Google Analytics: Analyzing the Latest Wave of Legal Concerns for Google in the U.S. and the E.U., 7 Buff. Intell. Prop. L.J. 135 (2010)

The next wave of concern regarding Google involves web analytics. Web analytics is the measurement, collection, analysis, and reporting of Internet data for the purposes of understanding and optimizing web usage. The concerns of web analytics use touches on issues of online user privacy, government use of personal information, and information on website user activity. While Google Analytics is not the sole web analytics product on the market, it is widely used by corporate, non-profit, and government organizations. The product has been reported to have a 59% market share among web analytics vendors in a 2008 study. Web analytics technology has also recently become the focus of government review in both the U.S. and the E.U. Web analytics programs such as Google Analytics will continue to evolve, but we hope this article will serve as a starting point for understanding both this Google product and online data collection. This article discusses developments regarding Google Analytics and similar products through June 2010. In this article, we discuss web analytics and Google Analytics; the privacy and legal issues involved with web analytics; the approaches taken by various countries to the privacy and technology issues involved, including the United States (especially for government websites), and the European Union, and Germany. We conclude by stating that Google Analytics will continue to raise privacy concerns, especially within Europe, considering online users do not generally take additional steps to make their online behavior anonymous. In the United States, the potential for cookies that cannot be erased by users will raise the ire of users, government regulators, and legislators and has the potential for creating regulations that will finally directly limit the use of analytics programs, such as Google Analytics

Mapping the Empirical Evidence of the GDPR (In-)Effectiveness: A Systematic Review

In the realm of data protection, a striking disconnect prevails between traditional domains of doctrinal, legal, theoretical, and policy-based inquiries and a burgeoning body of empirical evidence. Much of the scholarly and regulatory discourse remains entrenched in abstract legal principles or normative frameworks, leaving the empirical landscape uncharted or minimally engaged. Since the birth of EU data protection law, a modest body of empirical evidence has been generated but remains widely scattered and unexamined. Such evidence offers vital insights into the perception, impact, clarity, and effects of data protection measures but languishes on the periphery, inadequately integrated into the broader conversation. To make a meaningful connection, we conduct a comprehensive review and synthesis of empirical research spanning nearly three decades (1995- March 2022), advocating for a more robust integration of empirical evidence into the evaluation and review of the GDPR, while laying a methodological foundation for future empirical research

Data Protection in an Increasingly Globalized World

With the rise of the internet in recent decades, it has become increasingly easy for various enterprises—including retailers, advertising agencies, and service providers—to acquire, use, and even share the personal details of their users. Such a trend is unlikely to decrease in the coming years; in fact, internet usage is only likely to increase as more and more people gain access to the internet. In the wakeof recent data breaches, including the now infamous breach of Equifax as well as the scandal involving Facebook and Cambridge Analytica, people are even more aware of the need for (and the risk of not having) adequate data protection laws. Luckily though, in the last few years there have been serious pushes across the globe to institute new data protection laws that ensure private data is not used for nefarious purposes or given away frivolously. This Note intends to outline the current data protection regimes in three large jurisdictions across the globe (the European Union, China, and the United States), to offer insight into the strengths and weaknesses of each regime, and to predict the path that data protection laws in the United States should take in upcoming years. As will be seen, both the European Union and China, with the institution of their newest data protection laws, use omnibus regimes, in contrast with the United States’ current sector specific regime. The United States should move from its current regime, in which there are only national laws for specific industries, to a more omnibus regime, taking elements from both the European and the Chinese data protection regimes, which will help provide a minimum floor of protection applicable to all citizens whose personal data is being processed rather than allowing for varying levels of protection between states and industries