Austria’s data authority decided that the use of Google Analytics goes against EU data protection law on January 13, 2022.

Afterwards, a French non-profit organization asked the Commission nationale de l'informatique et des libertés (CNIL) to determine if Google Analytics violates the EU’s General Data Protection Regulation (GDPR).

This comes after concerns that all data collected by Google Analytics is stored and processed in the US, which would violate sensitive data processing laws under the GDPR since the “Schrems II” ruling of July 2020.

Other EU data protection authorities are investigating the use of Google Analytics and similar tools. Some nations have issued guidance, including Denmark, Germany, and Norway.

On December 7, 2020, the CNIL fined Google LLC and Google Ireland Limited 100 million euros for placing advertising cookies on the computers of users of the search engine.

In a decision on January 28, 2022, the Council of State confirmed the CNIL may take sanctions on cookies outside the one-stop-shop mechanism provided for by the GDPR, validating the 2020 sanction.

The China Academy for Information and Communications Technology ('CAICT') announced the publication of the Face Information Processing Compliance Operation Guide ('the Guide') January 26, 2022.

The Guide aims to provide detailed compliance guidelines for the future development of the facial recognition industry. It also provides various scenarios to help distinguish compliance rules and proposes to establish compliance principles.