I don't think this judgement is about Google Analytics (or any implicit sharing of EU citizen/resident data with Google) being inherently illegal, but rather the current functioning of the Google Analytics service being specifically non-compliant.

e.g. Google could make Google Analytics compliant (likely by, as you say, housing EU data in Ireland), but it seems that currently they are not.

Also, beyond the physical colocation of data, there are ancillary issues around data being readily accessible (either by internal engineers/agents or external authorities) from outside the EU to consider as well.

Doesn't matter one single bit, they are still the 100% subsidiary of Alphabet which is legally bound to provide data at the request of US gov agencies.

Microsoft has seen this one - they have a subsidiary in the EU that holds the EU data. Yes, the US-based parent company is legally bound to provide the data at the request of the US gov agencies. However, the only way that they can get hold of that data is to ask the EU subsidiary nicely. The EU subsidiary is legally bound to not hand that data over.

Do you know if Microsoft setup this EU shell after the whole thing with the FBI wanting emails stored in Ireland?

https://en.wikipedia.org/wiki/Microsoft_Corp._v._United_Stat... (2016) and https://en.wikipedia.org/wiki/CLOUD_Act (2018).

If so, it might end up in court again, and we'll have to see how that precedent gets set out. Will be curious to see how this plays out.

I think it was set up beforehand. Also, I think nobody really wanted to go as far as setting any precedents, in case they ended up being precedents that they didn't want.

Is that really the only reason behind GA being 'banned'? If google broke off Ireland ltd into its own company and that company simply 'licensed' Google products for $1, would they be in the clear?

Unlikely. The EU courts would reasonably be expected to decide that, as Google Ireland is merely a sham corp for the purpose of operating a codebase that is wholly deferred to the same US control (just as before the sham corp), that this is equivalent to the prior arrangement and still illegal.

What matters is the US CLOUD Act, because that's the thing that lets US Intelligence have access to data stored in EU servers. If legal arrangement is covered by the CLOUD Act, it's a GDPR violation.

Could they house their data in a separate company that was founded in Ireland and is not an Alphabet subsidiary to get around this?

IANAL but I don't believe this commenter is correct. If they were, this would essentially prohibit any non-EU company from doing any online business with anyone within the EU.

I suspect the issue is rather that Google Ireland are not in fact exclusively housing EU data within Ireland (or the EU in general).