The Norwegian Tax Administration and the State Educational Loan Fund's use of Google Analytics violate the country's privacy laws, because the agencies have no control over how Google uses information about users, the Norwegian Data Protection Authority said on Tuesday.
The authority, which has a history of keeping US IT companies on a short leash, last year took a closer look at how the two organisations used Google Analytics, which is a free service that allows websites to keep track of traffic. The authority has found that agencies' use of the analysis tool is not in accordance with Norwegian law, according to preliminary findings.
Google Analytics collects IP (Internet Protocol) addresses and information about visitor behaviour. Since the data can be traced back to an individual, businesses that collect information have to make certain that it is anonymised and used only for statistical purposes, the Data Protection Authority said in a statement.
Google and users of Analytics have done nothing wrong and the service fully complies with Norwegian and European data protection laws, according to a statement from Google.
The service has been designed to keep information safe, Google said. Webmasters using Analytics are in complete control over which data is sent to the service and how Google uses, and can use, the information received from their sites, Google said, and added that it has offered to meet the Data Protection Authority several times to answer any questions and it remains willing to do so.
The Tax Administration takes privacy as seriously as the authority does. Therefore, IP addresses made anonymous and it is talking with Google to get documentation the Data Protection Authority has requested, a spokesman said via email.