EU parliaments website in violation of GDPR

After reading an interview (german content) of the EU-Commisioner for Justice, Consumers and Gender Equality Věra Jourová with the German newspaper “Die Zeit” in which she stated that the GDPR is so easy, even she could implement it, I got very curious and wanted to see how compliant the EU’s websites are. It took me less than five minutes to spot a violation: on the website of the EU Parliament Google Analytics is being used to track the visitors without the neccesary anonymizeIP flag, which in turn causes Google to store the complete IP address without anonymizing the last octet. You can take a look for yourself by checking the source code of this page (archived version in case it gets fixed in the meantime).

This is a violation of the GDPR, since the personal data (IP address) in conjunction with analytics data is being stored on Google’s servers without consent or any other legal basis. Seems like the EU is not quite ready for May 25th, yet;-)

Source: medium.com