The Austrian website of medical news company NetDoktor works like millions of others. Load it up and a cookie from Google Analytics is placed on your device and tracks what you do during your visit. This tracking can include the pages you read, how long you are on the website, and information about your device—with Google also assigning an identification number to your browser that can be linked to other data.
NetDoktor can use this analytics data to see how many readers it has and what they’re interested in—the website picks what it collects. But by using Google Analytics, the tech giant’s traffic monitoring service, all this data passes through Google’s servers and ends up in the United States. For data regulators in Europe, the shipping of personal data across the Atlantic remains problematic. And now a small Austrian medical website finds itself at the center of an almighty tussle between US laws and Europe’s powerful privacy regulations.