Slashdot Mirror
Google Analytics May Be Illegal In Germany
sopssa sends in a TechCrunch story that begins "Several federal and regional government officials in Germany are trying to put a ban on Google Analytics, the search giant's free software product that allows website owners and publishers to get detailed statistics about the number, whereabouts, and search behavior of their visitors (and much more)." Here's Google's translation of the article from Zeit Online (original in German). A German lawyer cited there says that penalties for websites that uses Google Analytics could amount to €50,000 (about $75,000). Reader sopssa adds, "The amount of data Google collects from everywhere on the Internet is indeed huge, and website owners should be using a local open source alternative to keep visitor data private."
There are however data protection laws in place and especially about storing personal information in other countries. From the article:
This isn’t the first time German privacy protection officials have voiced their concerns about the Google Analytics service, as it had earlier criticized the search giant over keeping everyone ‘in the dark’ about which information they’re collecting exactly and how much identifiable data is sent to and stored on servers located on U.S. soil. German laws prohibit such data to leave the country, they claim.
If you or your website is giving such personal info to other party and it's stored elsewhere, you will be just as liable. And let's be honest, Google is able to profile people really good. German authorities are especially worried about political parties and pharmaceutical companies websites.
And they are storing that cookie everywhere on the internet now a days. Google can build a pretty accurate profile about you (unless you've blocked it, but 'casual' people usually don't)
Have you actually used the Analytics service? It shows very detailed information about visitors, where they are coming from and what they do on the website. There's tons of statistics and other stuff available, and Google can track the individual people across the internet.
It's not really about you recording the fact that someone came to your website. The article says that there are worries that Google could further use the data, and eg connect it with the data they might have from Google Mail or other sites using Google Analytics, thus generating profiles about habits and preferences etc. If you use Google Mail, it is your own decision, but you might not be aware if you visit a site using Google Analytics and that not only the site owner records the fact that you were there, but Google knows, too (including all other Google Analytics sites you were visiting).
According to the article, nothing is decided. There is also some dispute whether the above scenario is possible under Google's own usage terms. Currently, it's a discussion among the data protection officials from the various German states. So, currently, they are basically doing their job.
Is it also against the law to record what customers come in the door of your brick and mortar store in Germany?
Depends. It is illegal to store their name, home address, passport number and blood type just because they wanted to shop at your place, yes.
And rightly so. You do business under the law of the land, so the law of the land tells you how you can do it. If you don't like it, you can shove off to some place in the middle of Africa where they don't have laws.
Assorted stuff I do sometimes: Lemuria.org
Actually, NoScript only does part of the job, google-analytics.com, coremetrics.com, any many other ad/tracking entities sneak around NoScript on many sites, including /.
/. again, you will see what I mean.
Install the RequestPolicy add-on and browse
Did you ever wake up in the morning, with a Zombie Woof behind your eyes? -- FZ
It just keeps statistics on things obvious to the web server when you connect to it. IP address, location, referring page, browser, etc.
But these statistics aren't run local on the webserver itself. They are transmitted to Google.
It's like knowing that a middle-aged white male in a red sweatshirt came in the door.
No.
It's like *telling Big Brother* that a middle-aged white male in a red sweatshirt came in the door of your house.
And asking Big Brother to do some statistics about who comes to your house for you.
Sure from the website's owner point of view, the result is the same : he/she got on who visits the site.
BUT from the *user* point of view it is different : The user accepted the fact that, by entering your house, you'll know the users' age/sex/clothes colour. BUT the user never accepted in the first place that you also send these informations to big brother.
The EU regulate clearly what you can transmit to 3rd party.
Here the problem is not that website are doing *stastistics* (they can the information is trivial).
The problem is that, in order to compute said stats, the websites *forwards* the data to google : a 3rd party which has nothing to do in the first palce.
The solution : Use adblock and/or noscript.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
And prostitution
Before getting too paranoid about google analytics, take a look at the actual cookies it stores. E.G. in Firefox "Tools", "Options", "Show Cookies", search for "__utmz". Whoa, there are a few hundred. Check out the one from Slashdot - in my case: "9273847.1252068577.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)". "9273847" means "slashdot.org". "1252068577" means me, when I go to Slashdot. The rest of the stuff has to do with how I found the site. But now look at __utmz for say, pennyarcade.com: "84531096.1252070740.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)". It's a different web site ID, but it's also a different user ID. There's no correlation between the person who goes to slashdot, and the person who goes to pennyarcade. Google can't tell that they're both me. My ID is different on every single web site that uses Google analytics. The only purpose of the ID is so that, for a single given website, they can tell the difference between one person visiting it a hundred times, or a hundred people each visiting it one time. There's no other personally identifiable information tied to that number. Your analytics cookies on all those sites are not correlated with each other; they're not tracking everything you do.
I call bullshit.
The German policemen have a handgun, that's it.
As far as I know they don't have a shotgun in the trunk or anything.
Policemen with more armament are the German equivalent of SWAT or riot troops (say when a major league soccer game is on or a high profile demonstration).
I wonder how your friend managed to see such heavy armed police that often. I actually live in germany and the normal police officer has his normal gun and nothing else. I only see police with automatic weapons at the airport. I have never seen police with grenades and neither with bandoleers. I think your friend is full of shit.
Says the guy who does not even have firsthand experience of seeing german police? When talking about mere perceived threat, juding by what i occasionally see on tv news, i would feel much more threatened by the police and other security in the USA, carrying nasty stuff like teasers and so. I've never seen a machine gun outside of a german airport, and the only other weapon beside the normal police gun i have seen with german police was a club. And this is very unusual as well.
So stop spreading second hand bullshit.