Important changes to the cookie banner
The “reject” button must be visible
Not all companies have put this into practice. As a result, more and more warnings and fines have been announced and imposed. Recently, the French data protection authority, CNIL, fined Google, or rather: google.fr, 150 million euros, while also imposing a fine of 60 million euros on Facebook because the website users in these cases needed several clicks before they could reject the cookies.
The German Data Protection Conference DSK (an association of German data protection authorities) shares this view. In December 2021, in its “Orientation Guide for Providers of Telemedia”, the group criticized the fact that the banners, through which a cookie consent must be obtained, are often lacking in transparency. The guide recommends that websites must “at least allow users to reject cookies without a series of additional clicks”.
This means that: If you want to avoid warnings, fines or a dispute with the supervisory authorities, then you should immediately double-check your own cookie banner and adapt it to these specifications.
Some cookie consent tools are not GDPR-compliant
Those who use a cookie banner on their website often use so-called cookie consent tools. They ensure that a banner with the cookie notice is placed over the page when you visit a website.
But beware: These tools also move data – and sometimes they use servers that are not located in Europe or that belong to companies that are based outside of the EU. For this reason, the Administrative Court of Wiesbaden prohibited RheinMain University of Applied Sciences from using the cookie consent tool, “Cookiebot”, in December 2021. The servers of Cookiebot are located in Europe, but belong to a US provider. This means that the data is not stored in compliance with GDPR. Other cookie banner providers also work together with US services, which is not always apparent at first glance.
Conclusion: When choosing a cookie consent tool, be sure to pay attention to information such as “GDPR compliant”. We recommend the provider, cookiefirst.com, to our customers who are based in the Netherlands.
Frequently asked questions about cookies
What are cookies, exactly?
The technically-necessary cookies are not affected. American Programmer, Lou Montulli, invented cookie technology back in 1994. Back then, the Internet had no memory. So, no connections between a user’s activities on a website could be made – you couldn’t fill a shopping cart. He called the small text files that overcame this problem “magic cookies”.
And what are cookie consent tools?
It’s best to stop using Google Analytics
If you use Google Analytics, you should look for an alternative now! According to a recent assessment by the Austrian Data Protection Authority, DPO, a website operator is in violation of the GDPR if they use Google Analytics on their website.
The reason is similar to the judgment on the cookie consent banner. The use of Google Analytics carries with it an illegal transfer of data to Google LLC in the USA.
More concretely – this decision was about an Austrian company that was taken over by a German company. The case is, therefore, now also being examined by a German data protection authority. And the attitude of the German Data Protection Conference (DSK) towards Google Analytics and data transfers to the USA is well known.
Experts, therefore, expect that the Austrian decision will be upheld by the German authorities. Conclusion: This decision significantly increases the risk that website operators who use Google services will experience regulatory proceedings or warnings. We recommend that all website operators look for privacy-compliant alternatives from Europe this year to replace Google Analytics (and other Google services), or to prepare for disputes with the German data protection authorities.
A good alternative to Google Analytics
Be on the safe side with Pagesense or Matomo
Data protection is important to us!
…and, because that is the case, we work closely with data protection experts on this topic! If you need support for the technical implementation of legally-compliant cookie notices, please feel free to contact us!
We, at codafish, are your competent partner for digital projects
We would be happy to advise you on how to integrate legally-compliant cookie notices on your company website. We take care of the implementation and the regular updates.
Would you like to learn more with no obligation? Simply fill in the contact form or call us directly: +49 30 666384800