eCommerce GDPR compliance is still a major issue 3 years after the GDPR was put into place. Privacy policy, cookie consent, cybersecurity… These are just a few topics that were on the lips of users in 2022.  In our previous blogs, we have provided you with an eCommerce GDPR guide and in today's article, we will check the latest GDPR news.
To begin with, in late June 2022,  a FAQ was published on the use of Microsoft 365 in regards to the German Data Protection Authority. According to it, if you are using Microsoft 365, it will use personal data from the area of the controller for its purposes or grant access to advertising partners.
Moreover, Microsoft cloud solutions are equivalent to the transfer of personal data to the USA, where the data should not be protected according to the GDPR compliance for eCommerce.Furthermore, as a solution to the problems described above, it is recommended that controllers check which data is transferred to Microsoft and afterwards to prevent the transfer of personal diagnostic data and service-generated data to Microsoft.
Another important piece of news that appeared on June 23, 2022, the “Garante”, which is Italy's data protection authority assured that a websites use of audience measurement tool Google Analytics is not GDPR compliant as the tool transfers personal data to the United States and it does not offer a proper level of data protection. On top of that, other EU data protection authorities, including the French and Austrian regulators found that the tool is unlawful.

Furthermore, the Garante agreed that the websites which are using Google Analytics collected personal data referring to user interactions with the website, pages visited, browser information, operating system, screen resolution, preferred language, date and time of page views and user device IP address.
It turns out that the information was transmitted to the United States without the extra safeguards for personal data under the GDPR following the Schrems II determination and faced the possibility of governmental access. In the Garante´s initial statement, website operator Caffeina Media was asked to bring its processing into compliance with the GDPR in 90 days, but the ruling had wider implications as the Garante observed that it had received various “alerts and queries” related to Google Analytics.

  As we have seen above we must follow the Google Data protection regulations and be updated with the latest GDPR compliance eCommerce news, to guarantee your website's online success. Kooomo blog facilitates an eCommerce GDPR checklist so always keep up to date with it.