Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Google Government Privacy Your Rights Online

Google Analytics May Be Illegal In Germany 241

sopssa sends in a TechCrunch story that begins "Several federal and regional government officials in Germany are trying to put a ban on Google Analytics, the search giant's free software product that allows website owners and publishers to get detailed statistics about the number, whereabouts, and search behavior of their visitors (and much more)." Here's Google's translation of the article from Zeit Online (original in German). A German lawyer cited there says that penalties for websites that uses Google Analytics could amount to €50,000 (about $75,000). Reader sopssa adds, "The amount of data Google collects from everywhere on the Internet is indeed huge, and website owners should be using a local open source alternative to keep visitor data private."
This discussion has been archived. No new comments can be posted.

Google Analytics May Be Illegal In Germany

Comments Filter:
  • by Anonymous Coward on Tuesday November 24, 2009 @06:25PM (#30220498)

    Everything is illegal in Germany.

    • by mrwolf007 ( 1116997 ) on Tuesday November 24, 2009 @06:33PM (#30220580)

      Everything is illegal in Germany.

      Bullshit. Only if its usefull for anything.
      Otherwise the chances of it being illegal are merely high.

    • Re: (Score:2, Funny)

      How else do you think Inspector Rex would stay on the job?
    • Re:Schadenfreude (Score:5, Insightful)

      by rrohbeck ( 944847 ) on Tuesday November 24, 2009 @07:00PM (#30220858)

      Except saying bad words on TV or being naked in public :)

    • Re: (Score:2, Interesting)

      by beefnog ( 718146 )
      I'm actually an American on vacation in Frankfurt at this very moment, and it is, indeed, a much more regulated environment. Seeing three guys walking through the aiport, one of them holding an automatic weapon at the ready, and getting the feeling that they're just waiting for a reason to jump you is very sobering. As far as everything being against the law, after talking candidly with some of my friends that live in Germany that is a far less humorous statement than it should be.
      • While I agree that things are overregulated, how is this any different from the police patroling the Golden Gate bridge with autmatic weapons? An M4 as far as I remember - I was there.

      • Re: (Score:3, Insightful)

        by dunkelfalke ( 91624 )

        Frankfurt airport really sucks. Try DUS sometimes, it is much more relaxed and friendly.

    • Re: (Score:2, Insightful)

      I've said it once and I'll say it again: Germany is not a free country.
      I always hear about them banning something or other for some stupid reason because it isn't good for the public.
      The most recent thing I heard about was that German politicians banned paintball because they believe it will lead to less gun-related violence and therefore good for society, and then you can't say anything about Nazis or face jail time or some other severe penalty and video games have to be heavily censored.
      I could go on o
      • by kju ( 327 ) *

        I've said it once and I'll say it again: Germany is not a free country.

        I'm german and i actually feel that i'm in a very free country, thank you very much. Yes, there are some laws which i disagree with, but overall it is fine.

        Complete bullshit. You can say a lot about nazis and the nazi areas. You can discuss this, and you are even free to utter dumb sentences like "not everything was bad in nazi germany" (which is technically spoken true, but a dumb statement nethertheless as a german tv personality badly

      • Re:Schadenfreude (Score:5, Insightful)

        by kju ( 327 ) * on Wednesday November 25, 2009 @05:53AM (#30224478)

        Sorry, disregard my other posting, something went wrong.

        I've said it once and I'll say it again: Germany is not a free country.

        I'm german and i actually feel that i'm in a very free country, thank you very much. Yes, there are some laws which i disagree with, but overall it is fine.

        and then you can't say anything about Nazis or face jail time or some other severe penalty

        Complete bullshit. You can say a lot about nazis and the nazi era. You can discuss this, and you are even free to utter dumb sentences like "not everything was bad in nazi germany" (which is technically spoken true, but a dumb statement nethertheless as a german tv personality badly learned a while a ago).

        You are only banned from showing symbols like the swastika, play/sing some songs like the "Horst Wessel Lied" (horst wessel song, hymn of the nazi party), deny the holocaust or praise the unlawful nazi regime. But even doing this will most of the time not lead you into jail. A fine will do in most cases.

        Now you might argue that this is against freedom of speech, but as a german i feel that given our history there is very good reason to ban said things, especially denying the holocaust. Our ancestors have done enough harm to e.g. jews, there is no need to further harm them by allowing to state that the horror they (the few who were not killed) encountered actually never happened.

