Can Google Search Console be used in compliance with data protection laws?

Does data protection law apply to Google Search Console?

Due to the requirements of the GDPR (General Data Protection Regulation), companies have to fulfil a number of prerequisites for the data protection-compliant use of Google tools – at least if personal data is processed. These include obtaining effective consent from users, concluding standard contractual clauses (or a comparable data protection guarantee for third-country transfers) and providing information about the tools used in the data protection declaration in accordance with Art. 13 or 14 of the GDPR.

Unlike the statistics tool Google Analytics, website operators do not process any personal data by using Google Search Console. It is not possible for the respective website operator to access the user data. Google Search Console rather offers the possibility to improve your internet presence without using your own tracking.

What concrete data does the website operator receive via the Google Search Console?

The service formerly known as Webmastertool is a popular option for search engine optimisation in the marketing departments of companies. By using the Google Search Console, it is possible for the respective operators to check, for example:

• how often the website was displayed in Google search,
• on which position the website was listed on average for which search terms in the Google search results pages (so-called ranking),
• how often the website was visited for the respective search query,
• how high the respective CTR value (click-through rate) is, i.e. how many percent of search engine users actually visited the website for which search query.

In addition, website operators are given the opportunity to check errors in the source code of the page, in the sitemap, in internal links or in the URL structure. By using the Google Search Console, companies can measure their own visibility on the web, use the findings to improve and thus generate more traffic.

Because Google Search Console does not require the setting of cookies or the use of other tracking technologies, it offers website operators the opportunity to market themselves and their website in a privacy-compliant manner.

The difference between Google Search Console and other web analytics tools

Although Google Search Console collects data just like other web analysis tools and then evaluates it, the tracking does not take place on the website of the respective operator. The collected data comes exclusively from the Google search engine.

Consequently, Google Search Console only lists the results of the Google search. The decisive factor is that the data collected is not collected directly on the operator’s website, but by Google itself. In view of this, Google itself is responsible for compliance with the provisions of the GDPR. The search engine the user relies on has nothing to do with the website operator, whose website is being shown in the search results. Here, Google acts independently vis-à-vis Internet users as a service provider. No personal data is passed on to the website operator via the evaluations provided in Google Search Console. This means that there is no joint responsibility of any kind, as may be the case with Facebook profiles, for example.

Consequently, the use of the Google Search Console does not have to be stated in the data protection declaration, as the website operator does not have to inform according to Art. 13 and 14 GDPR.