15 comments

[ 5.4 ms ] story [ 47.5 ms ] thread
The government officials are particularly wary about the information Google is able to collect on websites of health insurance companies and the like, saying Google could conceivably create profiles of people that would include information about their interests, lifestyles, consumption patterns, political and sexual preferences.

Then shouldn't the regulators be looking at the health insurance companies, making sure they aren't using tools like this (or exporting this usage data to other companies), rather than the provider of this free service?

I have read through the comments on Techcrunch, and I don't think anyone there gets it - unless I am the one with the misunderstanding.

Installing Google Analytics on a website allows Google to track users visiting the site. Can Google not follow this same user across different GA-enabled sites (e.g. through a cookie)? And can Google not connect this user with search terms entered on its website? If that is the case, that seems to be a significant amount of data that would potentially fall foul of European privacy laws.

The commenters on Techcrunch, however, seem to think the issue is with the users of Google Analytics (the web site operators) gaining private data. It isn't. It's with Google getting this data.

Analytics sets it's cookie under the site's domain name, so it is not available to other GA-enabled sites.

edit: whoops, I misunderstood your question

(comment deleted)
I don't think that's what the Germans are worried about (though it's what most commenters on Techcrunch think they are worried about). I think it's about Google having access to this data, and being able to link visits and search terms - not the users of Google Analytics.
(comment deleted)
The main criticisms are that GA collect users' data without consent, without telling them what they collect and without giving them a simple way to get their data reliably deleted, all of which are forbidden according to german law. And before people start complaining that GA doens't collect personal information: there seems to be an emerging legal consensus in germany that an IP address is in fact a personally identifiable information. Nobody has ever been taken to court for running an apache with the default logging configuration, but there are people who think that that is an offence worth a fine of up to €50.000,-- too, just like running GA.

For those who can read german, here is a better text: http://www.heise.de/newsticker/meldung/Bundesdatenschutzbeaf...

And soon this will be the way the whole EU works. And then the advertising market will collapse there and maybe they'll decide to come up with privacy laws that make sense...
Not EU, this is how Europe works (certain parts of it at least, and certainly where I live). There is a certain political culture in european states that causes a sense of unease when anything of no trivial size is not "regulated". The "regulation" instinct is almost theological, it does not stem from problems or desired results or policies. When something important is not "regulated" somehow, it is perceived as potentially dangerous.
what he means is that Google puts together all the data from Google Analytics enabled sites, to put together a huge picture.

it's not the sites gaining the info, it's Google

I'd think it's not really a cookie being available for use on another site at issue. It's that site visit data is collected in a central location (Google) and is potentially available for data mining.
but webtrekk.net is allowed???

(A sampling of clients include Allianz[insurance], Esprit[lifestyle], Siemens[almost anything], Flatex, Map24[location], Bosch, and Die Zeit[pol].)

The way I understand it, saving any personal data without consent (or warning? Not sure.) is illegal in Germany. And, far as I can tell, IP adresses are considered - like telephone numbers or email adresses - personal data.

Now, as far as I can tell, there has never been a court case about Google Analytics or similar solutions. I know that already, some providers of analytics solutions are anonymizing the saved IP adresses. Google Analytics (and many others) don't do that. So the German government might just have a case.

Just to clarify myself here: I think the owner of the site is allowed to store the data, she is just not allowed to hand it over to any third parties (in this case: Google).
This is rediculous. GA is simply a log of ip addresses that request data from your server. Its no different than a hotel keeping a guest log.

If you weren't explicitly giving away you ip address, there's no way the server could send you data.