Cookie Banner – the legal and technical background
Cookie banner – personal data is saved
Cookies are used to process personal data. This means small pieces of text information are stored on the Internet user’s device . The user or his devices can be assigned individually in this way. This is used, for example, for tracking. With tracking, the behavior of the user is tracked. The IP address, the browser fingerprint or other criteria can be used for this tracking. Because personal data is processed, a cookie must comply with the GDPR. Data protection law applies here and the cookie banner text must also be designed accordingly.
What are cookies actually?
Cookies are basically text files that are stored by the provider of a website on the user’s computer or other end device. When you visit the website again, these text files are read out again in order to facilitate navigation in the network or transactions , and to analyze information about the behavior of website visitors. Examples of how cookies work are:
- The website visitor is identified, recognized and receives customized advertising.
- A user’s login data is saved so that they do not have to be re-entered when they visit again. This makes it easier to log back into Facebook, for example.
- the products placed in the shopping cart are saved.
Basically, there are different types of cookies. The most important difference is that there are technically necessary and technically non-essential text files . These two variants are legally treated differently. Cookies that are essential for the operation of a website are considered technically necessary. Cookies are considered technically unnecessary if they are used to pursue economic interests. These include, for example:
- Cookies from social media plugins (Twitter, Facebook, Google+, Instagram, Pinterest, LinkedIn)
- Cookies from video embedding applications, such as Youtube
- Affiliate Services Cookies
- Cookies from retargeting services
- Cookies from remarketing services
- Online map services such as Google Maps
- Cookies from SZM (scalable central measurement methods)
You can make another distinction with cookies and divide them into essential cookies, analysis cookies and cookies for marketing purposes.
- Essential cookies are all cookies that are required for the operation of the website. Consent is not mandatory for this type of cookie.
- Analysis cookies are cookies for Google Analytics, Matomo or etracker – i.e. tools that analyze visitor behavior. These are usually subject to approval.
- Marketing cookies are always used when it comes to online advertising. These tools record the interests of website visitors so that customized advertisements can be shown to users on different websites. Facebook Pixel, Google Remarketing and Google Adsense are among these tools. If you want to use these tools, you always need the consent of the website visitor.
Cookie banner – technically necessary and technically non-essential cookies
For a long time, technically necessary cookies could be set without the user’s consent. On the other hand, the consent of the user always had to be obtained for the setting of cookies that were not technically necessary. The law now provides for much stricter regulations . If a cookie is to comply with the GDPR, the user must almost always give their consent. This means that consent must be given for almost all cookies to be set. A cookie banner must therefore not only be available if the cookies are used for advertising purposes, but also if comfort functions are to be fulfilled.
It can be said with certainty that a declaration of consent should always be obtained for cookies used for marketing, tracking, statistics or analysis. Depending on the type of cookies, cookie banners or cookie consent banners are possible. Basically one can say:
- If cookies are necessary from a technical point of view, it is sufficient to simply inform the user about the setting of cookies. This means that a pure cookie notice would be possible here.
- If the consent of the user is required for a cookie according to the GDPR, a cookie notice is not sufficient. The user does not only have to be informed about the setting of cookies. The user’s consent must be obtained. Simple cookie banners that only inform the user do not serve this purpose. A cookie consent banner must be used here.
Since the pure information about the setting of cookies is rarely sufficient, in most cases you will have to resort to a cookie content banner.
What are cookie banners?
Do I need a cookie banner for my website?
Anyone who runs a website and has visitors from the EU (or from outside) should have a corresponding banner. A cookie banner generator can be very helpful here. The cookie banner generator should design the banners in such a way that the user is fully informed about the cookies and has the opportunity to make a choice. For this purpose, the cookie banner generator must scan all cookies and list them accordingly in the banner. The cookie banner text informs users about the setting of cookies and consent can be obtained. Studies have shown that many website operators are not even aware that their users’ data is being processed by third or fourth parties. For example, there are Trojans whose existence is often not even known to website operators. With a high-performance consent management system, however, pages can be scanned for any cookies from other parties. Anyone who wants to protect their users’ data and ensure that their cookie banner is GDPR compliant needs a sophisticated and in-depth solution. This is the only way to ensure that all cookies and trackers can actually be found and controlled on the website, as required by the GDPR. After all, anyone who does not have an overview of the entire website from a technical and functional point of view cannot guarantee the data protection of users. A cookie banner generator that can play out a cookie banner that complies with the provisions of the GDPR is therefore absolutely necessary for website operators.
What do you have to consider when implementing cookie content banners in practice?
