY said it considers the data sent to Google Analytics in the United States by the four companies to be personal data and that “the technical security measures that the companies have taken are not sufficient to ensure a level of protection that essentially corresponds to that guaranteed within the EU…”

It fined telecommunications firm Tele2 12 million kronor and online marketplace CDON 300,000 kronor.

Grocery store chain Coop and Dagens Industri newspaper had taken more measures to protect the data being transferred and were not fined.

Advertisement. Scroll to continue reading.

Tele2 had stopped using Google Analytics of its own volition and the IMY ordered the other companies to stop using it.

IMY legal advisor Sandra Arvidsson, who led the investigation, said the agency has the rulings “made clear what requirements are placed on technical security measures and other measures when transferring personal data to a third country, in this case the United States”.

Nyob welcomed the IMY’s ruling.

“Although many other European authorities (e.g. Austria, France and Italy) already found that the use of Google Analytics violates the GDPR, this is the first financial penalty imposed on companies for using Google Analytics,” it said in a statement.

At the end of May, the European Commission said it hoped to conclude by the end of the summer a new legal framework for data transfers between the EU and United States.

The GDPR, in place since 2018, can lead to penalties of up 20 million euros or four percent of a company’s global revenue.

Related: EU Court Deals Blow to Meta in German Data Case

Related: TikTok’s Trials and Tribulations Continue With UK Data Protection Fine

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...