Ready for the new Google Consent Mode v2? Learn more »
News

Analysis: Cookies in top 100 online shops


Part of our work at consentmanager is to see what the market is doing. That’s why we took the top 100 German online shops and looked at where, when and which cookies are set and what kind of cookie banners are used. The result: there is pent-up demand.

a chart showing the number of cookies used without consent in the top 100 German online shops

In top 80 cookies without consent

For the analysis, we took the list of the top 100 online shops with the highest turnover in 2020 from EMI and called up each shop individually with the Chrome browser in incognito mode. Our expectation was to see maybe a handful of cookies on the pages on average – the result of the treatment of data protection in these online shops was more than sobering:

Out of 100 pages, there was not a single cookie on only 2 pages, but there were more than 30 cookies on 15 pages – without having clicked on the consent button, mind you. The (sad) peak is occupied by a fashion retailer who sets a full 80 cookies before the visitor has consented – even though a cookie banner is shown on the site that allows the refusal. Even the average is significantly higher than we expected at around 16 cookies (before approval) per shop . Even if the shops were to say that many cookies could be “functional” and “essential” – are 16 cookies really necessary for that?

“Homemade” brand cookie banner

We were also surprised by the number of shops that preferred to build their own cookies or use ready-made scripts from the Internet instead of a professional cookie solution. Around 40% of the online shops surveyed were using a homemade cookie banner. The result is correspondingly poor here: only very few were designed to be GDPR/ePrivacy compliant.

Nicely designed but not compliant

Unfortunately, there are only a few positive examples. Although some shops block third-party providers in an exemplary manner, they are not completely complete when it comes to communication in the consent layer. In the majority of cases, there is a lack of basic information, such as which providers are used, which purposes are being pursued or which legal bases are being used. Very few shops actually list cookies and the majority list purposes but no providers.

Some websites do make an effort with the graphic design – but too often the focus seems to be on urging the visitor to click on “Accept”. For example, a music store uses a funny cookie banner, but here, too, there is a lack of equal treatment between acceptance and rejection:

a cartoon character of a grandmother bringing a plate of cookies and a paragraph of text

The Regional Court of Rostock recently warned that an equal representation of acceptance and rejection is important. However: Of the 100 online shops we examined, we were only able to find one where the rejection is structured in the same way as the acceptance. For 50 shops there was no direct option to refuse, just a “Settings” button or link. A total of 8 shops also had a cookie banner on which there was neither a settings nor a reject button or link.

negative examples

Among the many online shops there is a lot that is done right – but unfortunately there are also many shops that seem to be still living in the pre-GDPR era. Here are some negative examples of how not to do it:

An example of a cookie banner with an "I accept" button
An example of a cookie banner with an "I agree" button
A very discreet cookie banner with an "I agree" button
A simple cookie banner

Conclusion

In conclusion, the German online trade is unfortunately very disappointing. According to Statista, each of these companies has generated annual sales of more than EUR 70 million – but at the same time only a handful of online shops manage to display an approximately GDPR-compliant consent layer. In this respect: Dear online shops, please urgently improve the need to catch up 🙂

If you want to know what a cookie banner should at least contain for online shop data protection, you can find some information in our GDPR online shop checklist .


more comments

Cookie-Crawler - Standalone-Tool
General, News

Newsletter 11/2024

Cookie Crawler now also available as a standalone tool Our Cookie Crawler is now even more versatile and flexible! From now on, you can also use it as a standalone tool – without having to create a CMP. The standalone option is useful for customers who do not (yet) want to switch their cookie banner […]
consentmanager Cookie-Audit Grafik

Cookie Audit for Websites: Manually or with a Cookie Scanner

As a website owner, you are responsible for your users’ information that is collected and stored by cookies on your website. Any cookie active on your site can potentially cause privacy issues, especially if it is not used for its intended purpose or, more critically, if it is stored in your users’ browsers without their […]