Samuli Hokkanen

This post was published originally as an opinion piece in Helsingin Sanomat 21.2.2022

The communication from authorities on this topic is often contradictory and almost always open to interpretation.

European data protection authorities have recently ruled that the use of Google Analytics, the world’s most used web analytics tool, on websites is contrary to data protection legislation. The main reason is the interpretation that the service transfers personal data from Europe to the United States. This decision is part of a long-standing process between the European Union and technology giants to seek clearer guidelines on individual and corporate data rights. The majority of Finnish companies use this tool to track and analyze traffic on their online stores and websites.

Human-centered data rights (the so-called Mydata principles) and stricter requirements for companies in personal data handling are definitely the right direction. There are sad examples of reckless handling of personal data both from us and globally.

In Finland and Europe, too many companies are unclear about what the decision regarding Google Analytics means for their business or system choices. Therefore, companies digitalizing their business require significantly better and faster support for personal data issues from both EU-level and national data protection authorities. The communication from authorities operating at different levels is at its weakest contradictory and almost always open to interpretation. It should be clear enough to enable rapid changes in companies’ operations and system choices. There is too little unequivocal information and practical help available for proactive data protection work to be possible for all companies.

Individual data rights are emerging as one of the most important technology themes of this decade. Solutions to open questions and better communication are needed from both authorities and private service providers.