        I could go on on but in short I put Germany up there with China, not quiet as bad

        Yes, you could go on with bullshit claims, but this still puts germany nowhere near china. Not quite as bad? That is the understatement of the year.

        but still the fact that free speech is merely an illusion

        Still the fact is that free speech is actually provided in germany. But most of us germans (and europeans in general) have a different feeling of the meaning of free speech. Free speech is fine, but the right to it ends where others are harmed. I don't have a problem with that, and most people i know don't have either. This concept might be hard to grasp for a citizen of the United States, but i'm still fine with it and i don't feel that i'm missing some of the banned speech.

        there makes me feel that Germany has a ways to go in terms of personal liberties when compared to several other democratic countries in the western world.

        I take it that you are from the US. People like you also have a long way to go until you will finally understand that the us american believes are not the holy grail to which the whole world needs to subscribe.

        • Re:Schadenfreude (Score:4, Insightful)

          by jimbolauski ( 882977 ) on Wednesday November 25, 2009 @09:13AM (#30225494) Journal
          So you have free speech by you can't freely say the the holocaust didn't happen, In most free countries free speech is the right to say anything no matter how ignorant with out penalty under the law. There are two exemptions yelling fire in a theater and calling for violence, everything else is protected. Germany has limited speech in that they can criticize the government but they are not free to say what they please without the retribution of the government. The fact that you are complicit with less rights doesn't change anything citizens in North Korea and China are fine with their lack or rights but they still are not free.
          • Re: (Score:3, Insightful)

            by Simetrical ( 1047518 )

            So you have free speech by you can't freely say the the holocaust didn't happen, In most free countries free speech is the right to say anything no matter how ignorant with out penalty under the law. There are two exemptions yelling fire in a theater and calling for violence, everything else is protected.

            That's not true. There are a multitude of exceptions even under US law, which has the strongest free speech protections in the world. The general rule is that to restrict speech, the government must show that the measure is narrowly tailored to serve a compelling interest. Some types of speech that are illegal in the US, randomly off the top of my head: defamation; false advertising; inciting crime; cigarette advertising in many contexts; obscenity; lying in court or to police or a grand jury; breaking a

  • Ridiculous. (Score:5, Insightful)

    by MikeFM ( 12491 ) on Tuesday November 24, 2009 @06:27PM (#30220514) Homepage Journal

    If you come to my website then I, or my designated party, have the right to record the fact that you came to my website. If you don't like it then don't use the web. Is it also against the law to record what customers come in the door of your brick and mortar store in Germany?

    • Re:Ridiculous. (Score:5, Informative)

      by sopssa ( 1498795 ) * <sopssa@email.com> on Tuesday November 24, 2009 @06:34PM (#30220604) Journal

      There are however data protection laws in place and especially about storing personal information in other countries. From the article:

      This isn’t the first time German privacy protection officials have voiced their concerns about the Google Analytics service, as it had earlier criticized the search giant over keeping everyone ‘in the dark’ about which information they’re collecting exactly and how much identifiable data is sent to and stored on servers located on U.S. soil. German laws prohibit such data to leave the country, they claim.

      If you or your website is giving such personal info to other party and it's stored elsewhere, you will be just as liable. And let's be honest, Google is able to profile people really good. German authorities are especially worried about political parties and pharmaceutical companies websites.

      • So if a German tells someone something personal, and that someone leaves the country, he's broken the law? Or if a German is in an online chat with someone outside the country and shares something personal, the online chat has broken the law? The main question for me is why the law is telling a person what and who he can share information with, even though he can just decide to keep it to himself if he's concerned about privacy.
        • by dave420 ( 699308 )
          I know, I know - it's Slashdot, so R'ing TFA is out of the question. The issue is not people sharing their own data with others, but a website you visit sending information to a third party overseas. So in your IRC example, it'd be like someone taking a server log of a chat between to Germans, on a German server, and sending it to a company outside Germany, without the knowledge of the chat participants. Kind of different to your example.
    • Re:Ridiculous. (Score:5, Interesting)

      by martin-boundary ( 547041 ) on Tuesday November 24, 2009 @06:37PM (#30220644)
      No. What people end up accepting in the States is their business, but the EU has a number of data protection principles [wikipedia.org] (see section 2.2). Veiled third party advertising bugs don't follow those principles.
      • Re: (Score:3, Informative)

        by MikeFM ( 12491 )

        Analytics isn't really an advertising tool. It just keeps statistics on things obvious to the web server when you connect to it. IP address, location, referring page, browser, etc. It's like knowing that a middle-aged white male in a red sweatshirt came in the door.

        • Not local (Score:5, Informative)

          by DrYak ( 748999 ) on Tuesday November 24, 2009 @08:35PM (#30221652) Homepage

          It just keeps statistics on things obvious to the web server when you connect to it. IP address, location, referring page, browser, etc.

