empir.is collects no personal information about users visiting the site unless the information is provided by the user. Information provided by the user may include tracking information unless the user has opted out of such tracking.
Any user submitting information agrees that it can be stored for follow up communication and contacts with the site.
empir.is receives anonymous user information from Google Analytics and WordPress via cookies. This includes pages visited, browser, original linking page, operating system, ISP domain and page views. This information is used solely to measure usage and improve site quality.
Any unauthorized attempts to view, upload or change information on empir.is is illegal and violations will be pursued in both civil and criminal actions to the full extent of the law.
Users may request access to personal data collected, make corrections to factual inaccuracies or have their data deleted by contacting empir.is. All personal data submitted to empir.is is stored in the European Union.
Today the Norwegian data privacy authority declared that it considers the use of the Google Analytics tool by the national tax administration and the educational loan fund illegal.
Their argument is relatively clear. The public agencies apparently accepted Google’s standard terms of service which allows it to use IP addresses of tax and education fund users to provide other services. Moreover, if the user is logged into a Google services at the time, Google will also be able to identify the user.
While Norway is not an EU Member, it is a member of the European Free Trade Area and its data protection legislation closely tracks the EU’s, which makes this finding somewhat disconcerting. In fact, since IP addresses collected the agencies are sent to Google for processing, Google becomes an undeclared “data processor”, in clear violation of the law.
I can understand how this might happen since Google makes it simple (and tempting) to adopt Analytics to follow traffic on your site and people in the agencies’ IT departments therefore had a free alternative to going through a public procurement process to acquire a similar service that would properly treat the personal data.
Bottom line, there’s no free software out there. Second bottom line, hire a lawyer to train your IT department in the basics of data protection law.