Ready for the new Google Consent Mode v2? Learn more »

What are cookies?

Cookies simply explained – Cookies are used to keep the website running and to promote professional marketing. A brief introduction.

a stack of biscuits on a white table

The cookie monster is also up to mischief on the Internet. We’re talking about cookies in the browser, the “cookies” that websites leave on your computer. We are actually happy about delicious cookies, but this is not necessarily the case with online cookies. With the adoption of the GDPR (General Data Protection Regulation) in May 2018, the topic of cookies in the browser is more relevant than ever. There must be a cookie consent banner on every website that a user in the European Union reaches. Its task is to inform the user that certain data is collected when they visit the website. Users can choose which cookies they want to allow. In general, a distinction is made between technically necessary and non-essential cookies .

Cookies simply explained

Here is the definition of cookies: Cookies are small text files. They are stored on your computer when you visit a particular website. Cookies collect information that can be stored in one or more files. One of the most commonly stored pieces of information is a randomly generated number that is used to recognize your computer. This means that you do not have to re-enter your data or place goods in the shopping cart again every time you visit a specific website.

The settings of the site are also saved thanks to cookies, so that users do not have to re-enter their username, password or language every time they visit. The operator of the website collects data that makes the surfing behavior of the users traceable. This includes, for example, the IP address , the duration and frequency of page views and the subpages visited , which allows a profile to be created for a specific user. The user profile created by the cookies is in turn used to place appropriate advertising and enable targeted targeting.

What types of cookies are there?

Not all cookies are the same: By definition, there are necessary and non-essential cookies. Many users divide them into “good” and “bad” files. Good cookies ensure an optimal user experience and primarily serve security. This is the case, for example, with online banking. Here the connection is stored in a single cookie and automatically deleted after the session has ended. The situation is different with so-called tracking cookies. They are used to evaluate user data and to place personalized advertising . Tracking cookies are particularly persistent and track surfing behavior for years. Due to the sheer volume of data collected, tracking cookies can pose a security risk, as sensitive data is often stored as well. In this context, the topic of ” cookies and data protection ” is repeatedly mentioned and given attention.

Cookies and data protection: what can you do about cookies?

Users should regularly delete cookies from their computers. It is best to do this after each session. If this is not possible, you should delete the cookies at least once a month. Although it is theoretically possible to refuse all cookies , this is not practically possible as it means that most websites will not work properly. However, the cookie consent banner gives you the option of only accepting certain cookies.

To make long-term tracking of your user behavior more difficult, set your computer so that session cookies are deleted after each session. However, this is not always practical, since you have to log in to online shops or Internet applications every time, for example. The cookie consent banner provides the option to opt out of third-party cookies . These are placed by external providers, which are usually advertising companies such as Google or Facebook . Users can only understand to a very limited extent which data is forwarded to third parties. As a user, you have the option of installing an anti-tracking program that gives you an overview of the cookies placed on your computer . The program allows you to manage cookies.

Cookies and data protection: What the GDPR says about it

Although cookies have been around in browsers for a long time, most users didn’t give much thought to the small text files on their computers until May 2018. But thanks to the GDPR, this has changed fundamentally. Shortly before the GDPR came into force, many companies drew attention to the new regulation and obtained their customers’ consent to online marketing. The directive not only regulates the management of cookies, but also e-mail communication.

In retrospect, the regulation was even tightened: the opt-in solution has been in effect since October 1, 2019 . As a result of this new regulation, the user must agree to the use of cookies. Before the tightening of GDPR, many companies used a loophole in legislation to push through tracking and third-party cookies. The relevant boxes were already ticked on the consent banner. Now these marketing methods are no longer allowed. Users must now set the desired ticks themselves in order to allow cookies. However, this does not apply to the necessary cookies, without which it is impossible to use a website.

Cookies and Privacy: What Does a Consent Management Provider Do?

The GDPR sets strict rules for websites. In order for the cookie consent to be legally compliant , it is advisable to use a consent management provider (CMP) . A CMP is a tool that takes over the provision of the cookie content banner. Any company that wants to reach users in the European Union or internationally must have a consent management tool. There are currently many different consent solutions that include both paid and free tools. The advantage of a paid consent management tool is that it offers more options than a free CMP. This includes, for example, consent banners in several languages , which can be adapted if desired. The design also plays an important role, because the banner should match the rest of the website. As a rule, it makes sense to use a paid solution, as otherwise no additional services can be activated. Anyone who operates an app in addition to the website is also confronted with the EU directive here. This is why some consent management providers now also offer software development kits (SDKs) for apps. SDKs allow consent management to be integrated into native apps.

Since the guidelines are still relatively new, there is a large lack of precedent and clear regulations. With a consent management tool, however, you as the operator of a website are on the safe side. Consent management tools are easy to use and can be easily integrated into websites. So you know that obtaining cookie consent is legally compliant and that the users of your website are in the best of hands.


Finally there is clarity! What is so easy to say is the result of a long process of judicial decisions and technical implementation on websites. What information users are willing to pass on is solely the sovereignty of the website visitor. That’s good. What is forwarded to information for external providers beyond the technically necessary cookies remains transparent from the start. Appropriate cookie content solutions pave the way for this clarity for all pages. In the jungle of national and international regulations and laws, these banners translate legal requirements into usability and clarity.

more comments

General, News, Videos

Webinar: Google Consent Mode v2 with Google and consentmanager

Join our exclusive webinar hosted by consentmanager in collaboration with Google on June 12, 2024 at 11:00 CET. Due to high demand for information on the latest Google requirements, this webinar will help you better understand Google Consent Mode v2. Dennis Gingele from Google and Jan Winkler from consentmanager will present the essential facts and […]
Image for the anniversary of the GDPR on 25 May with

6 years of GDPR: A celebration of its far-reaching impact

We are approaching the sixth anniversary (May 25, 2024) of the General Data Protection Regulation (GDPR), which has influenced data protection standards around the world since it came into force on May 25, 2018. The GDPR has not only fundamentally changed the security and management of personal data, but has also strengthened the rights of […]