          But these statistics aren't run local on the webserver itself. They are transmitted to Google.

          It's like knowing that a middle-aged white male in a red sweatshirt came in the door.

          No.
          It's like *telling Big Brother* that a middle-aged white male in a red sweatshirt came in the door of your house.
          And asking Big Brother to do some statistics about who comes to your house for you.
          Sure from the website's owner point of view, the result is the same : he/she got on who visits the site.
          BUT from the *user* point of view it is different : The user accepted the fact that, by entering your house, you'll know the users' age/sex/clothes colour. BUT the user never accepted in the first place that you also send these informations to big brother.

          The EU regulate clearly what you can transmit to 3rd party.
          Here the problem is not that website are doing *stastistics* (they can the information is trivial).
          The problem is that, in order to compute said stats, the websites *forwards* the data to google : a 3rd party which has nothing to do in the first palce.

          The solution : Use adblock and/or noscript.

          • So then, how can the EU legislate:
            A. An American site doing this with euro user data?
            B. A site keeping it's logs on its own and then, at a later date, transmitting them to Google?
            Who owns the logs?
            • So then, how can the EU legislate:
              A. An American site doing this with euro user data?

              They can't.
              But they can legislate EU sites trying to circumvent EU data protection laws by forwarding tha data to countries with lower data protection standards.

              You see, no legislation of US sites.

              B. A site keeping it's logs on its own and then, at a later date, transmitting them to Google?
              Who owns the logs?

              It's not about who owns the logs, but who owns the data inside them?
              Personal data in the logs is still owened by the person that is identified by the data. Like.. if a take a photo of your face, i might own the picture, but I won't own your face.

    • Re:Ridiculous. (Score:4, Informative)

      by Anonymous Coward on Tuesday November 24, 2009 @06:48PM (#30220750)

      It's not really about you recording the fact that someone came to your website. The article says that there are worries that Google could further use the data, and eg connect it with the data they might have from Google Mail or other sites using Google Analytics, thus generating profiles about habits and preferences etc. If you use Google Mail, it is your own decision, but you might not be aware if you visit a site using Google Analytics and that not only the site owner records the fact that you were there, but Google knows, too (including all other Google Analytics sites you were visiting).

      According to the article, nothing is decided. There is also some dispute whether the above scenario is possible under Google's own usage terms. Currently, it's a discussion among the data protection officials from the various German states. So, currently, they are basically doing their job.

      • by FleaPlus ( 6935 )

        It's not really about you recording the fact that someone came to your website. The article says that there are worries that Google could further use the data, and eg connect it with the data they might have from Google Mail or other sites using Google Analytics, thus generating profiles about habits and preferences etc.

        So collecting data is ok, but it's forbidden to run certain algorithms on the collected data? Something tells me this isn't a particularly sustainable arrangement.

        • So collecting data is ok, but it's forbidden to run certain algorithms on the collected data?

          No. It's forbidden to send the data to a 3rd party like Google without the website vistor's consent. Which is what a website operator using Google Analytics apparently does.

      • you might not be aware if you visit a site using Google Analytics

        Except that for me the GA servers are exceedingly slow (unlike about everything else Google hosts) so GA added ten to thirty seconds of loading time to every page using it until I stopped at at the DNS level.

        Reduced GA usage can only improve the web.

    • Re: (Score:3, Funny)

      by nurb432 ( 527695 )

      You don't have that right if the laws don't give it to you. Don't like the laws, move elsewhere.

      • by MikeFM ( 12491 )

        Businesses will.

        • The problem is that they really don't move. They merely claim they are based in the Cayman Islands to get out of taxes while staying right where they are. If they actually picked up and moved to the Cayman Islands, then I would have no problem with it.

          The current "have your cake and eat it, too" situation is bullshit.

      • But if we get rights from laws, who gives laws rights so the laws can give us rights?
    • Complete nonsense. (Score:4, Insightful)

      by Anonymous Coward on Tuesday November 24, 2009 @06:56PM (#30220840)

      Dear Sir or Madam,
      this is acutally complete nonsense.
      If you choose to publish, you have no right whatsoever to track who is reading your publication for what reason.

      • If we were talking about a traditional book, then I would agree with you. However, we are not - we are talking about the end user directly requesting the publication from you and presenting a wealth of data at the same time as the request.

        If you don't like that data collected, then don't present it. Its that simple.
    • What about cookies?

    • If you run that website in Germany, it is illegal for you to save customers' personal data longer than X days.

