Ready for the new Google Consent Mode v2? Learn more »

Analysis: Cookies in top 100 online shops

Part of our work at consentmanager is to see what the market is doing. That’s why we took the top 100 German online shops and looked at where, when and which cookies are set and what kind of cookie banners are used. The result: there is pent-up demand.

a chart showing the number of cookies used without consent in the top 100 German online shops

In top 80 cookies without consent

For the analysis, we took the list of the top 100 online shops with the highest turnover in 2020 from EMI and called up each shop individually with the Chrome browser in incognito mode. Our expectation was to see maybe a handful of cookies on the pages on average – the result of the treatment of data protection in these online shops was more than sobering:

Out of 100 pages, there was not a single cookie on only 2 pages, but there were more than 30 cookies on 15 pages – without having clicked on the consent button, mind you. The (sad) peak is occupied by a fashion retailer who sets a full 80 cookies before the visitor has consented – even though a cookie banner is shown on the site that allows the refusal. Even the average is significantly higher than we expected at around 16 cookies (before approval) per shop . Even if the shops were to say that many cookies could be “functional” and “essential” – are 16 cookies really necessary for that?

“Homemade” brand cookie banner

We were also surprised by the number of shops that preferred to build their own cookies or use ready-made scripts from the Internet instead of a professional cookie solution. Around 40% of the online shops surveyed were using a homemade cookie banner. The result is correspondingly poor here: only very few were designed to be GDPR/ePrivacy compliant.

Nicely designed but not compliant

Unfortunately, there are only a few positive examples. Although some shops block third-party providers in an exemplary manner, they are not completely complete when it comes to communication in the consent layer. In the majority of cases, there is a lack of basic information, such as which providers are used, which purposes are being pursued or which legal bases are being used. Very few shops actually list cookies and the majority list purposes but no providers.

Some websites do make an effort with the graphic design – but too often the focus seems to be on urging the visitor to click on “Accept”. For example, a music store uses a funny cookie banner, but here, too, there is a lack of equal treatment between acceptance and rejection:

a cartoon character of a grandmother bringing a plate of cookies and a paragraph of text

The Regional Court of Rostock recently warned that an equal representation of acceptance and rejection is important. However: Of the 100 online shops we examined, we were only able to find one where the rejection is structured in the same way as the acceptance. For 50 shops there was no direct option to refuse, just a “Settings” button or link. A total of 8 shops also had a cookie banner on which there was neither a settings nor a reject button or link.

negative examples

Among the many online shops there is a lot that is done right – but unfortunately there are also many shops that seem to be still living in the pre-GDPR era. Here are some negative examples of how not to do it:

An example of a cookie banner with an "I accept" button
An example of a cookie banner with an "I agree" button
A very discreet cookie banner with an "I agree" button
A simple cookie banner


In conclusion, the German online trade is unfortunately very disappointing. According to Statista, each of these companies has generated annual sales of more than EUR 70 million – but at the same time only a handful of online shops manage to display an approximately GDPR-compliant consent layer. In this respect: Dear online shops, please urgently improve the need to catch up 🙂

If you want to know what a cookie banner should at least contain for online shop data protection, you can find some information in our GDPR online shop checklist .

more comments

General, News, Videos

Webinar: Google Consent Mode v2 with Google and consentmanager

Join our exclusive webinar hosted by consentmanager in collaboration with Google on June 12, 2024 at 11:00 CET. Due to high demand for information on the latest Google requirements, this webinar will help you better understand Google Consent Mode v2. Dennis Gingele from Google and Jan Winkler from consentmanager will present the essential facts and […]
Image for the anniversary of the GDPR on 25 May with

6 years of GDPR: A celebration of its far-reaching impact

We are approaching the sixth anniversary (May 25, 2024) of the General Data Protection Regulation (GDPR), which has influenced data protection standards around the world since it came into force on May 25, 2018. The GDPR has not only fundamentally changed the security and management of personal data, but has also strengthened the rights of […]