Denmark: Published Datatilsynet Guidance on avoiding illegal data transfers while using Google Analytics

On September 21 2022, the Danish Data Protection Authority (Datatilsynet) published its guidance on the use of Google Analytics in relation to cross-border data transfers. Following the 2020 Schrems II ruling by the CJEU that data transfers to the United States under the EU-US Privacy Shield were not in compliance with the EU's General Data Protection Regulation (GDPR), Datatilsynet concludes that the Google Analytics tool cannot be used lawfully without further measures. One technical solution, according to the Datatilsynet, is pseudonymization, which was proposed by the French data protection authority CNIL. Such a measure prevents illegal data transfers through proxification. If such supplementary measures cannot be taken by a company, Datatilsynet finds that they must stop using Google Analytics in order to remain GDPR-compliant.