      • Re: (Score:2, Funny)

        by Anonymous Coward

        If you run that website in Germany, it is illegal for you to save customers' personal data longer than X days.

        Germany is using Roman numerals again?

      • by MikeFM ( 12491 )

        It's not personal information. It's anonymous stats.

        • Re: (Score:3, Insightful)

          by rrohbeck ( 944847 )

          A "usage profile" for a user ID is also considered illegal if the user hasn't opted in or it is at least clear that the data is being collected. This is because those stats are not really anonymous. If they were, Google wouldn't be interested in them. It has been shown repeatedly that tracking back "anonymous" profiles to a RL user isn't hard if you have enough data.

      • What constitutes personal?

        Also, does this apply to cookies? The data isnt actually stored on your server, but on the client machines...
    • Re:Ridiculous. (Score:5, Informative)

      by Tom ( 822 ) on Tuesday November 24, 2009 @07:09PM (#30220944) Homepage Journal

      Is it also against the law to record what customers come in the door of your brick and mortar store in Germany?

      Depends. It is illegal to store their name, home address, passport number and blood type just because they wanted to shop at your place, yes.

      And rightly so. You do business under the law of the land, so the law of the land tells you how you can do it. If you don't like it, you can shove off to some place in the middle of Africa where they don't have laws.

      • And rightly so. You do business under the law of the land, so the law of the land tells you how you can do it. If you don't like it, you can shove off to some place in the middle of Africa where they don't have laws.

        Maybe the law of the land is bullshit? Maybe there is another alternative to "accepting all existing and planned laws" than living in Africa?

    • Re:Ridiculous. (Score:5, Insightful)

      by darthwader ( 130012 ) on Tuesday November 24, 2009 @08:06PM (#30221474) Homepage

      It's not quite as cut-and-dry as you think.

      It could very well be illegal to follow you around the store and record every product you looked at, and then follow you around the library and see every book you look at (and then examine the records to see what you have ever checked out), then followed you to the video store and measured exactly how much time you spent looking at each title (and also examine your rental history).

      The Germans lived through both the Nazis and with the KGB. They have a good reason to be sensitive about protecting people's privacy.

  • I found about google analytics when I started using the NoScript plugin. Its used almost everywhere!
    • by Itninja ( 937614 )
      Me too. I have it auto-blocked. I don't need my visits being amalgamated by the Googbots thank you very much.
    • by al0ha ( 1262684 ) on Tuesday November 24, 2009 @07:13PM (#30220974) Journal
      Actually, NoScript only does part of the job, google-analytics.com, coremetrics.com, any many other ad/tracking entities sneak around NoScript on many sites, including /.

      Install the RequestPolicy add-on and browse /. again, you will see what I mean.
      • Re: (Score:3, Insightful)

        by Anonymous Coward

        Actually, NoScript only does part of the job, google-analytics.com, coremetrics.com, any many other ad/tracking entities sneak around NoScript on many sites, including /.

        Fortunately, they don't sneak around a HOSTS file very easily. (I suppose they could replace themselves with their own IP addresses, but that defeats the purpose of DNS, and would render them visually indistinguishable from malware. Which, in a sense, they are...)

        • Fortunately, they don't sneak around a HOSTS file very easily.

          Buy a new domain and IP address and obfuscate yourself. Boom, pwned the HOSTS file.

      • Whoa... very cool! Thank you.
  • by DriedClexler ( 814907 ) on Tuesday November 24, 2009 @06:31PM (#30220562)

    "Do, we didn't illegally disclose your data; we open-sourced it!"

  • Google Analytics

    Just behind doubleclick.net

    It never makes a noticeable difference to have both disabled so far.

    Another reason to avoid Internet Explorer until it gets a no script equivalent (which it never will).

    • Re: (Score:3, Interesting)

      by Enleth ( 947766 )

      Well, it makes. For the website author who just wants to have the goddamned statistics presented in a convinient, easy-to-digest format to be able to focus on actual improvements to the website, and not on wrestling with half-arsed local statistics generators that use access logs, 1px images, session cookies and somesuch.

      As a website admin, I'd gladly switch to a solution that does not raise such concerns as GA, but there is none of comparable quality and I'm not in position to make my own with an appropria

    • Another reason to avoid Internet Explorer until it gets a no script equivalent (which it never will)

      Way back in the IE4 days, I used a mixture of the zone system (Trusted Sites for those few where I wanted Javascript) and the hosts file. These days, if you use multiple browsers then privoxy [privoxy.org] is the better solution because the one configuration will work in all the browsers (yes, including Internet Explorer).

