The Austrian Data Protection Authority has recently on the back of a NOYB compliant, come to the decision that the use of Google Analytics is not compliant with the GDPR, Schrems II, and data transfer laws. In the case, they found that personal data from the complainant’s browser or device had been transferred to the United States through Google Analytics. This data was seen as sufficient to identify a European data subject and was therefore deemed to be a Schrems II non-compliant data transfer. On the back of this, the Autoriteit Persoonsgegevens (AP, The Dutch Data Protection Authority) has published on its website, in the Cookies section, that it is currently investigating two complaints about the use of Google Analytics in the Netherlands. Furthermore, it adds that when these investigations are complete, it would be able to in early 2022 determine whether Google Analytics is permitted or not. The Dutch DPA had so far been more lenient on the uses of Google Analytics, even without consent, but this new movement and set of rulings might put the use of Google Analytics in question altogether.
The Austrian DPA judgement can be found here (in german):
The Dutch DPA announcment can be found here.
For more information we would like to recommend our German article on the case.