Close search
 
Home | Tech Support | GDPR and COUNTER reports

GDPR and COUNTER reports

28 May 2026

A fun puzzle crossed my desk recently, and I thought it would make a good tech support post. This is a question about the General Data Protection Regulations (GDPR) in the EU and UK, and what can or cannot be shared between data centres in different jurisdictions.

“As I understand it, for some EU countries, there is a requirement that administrative data must remain within the EU region data centers.  I think some of this is related to administrator credentials as well as personal data that may be administered via a module. My assumption is that COUNTER reports are not included in this, so sharing usage across regions is OK.”

I am not a lawyer

I checked this with a colleague who’s much hotter on GDPR than I am, but you need to know that neither of us are lawyers. If there’s enough interest in this question, I can look into getting a formal legal response!

Usage versus User data

GDPR protects the privacy and data security of individuals. As such, my understanding is that GDPR applies to administrator credentials and to any other data that you hold about individual users. For shorthand, I’m calling that user data. GDPR requires publishers with user data about EU or UK citizens to hold the data in data centres in those jurisdictions and not transferred elsewhere.

COUNTER reports don’t have user data. The lowest level of aggregation in a COUNTER report would be a whole calendar month of activity across an entire institution, for a single Item (e.g. article) – though most reporting is on the Title (e.g. journal) or Database level. Because COUNTER reports show usage but not user data, my understanding is that GDPR does not apply. That means reports can be shared across jurisdictions.

Watch our video about COUNTER and privacy

What about syndicated usage?

Our syndicated usage best practice says that publishers and syndicators can share data in line with data protection regulations. Let’s take ResearchGate as our example:

  • If ResearchGate shares processed, ready-to-go COUNTER reports, GDPR does not apply. Remember, the reports include usage but not user data. ResearchGate and other syndicators can share reports across regions.
  • If ResearchGate shares raw data for the publisher to process, the raw data does include user credentials, and GDPR does apply. So syndicators cannot share raw data across regions.

Other News

Our footprint

Our last post talked about our volunteers. This time, we’re going to show you where…

Read More

Impact and Community

At the heart of COUNTER is a vibrant, international community of dedicated professionals. Today we…

Read More

Conference programme now available

The COUNTER conference programme is now available on our conference page. The central theme of…

Read More
 
Subscribe To Our Newsletter Sign Up To Our Listserv
© COUNTER Metrics 2026 COUNTER Metrics Limited | Terms & Conditions | Privacy & Data Protection | Accessibility
Web design by Creatomatic
This website uses cookies
This site uses cookies to enhance your browsing experience. We use necessary cookies to make sure that our website works. We’d also like to set analytics cookies that help us make improvements by measuring how you use the site. By clicking “Allow All”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts.
Privacy Policy >
These cookies are required for basic functionalities such as accessing secure areas of the website, remembering previous actions and facilitating the proper display of the website. Necessary cookies are often exempt from requiring user consent as they do not collect personal data and are crucial for the website to perform its core functions.
A “preferences” cookie is used to remember user preferences and settings on a website. These cookies enhance the user experience by allowing the website to remember choices such as language preferences, font size, layout customization, and other similar settings. Preference cookies are not strictly necessary for the basic functioning of the website but contribute to a more personalised and convenient browsing experience for users.
A “statistics” cookie typically refers to cookies that are used to collect anonymous data about how visitors interact with a website. These cookies help website owners understand how users navigate their site, which pages are most frequently visited, how long users spend on each page, and similar metrics. The data collected by statistics cookies is aggregated and anonymized, meaning it does not contain personally identifiable information (PII).
Marketing cookies are used to track user behaviour across websites, allowing advertisers to deliver targeted advertisements based on the user’s interests and preferences. These cookies collect data such as browsing history and interactions with ads to create user profiles. While essential for effective online advertising, obtaining user consent is crucial to comply with privacy regulations.