(Machine translation):
The website that uses the Google Analytics (GA) service, without the guarantees provided by the EU Regulation, violates the data protection legislation because it transfers user data to the United States, a country without an adequate level of protection.
This was stated by the Privacy Guarantor at the conclusion of a complex investigation launched on the basis of a series of complaints and in coordination with other European privacy authorities. From the investigation of the Guarantor it emerged that the managers of the websites that use GA collect, through cookies, information on the interactions of users with the aforementioned sites, the individual pages visited and the services offered. Among the many data collected, the IP address of the user’s device and information relating to the browser, the operating system, the screen resolution, the selected language, as well as the date and time of the visit to the website. This information was found to have been transferred to the United States.
Read more of the press release at Garante Per La Protezione del Dati Personali