Product Updates

Osano can turn off Google Analytics in France and Austria, if you want it to

posted on June 22, 2022


Google Analytics has been in the privacy news recently[1]. In April, the Austrian data protection authority ruled that Google Analytics use was in violation of the EU’s GDPR. Then last week, the CNIL (France’s data privacy regulator body) issued updated guidance that the use of Google Analytics violates GDPR because it illegally transfers data from the EU to the United States[2][3].

For marketers that rely on Google Analytics for mission-critical information, this news can be disheartening. The balance between creating tailored experiences that are ultimately more enjoyable and respecting user privacy can be precarious, like Erich Brenn spinning plates to balance them atop wavering poles. As both technology and regulations rapidly evolve, Osano seeks to be an enabler to help you respect user privacy, comply with global regulations, and get the most out of your digital assets. 

In light of the latest changes in the privacy landscape, we’re updating Osano to provide you with what we believe are the best options available. Read on to learn about our new Google Analytics toggle and some of the complex nuances behind the simple new addition to Osano Consent Management Platform (CMP).

UPDATE: Italy has also been added to the block list based on recent guidance.

Implications of the CNIL ruling

For organizations that have website visitors in France and Austria, this ruling now requires some difficult choices. On the one hand, continuing to use Google Analytics opens up liability to fines and penalties. On the other hand, there aren’t many options available beyond disabling your use of Google Analytics altogether and completely losing that data for all of your users.



At Osano, we think both of these options are tough pills to swallow, so we’ve built a feature to help our customers navigate these compliance waters. 

Introducing the block list toggle for CMP

Osano CMP works by blocking or allowing tags (cookies, scripts, and iframes) based on their classification along with the consent choices of each web visitor. If a visitor consents to analytic tags but does not consent to marketing, then Osano will allow analytics cookies and block all marketing cookies.

With the latest guidance from CNIL, Osano has now created an override block list that will always block particular tags in particular regions. These same tags follow standard classification and consent rules in other regions. Today, the toggle only blocks Google Analytics in France and Austria. However, the CNIL ruling has implications that are broader than Google Analytics alone. Language in the ruling  talks generally about “audience measurement tools.” Other legislative bodies may also create similar restrictions in the future, so it is possible additional tools and regions could be added to the block list in the future.

How we approached this problem 

We continually take the pulse of the legislative privacy landscape and adapt to rapid changes. The Google Analytics scenario in Europe is one we’ve been monitoring from the start. When the original guidance came from Austria, our legal team looked at the situation and arrived at the general recommendation that continuing to use Google Analytics would not violate GDPR for organizations as long as they enabled Google Analytics’s IP anonymization feature. 

The latest guidance from CNIL in France goes a step further to say that it is not possible to configure the Google Analytics tool so as not to transfer personal data outside the European Union.

With this updated information, we began to look for a way to help our users comply with GDPR in France and Austria. Google Analytics doesn’t have a feature that lets you disable data transfers for a subset of users by region, so this leaves most folks in a place where their only course of action is to disable Google Analytics altogether. 

A core feature of Osano CMP is to serve different content to users based on their geolocation so they get an experience tailored to comply with the specific regulations in their region. Because this is already a built-in part of the way Osano CMP works, we were able to create the block list to selectively block Google Analytics only in France and Austria.  

Should you enable the toggle for your account?

ProTip: To qualify for Osano's "No Fines, No Penalties" pledge, you must enable the block list toggle.

Our strong recommendation is for all accounts to enable the block list. However, we understand that this may not be feasible for some customers. We wanted to be sure to describe the tradeoffs so that you can make an informed decision. 

  • Enabled: Google Analytics will be blocked for France and Austria. You will be compliant with GDPR, but you will not receive any tracking information for these regions. 
  • Disabled: Google Analytics will continue to be blocked/unblocked based on your tag categorization and how individual web visitors consent. You will not be compliant with GDPR and run the risk of being penalized. As such, you will not qualify for Osano’s “No Fines, No Penalties” pledge.

Getting started 

Log into your Osano account and navigate to the Consent Management tab to get started with the block list toggle. You’ll see the toggle as an option within each configuration. 

Starting today, all newly generated configurations will have the toggle enabled by default, and it can be manually disabled.

On your existing configurations, the toggle will be disabled. In order to take advantage of the block list (and qualify for the “No Fines, No Penalties” pledge), you’ll need to manually enable it on your existing configurations and republish your configuration for it to take effect. If you have a large number of configurations to manually update, reach out to our support team for assistance.

For more information see the user documentation, or reach out to our support team with any questions by using the in-app chat. 


Product(s) Affected

Core PlatformConsent Management




New in Osano: DSAR conditional fields, 28 new integrations, and more!

posted on June 8, 2022

DSAR conditional fields

From info requests to full deletion requests, DSAR intake forms do a lot of heavy lifting. Depending on the nature of the request and local laws, you may need more or less information from the data subject before they submit the form. But creating one form with every possible field you might want to know about is a poor user experience. The additional complexity of such a form can lead to mistakes in filling them out and prolong the time needed to process the DSAR. 