Due to the legal regulations, there are some rules that should be observed when implementing a cookie content banner. If cookie content banners are used, the following points should be considered:
- Before cookies requiring consent are set, consent must first be obtained. There is still a lot of catching up to do on many websites. It is not enough to use a correct cookie banner text if the technical implementation does not work correctly.
- Consent is not to be assumed if the user navigates or scrolls on the website. This does not constitute legally compliant consent.
- If a cookie banner generator is used, it must design the banner in such a way that withdrawing consent is just as easy as giving consent.
- Proof is required for the declaration of consent. This proof is provided by setting a necessary cookie. The user must also be informed about the setting of this cookie.
What content should a cookie banner contain?
When it comes to the cookie banner text, there are certain rules. In order to comply with legal requirements, a cookie banner must contain the following:
- The cookie banner text should provide a first indication of the purpose for which the cookies are used.
- There must be a button available for giving consent and a button for denying consent.
- The user must have a choice and know the purpose of the cookies to which he should consent. The selection boxes must not be pre-filled, the user must tick them themselves.
Using cookie banners – what does the GDPR have to do with it?
Cookie banners are mandatory – what applies to my website?
Website operators and online retailers are rightly asking what this means for their own online presence. So far, the legal situation does not seem to be entirely clear. The GDPR provides information on the data protection declaration, the ePrivacy Regulation is still pending. How should website operators and online retailers behave? Ideally, the cookie banner should be considered mandatory – despite the still inconsistent legal situation. The cookie banner should be designed in such a way that the user has to become active and decide for themselves which cookies they want to accept and which not. The objection solution anchored in the Telemedia Act (TMG) does not go far enough here and it can be legally risky to rely on it alone. If you consider the cookie banner to be mandatory and want to be on the safe side, you should inform website users about which cookies are being used. In addition, the user should have the opportunity to actively decide on the processing of the data. All website operators should adhere to these rules, even if they are supposedly private websites or the website of the sports club. Anyone using a cookie banner provider should ensure that:
- The user’s consent is obtained directly when the page is accessed. This should be done before cookies are set. Technically necessary cookies can be an exception here.
- It is not enough if the cookie banner text consists of a simple notice and this disappears immediately after a click on the page or can simply be hidden.
The tick for approval must not be ticked in advance
What belongs in the data protection declaration?
Regardless of whether online retailers and website operators use a cookie banner, they must refer to the processing of personal data in the data protection declaration. Among other things, the data protection declaration should inform users about the type and purpose of the cookies used. The user should learn:
- What type of data is collected using cookies.
- For what purpose the personal data is used.
- How long the data is stored.
- Whether and to whom the data is passed on.
- Whether and how to withdraw consent to the processing of personal data.
Cookie banner tools for a legally compliant design
Designing cookie banners in accordance with the GDPR is not always that easy. In order for the cookie banner or the cookie content banner to be designed in a legally compliant manner, it is advisable to use the appropriate cookie banner tools. A Consent Management Provider (CMP) is a cookie banner tool that takes over the design and provision of the cookie content banner. In principle, every online retailer and every website operator should use an established cookie banner tool, for example from providers such as Consentmanager. There are both free and paid cookie banner tools. Typically, a paid cookie banner tool offers more functionality . These additional features may include, for example, adapting the cookie notices to a specific language . If the cookie banner should also match the design of the website, a fee-based cookie banner tool is also useful. If you want to customize your banner and use additional services, you are well advised to use paid solutions. If you also offer an app in addition to your website, you also need a suitable solution for this.
Using a consent management solution that scans the website to find all cookies and allows users to give their consent to each cookie is a reliable and secure way to make your website compliant with the GDPR shape.
What are the advantages of a consent management tool?
The GDPR applies to all online retailers and website operators. Even if some website operators are still hesitating and wondering whether a GDPR-compliant cookie notice is really necessary, nobody can actually avoid it today. Failure to comply with legal regulations can result in high fines for website operators. The topic of IT in particular is a problem for many entrepreneurs. You don’t know enough about the topic, you invest a lot of time and in the end you’re not sure whether the cookie notice is GDPR-compliant. This is where a consent management tool like the one from Consentmanager.de comes in handy. With this solution, website operators can be sure that they are complying with the EU’s General Data Protection Regulation. With a tool like that offered by consentmanager.de, cookie consent banners can be added to your own website quickly and easily . A GDPR-compliant banner protects website visitors while providing protection from lawsuits . In addition, advertising partners can feel safe and are more likely to invest if they know they are on the safe side.