The European Council website, which is a sub domain of the main EU website, is running Google Analytics to capture the usage statistics of the website. There is no “opt-in” option on the website as required by EU legislation. This legislation refers to Directive 2009/136/EC which amended the European Directive – 2002/58/EC – which is concerned with the protection of privacy in the electronic communications sector. Governments in Europe had until 25 May 2011 to implement these changes into their own law. The UK introduced the amendments on 25 May 2011 through The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011.
The “Legal Notice” page of the site has the following statement regarding the use of Google Analytics:
Google Analytics Statement from European Union Website
You are informed that this website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”) to help analyse the use of this website. For this purpose, Google Analytics uses “cookies”, which are text files placed on your computer.
The information generated by the cookies about your use of this website – standard internet log information (including your IP address) and visitor behaviour information in an anonymous form – will be transmitted to and stored by Google including on servers in the United States. Google will anonymize the information sent by removing the last octet of your IP address prior to its storage. According to Google Analytics terms of service, Google will use this information for the purpose of evaluating your use of the website and compiling reports on website activity for the European Council.
The European Council will not use, and will not allow any third party to use the statistical analytics tool to track or to collect any personally identifiable information of visitors to this site. Google may transfer the information collected by Google Analytics to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. According to Google Analytics terms of service, Google will not associate your IP address with any other data held by Google.
The last paragraph is interesting. It highlights the Google Analytics Opt-out Browser Add-on, which perhaps the EU is saying, despite the guidance given by the Information Commissioner’s Office (ICO) in the UK, an opt-out is enough to comply with the legislation or they’ve so far been lapse and not updated their website accordingly.
Google and other web analytics vendors are in conversation with the EU regarding this law, but in the meantime, perhaps the EU should get it’s house in order before it starts pursuing companies who are trying to deliver the best service to the customers and rely on this information to do so. After all, this puts companies in the EU at a potential disadvantage when compared to those in countries not under this legislation.
For more information on becoming compliant to this law, which has potentially hefty fines of up to £500,000 for those who don’t comply, please see the Information Commissioner’s Office page, Cookies Regulations and the New EU Cookie Law. Maybe the EU should be taken to court for non-compliance with their own law unless, as mentioned above, using the Google Analytics opt-out is enough?