    • Another reason to avoid Internet Explorer until it gets a no script equivalent (which it never will).

      http://www.ie7pro.com/ [ie7pro.com]

  • I don't understand people saying that Google knows too much about each of us. Maybe I haven't been paying close enough attention as of late, but has Google ever done wrong by their users? And besides, as an entirely uninteresting person, I don't really care if Google knows my surfing habits. I hear the same argument against the club cards at supermarkets, and the same response applies. I don't care if the supermarket "Man" knows that I buy excessive amounts of phallic vegetables and personal lubricant (unre
    • Re: (Score:2, Informative)

      by Anonymous Coward

      I don't understand people saying that Google knows too much about each of us. [...] has Google ever done wrong by their users? And besides [...] I don't really care if Google knows my surfing habits. I hear the same argument against the club cards at supermarkets, and the same response applies.

      Thank you for not caring. This is not about google but the

      Over here in the real world, there is quite a difference between an opt-in scheme and the default assumption that your visitors don't mind you keeping every bit of information you can. "Well, then they shouldn't visit me!" you say, ignoring the huge power differential between the average visitor (consumer) and website owner (vendor).

    • Re: (Score:3, Insightful)

      by PPH ( 736903 )

      but has Google ever done wrong by their users?

      And would you ever know? Are you sure that the prices you find on line are the same ones I see? Some manufacturers of luxury goods might not even want "your kind" seen in public with their product (replace "your kind" with whatever socio-economic group you want). Maybe you can't even see their web pages in a search.

      I don't really care if Google knows my surfing habits. I hear the same argument against the club cards at supermarkets, and the same response applies.

      In addition to the loyalty club discount, I also get an additional percentage knocked off at the cash register. Plus, I get rebates. Because they like me. I'm a desirable customer. You, not so mu

  • by isomeme ( 177414 ) <cdberry@gmail.com> on Tuesday November 24, 2009 @07:16PM (#30221010) Journal

    Yes, I certainly want my personal data tracked and stored by 200 small-to-medium businesses that don't understand net security rather than one company with the knowledge and resources to do it well. I feel safer already!

  • by SharpFang ( 651121 ) on Tuesday November 24, 2009 @07:16PM (#30221014) Homepage Journal

    Government wants to ban a proprietary tool serving obtaining vast amounts of data about the net users by a big corporation, without the users' content. The government suggests an open-source alternative.

    Slashdot crowd violently opposes.

    brb checking if RMS applied for a job at Microsoft.

  • Just checked and Drupal has a reasonably good Piwik module. Good news for me! I'll be switching a site I admin (120k users) to it in the next week. I already disallow google analytics because I've never enabled it via NoScript, but my visitors don't. When I got started, there wasn't really a good alternative to GA for what we were doing short of rolling our own.

  • I use Ghostery (the Firefox add-on) that shows you what trackers are loading with the page and lets you block them individually. There are plenty of other options if you want to block tracking cookies.
  • by sinrakin ( 782827 ) on Tuesday November 24, 2009 @11:12PM (#30222684)
    Before getting too paranoid about google analytics, take a look at the actual cookies it stores. E.G. in Firefox "Tools", "Options", "Show Cookies", search for "__utmz". Whoa, there are a few hundred. Check out the one from Slashdot - in my case: "9273847.1252068577.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)". "9273847" means "slashdot.org". "1252068577" means me, when I go to Slashdot. The rest of the stuff has to do with how I found the site. But now look at __utmz for say, pennyarcade.com: "84531096.1252070740.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)". It's a different web site ID, but it's also a different user ID. There's no correlation between the person who goes to slashdot, and the person who goes to pennyarcade. Google can't tell that they're both me. My ID is different on every single web site that uses Google analytics. The only purpose of the ID is so that, for a single given website, they can tell the difference between one person visiting it a hundred times, or a hundred people each visiting it one time. There's no other personally identifiable information tied to that number. Your analytics cookies on all those sites are not correlated with each other; they're not tracking everything you do.
  • Strange, but in this case I think that the german law is in the right and google should change (and many other sites, such as adsense should too)

    Web sites today collect much too much data on users. This data could easily fall into the wrong hands, and you have no control over who collects what, and who stores what. And, for every trick you find for web sites not to track you, new tricks are invented to continue to do so. Once it was enough to turn off cookies. Today you also need noscript, and betterPrivacy

  • Google translation (Score:3, Insightful)

    by Rogue Pat ( 749565 ) on Wednesday November 25, 2009 @08:07AM (#30225026)
    Am I the only one who thinks it's funny that they point to a Google translation of a story how Google analytics may be illegal in Germany? ;-)

news: gotcha

Working...