Italy: Italian Data Protection Authority rules that use of Google Analytics violates GDPR

On 23 June 2022, the Italian Data Protection Authority concluded an investigation by ruling that the use of Google Analytics by Italian websites represents a violation of the GDPR if data is transferred to the United States without the appropriate safeguards demanded by the GDPR. The investigation found that websites using Google Analytics collect data including user IP addresses, user activity on the website, and services rendered, and transfer such data to the United states, which do not have an adequate privacy regime according to the GDPR. The website operator was given 90 days to comply with the law, the aim of the investigation being to encourage Italian website operators and data controllers to evaluate the use of Google analytics regarding compliance with Italian and EU data protection law.