The watchdog barked that other companies should not use of Google's tool.

The fines -- just over $1.1 million for Swedish telco Tele2 and less than $30,000 for local online retailer CDON -- are notable as they are the first such fines following a raft of strategic privacy complaints targeting Google Analytics (and Facebook Connect) back in August 2020.

The regulator found that so-called supplementary measures applied by Google to European users' data sent to the US for processing were insufficient to raise the level of protection to the required legal standard. Including Google's use of IP address truncation (an anonymisation measure).

Tele2 failed to clarify whether the truncation was performed before or after the transfer of the data to the US, and could not demonstrate there is "no potential access to the entire IP address before the last octet is truncated," the watchdog barked.

 The watchdog found breaches of the bloc's General Data Protection Regulation (GDPR) rules on transfers to third countries in the case of two other companies using Google Analytics, Coop and Dagens Industries, but did not issue fines.