The Norwegian Tax Administration and the State Educational Loan Fund’s use of Google Analytics violate the country’s privacy laws, because the agencies have no control over how Google uses information about users, the Norwegian Data Protection Authority said on Tuesday.
The authority, which has a history of keeping U.S. IT companies on a short leash, last year took a closer look at how the two organizations used Google Analytics, which is a free service that allows websites to keep track of traffic. The authority has found that agencies’ use of the analysis tool is not in accordance with Norwegian law, according to preliminary findings.
Google Analytics collects IP (Internet Protocol) addresses and information about visitor behavior. Since the data can be traced back to an individual, businesses that collect information have to make certain that it is anonymized and used only for statistical purposes, the Data Protection Authority said in a statement.
The authority believes that the Tax Administration and the State Educational Loan Fund do not have control over how IP addresses are treated, because they unconditionally accept the terms of use of Google Analytics, it said. It fears that Google uses the information gathered by Analytics for other things than measuring Web traffic, and now wants documentation from the agencies to prove that isn’t the case before it moves forward.
Google and users of Analytics have done nothing wrong and the service fully complies with Norwegian and European data protection laws, according to a statement from Google.
The service has been designed to keep information safe, Google said. Webmasters using Analytics are in complete control over which data is sent to the service and how Google uses, and can use, the information received from their sites, Google said, and added that it has offered to meet the Data Protection Authority several times to answer any questions and it remains willing to do so.
The Tax Administration takes privacy as seriously as the authority does. Therefore, IP addresses made anonymous and it is talking with Google to get documentation the Data Protection Authority has requested, a spokesman said via email.
Send news tips and comments to mikael_ricknas@idg.com