France: CNIL publishes guidelines and Q&A on GDPR compliance to avoid illegal Google Analytics data transfers

Following rulings that data transfers to the United States (US) through Google Analytics were non-compliant with the EU General Data Protection Regulation (GDPR), the Commission Nationale de l'Informatique et des Libertés (CNIL) published guidelines on how to prevent illegal data transfers through proxification and comply with European data protection rules. The guidelines state that the implementation of contractual clauses and the alteration of the IP address's processing criteria are insufficient to utilise Google Analytics in accordance with the GDPR. Furthermore, the proxy server's settings and additional measures must ensure that data is not transferred outside of the EU without an equivalent level of protection.