New data protection laws

Important changes to the cookie banner

The “reject” button must be visible

It has been known for some time that the “reject” button on a cookie banner can neither be omitted nor hidden. At least since the introduction and enforcement of the General Data Protection Regulation (GDPR) in May 2018, it has been clear that website visitors must be able to access a cookie banner, which automatically appears when they view a page, in order to either consent to or reject the use of cookies.

Not all companies have put this into practice. As a result, more and more warnings and fines have been announced and imposed. Recently, the French data protection authority, CNIL, fined Google, or rather:, 150 million euros, while also imposing a fine of 60 million euros on Facebook because the website users in these cases needed several clicks before they could reject the cookies.

The German Data Protection Conference DSK (an association of German data protection authorities) shares this view. In December 2021, in its “Orientation Guide for Providers of Telemedia”, the group criticized the fact that the banners, through which a cookie consent must be obtained, are often lacking in transparency. The guide recommends that websites must “at least allow users to reject cookies without a series of additional clicks”.

This means that: If you want to avoid warnings, fines or a dispute with the supervisory authorities, then you should immediately double-check your own cookie banner and adapt it to these specifications.

Is your website in compliance with the GDPR policies?

Let us take a look and give you recommendations or check our 10 steps on how to make your site safer and compliant with the GDPR!Check out!

Is your website in compliance with the GDPR policies?

Let us take a look and give you recommendations or check our 10 steps on how to make your site safer and compliant with the GDPR!Check out!

Is your website in compliance with the GDPR policies?

Let us take a look and give you recommendations or check our 10 steps on how to make your site safer and compliant with the GDPR!Check out!

Some cookie consent tools are not GDPR-compliant

Those who use a cookie banner on their website often use so-called cookie consent tools. They ensure that a banner with the cookie notice is placed over the page when you visit a website.
But beware: These tools also move data – and sometimes they use servers that are not located in Europe or that belong to companies that are based outside of the EU. For this reason, the Administrative Court of Wiesbaden prohibited RheinMain University of Applied Sciences from using the cookie consent tool, “Cookiebot”, in December 2021. The servers of Cookiebot are located in Europe, but belong to a US provider. This means that the data is not stored in compliance with GDPR. Other cookie banner providers also work together with US services, which is not always apparent at first glance.

Conclusion: When choosing a cookie consent tool, be sure to pay attention to information such as “GDPR compliant”. We recommend the provider,, to our customers who are based in the Netherlands.

Frequently asked questions about cookies

What are cookies, exactly?

Cookies are small files that websites store in their browsers. There are cookies that are necessary technically – without them you cannot use certain functions of a website (such as storing login data or using a shopping cart). However, cookies are often also used to collect information about website visitors that is forwarded to other companies (including the Facebook Pixel). According to the GDPR, website users must have the option to actively consent to or reject the use of cookies when visiting a website.

The technically-necessary cookies are not affected. American Programmer, Lou Montulli, invented cookie technology back in 1994. Back then, the Internet had no memory. So, no connections between a user’s activities on a website could be made – you couldn’t fill a shopping cart. He called the small text files that overcame this problem “magic cookies”.

And what are cookie consent tools?

In the past, cookies were simply set without the user being notified. Now you have to give your consent on every website. And that’s how the term, “cookie consent tool (or consent management tool)” came to be – “consent” is the English word for the idea of voicing agreement with another’s actions. A cookie consent tool, therefore, helps with the technical implementation of a banner that places itself on a website, like a mask, and gives the user the opportunity to either agree to the use of cookies or to reject them. Often, there is also a third option in these tools: select certain cookies. In addition, cookie consent banners must contain a link to the privacy policy if the banner covers it on the website.​

It’s best to stop using Google Analytics

If you use Google Analytics, you should look for an alternative now! According to a recent assessment by the Austrian Data Protection Authority, DPO, a website operator is in violation of the GDPR if they use Google Analytics on their website.

The reason is similar to the judgment on the cookie consent banner. The use of Google Analytics carries with it an illegal transfer of data to Google LLC in the USA.

More concretely – this decision was about an Austrian company that was taken over by a German company. The case is, therefore, now also being examined by a German data protection authority. And the attitude of the German Data Protection Conference (DSK) towards Google Analytics and data transfers to the USA is well known.

Experts, therefore, expect that the Austrian decision will be upheld by the German authorities. Conclusion: This decision significantly increases the risk that website operators who use Google services will experience regulatory proceedings or warnings. We recommend that all website operators look for privacy-compliant alternatives from Europe this year to replace Google Analytics (and other Google services), or to prepare for disputes with the German data protection authorities.

A good alternative to Google Analytics

Be on the safe side with Pagesense or Matomo

We, at codafish, recommend Pagesense by Zoho or Matomo Analytics to our customers – with which you can track the surfing behavior of your website visitors without any privacy concerns.

Data protection is important to us!

…and, because that is the case, we work closely with data protection experts on this topic! If you need support for the technical implementation of legally-compliant cookie notices, please feel free to contact us!

Is your website in compliance with the GDPR policies?

Let us take a look and give you recommendations or check our 10 steps on how to make your site safer and compliant with the GDPR!Check out!

We, at codafish, are your competent partner for digital projects

We would be happy to advise you on how to integrate legally-compliant cookie notices on your company website. We take care of the implementation and the regular updates.
Would you like to learn more with no obligation? Simply fill in the contact form or call us directly: +49 30 666384800

Dive into our World

Here is where we inform you about exciting digital trends and explain how you can use them in your business. In addition, we offer you a closer look at our work as a digital agency. Thank you for your interest. Thank you for your interest.
wordpress blog create blog

How to create a WordPress blog

Greetings to you, the current reader of our blog article! Are you also on the brink of starting your own blog and adding your unique ...
Read More
Pincore demo

Your comprehensive Pimcore demo

In the web industry, this topic is unavoidable: Pimcore. Everyone is talking about it, but you might be asking yourself: what is Pimcore and how ...
Read More
Live chats​ Chatbots

Live chat vs. chatbots – how do I pick what’s right for me?​

Live chat or chatbots? In this article, we will bring you up to speed on all the advantages and disadvantages of both options and suggest ...
Read More

We call you!

Are you planning a new digital project and you have questions about our services? Complete this form or call us at +1 888 9263234
  • This field is for validation purposes and should be left unchanged.
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Error: Embedded data could not be displayed.