Now, with conditional fields, you can create optional fields that only appear if a previous answer was selected. For example, conditional fields enable you to ask if a data subject has a power of attorney, and then provide a file upload field only if they answer, “yes.” Optional conditional fields can be configured on both dropdown and multiselect dropdown fields. Check out the docs for how to create a request submission form to learn more about setting up and configuring DSAR forms. 

CMP language updates

This month we added some language improvements to our Consent Management Platform (CMP) banners for Norwegian, Hungarian, and English. 

ISO 639 is a common international standard used for websites and browsers to denote language using a 2-letter code. Norwegian has 3 possible language codes: Norwegian (no), Norwegian Bokmål (nb), and Norwegian Nynorsk (nn). Previously Osano CMP only supported no, but now contains support for nb and nn as well!

Osano supports banners in 40+ languages. Our pledged legally compliant banner text is generated in English, and then we use a combination of AI and manual translation to generate the text for each supported language. Because privacy laws are continually changing, we continually update our banners as well. From time to time we get feedback from native speakers on ways to improve our translations. Based on recent feedback from Hungarian users, we’ve tightened up our translations for Hungarian language banners. 

Finally, some banner text has been updated for customers using IAB TCF 2.0 mode enabled when they want different options for opening the preferences drawer. Previously, the text said that customers could modify their cookie preferences, “by clicking on the cookie icon.” However, for users who want to use a link to open the drawer rather than our cookie icon, the text now reads, “by clicking on the cookie icon or link.” These changes are currently only available in English (en and en-gb language codes.) 

28 new integrations for Data Discovery 

Osano Data Discovery finds data fields in your apps and categorizes them using AI. Our growing catalog of 90+ integrations helps you:

  • Find user data for data subject rights requests
  • Run data assessments in less time
  • Prove compliance with a categorized log of apps that store personal information

This month’s new integrations:


And more! 

For a full list of improvements see the May 2022 release notes.



New in Osano: DSAR admin notes, IAB TCF updates, and more!

posted on May 5, 2022

This past month we shipped several enhancements and bug fixes to the Osano privacy platform. Read on to learn about what’s new for Osano in April 2022. 

DSAR admin notes

Osano Subject Rights Management provides a compliant workflow to manage communications between the data subject who made the request as well as internal coordination to process each DSAR. For each request, automated notifications give a “shoulder tap” to individual data source owners making sure each request is processed in a timely manner. But what if you need to annotate a request with additional info or coordinate with the entire team? 

Now with DSAR admin notes each subject rights request submission has a place to store annotations and team notes. 

IAB TCF 2.0 updates

Recently the Interactive Advertising Bureau (IAB) recently announced an update to their specification for Consent Management Platforms (CMPs). The new specification states that Created and LastUpdated fields on consent records should be limited to the date and not include the time. 

Osano CMP has been updated to comply with the latest IAB specification. This change only takes effect if you have IAB TCF 2.0 mode enabled. 

Estonia banner remap

Osano maintains several consent banner templates designed to be compliant with regional regulations in 50+ countries. Osano CMP automatically displays the correct banner based on a user’s IP address. You can see which banner template is mapped to which countries in our docs. 

Previously, users in Estonia were shown banner template 4 which features opt-in consent, analytics category on by default, and does not display categories on the banner. Now, Estonia is mapped to banner template 2 which features opt-in consent, analytics category off by default, and does display categories on the banner. This change was made as a result of our legal team review that determined template 2 was a better fit to comply with privacy laws that govern Estonia. 

New integrations for Data Discovery

Osano Data Discovery finds data fields in your apps and categorizes them using AI. Our growing catalog of 60+ integrations helps you:

  • Find user data for data subject rights requests
  • Run data assessments in less time
  • Prove compliance with a categorized log of apps that store personal information

This month’s new integrations:

And more! 

For a full list of improvements see the April 2022 release notes.



The managed data privacy platform

Get started with Osano today

Explore Osano

What's New at Osano

Introducing Osano Privacy Legal Templates

Now, with Osano Privacy Legal Templates you can get started faster by leveraging templates generated by our global team of privacy experts.

Learn more

Introducing DSAR email intake

Capture data subject rights requests with the convenience of email and the efficiency of a dedicated intake form.

Learn more

New reworked DSAR and discovery

We've reworked and redesigned Osano Subject Rights Management and Data Discovery, unifying them into a single, seamless experience and creating automation to save you time.

Learn more

Stay GDPR compliant under new French ruling

Privacy regulators at the CNIL in France recently declared that Google Analytics violates GDPR. Osano’s new block list feature can disable Google Analytics in France to keep you compliant while allowing you to use Google Analytics in regions where it is still legal.


New in May 2022: DSAR conditional fields, 28 new integrations, and more!

Customize DSAR forms with conditional fields, serve consent banners in additional languages, use 28 new integrations for Data Discovery, and more! Check out our latest product announcement blog for demos, links, and more information.


View more product updates

Osano product & engineering teams have been hard at work. View the full list of all product updates.

View Product Updates