GDPR, Google Analytics and leaking hashes

The use of Google Analytics has been found to violate European Union privacy laws in France recently. This succeeds a similar ruling in Austria. The rulings found that Article 44 of GDPR is breached because personal data is transferred outside the EU to third countries that are not considered to have sufficient privacy protections. The U.S., where Google Analytics is hosted, fails the equivalence test on account of having surveillance laws that don't afford non-U.S. citizens basic protection of their personal data.

In light of these breaches, European companies are searching for alternatives that are GDPR compliant. There are some well-established platforms to choose from. Piwik is an example of such a tool that is GDPR compliant. Another solution, especially for the widely-used Wordpress CMS, is the WP Statistics Plugin. While this plugin gives you a GDPR-compliant solution, it has drawbacks. This week a critical vulnerability CVE-2022-0513 in this plugin was published that could allow an attacker to read or modify the site using the plugin. An updated version (13.1.5) fixes the problem.