(no title)
pfg | 4 years ago
> If the second respondent (Google) subsequently refers to encryption technologies - such as the encryption of "data at rest" in the data centers - he must again be countered with recommendations 01/2020 of the EDSA. Namely, it states that a data importer (such as the Second Respondent) who is subject to 50 US Code § 1881a (“FISA 702”) has a direct obligation with regard to the imported data that is in his possession, custody or control to grant access to or release them. This obligation can expressly also apply to the cryptographic key without which the data cannot be read (ibid. margin no. 76).
> As long as the second respondent has the opportunity to access data in the Plain text access, the technical measures taken cannot be regarded as effective in the sense of the above considerations.
The last paragraph suggests true end-to-end encryption may be acceptable, but that's not how Google Analytics works.
zxienin|4 years ago
Yes. I made the question, given the discussion is being treated as much wider, beyond GA.
This also tells me, using own key can still be used by Google to operate as is (US company with EU owned entity and EU located DC)