Ready for the new Google Consent Mode v2? Learn more »
News

Requirements for consent layers (LFD Lower Saxony)


a laptop computer on a wooden table

The Lower Saxony State Commissioner for Data Protection has published new guidelines and instructions on how a compliant consent layer should look. The most important information is summarized here.

Many consent tools non-compliant

First, the LDF comes to the realization that many GDPR tools are not GDPR-compliant after all. The use of a consent management tool will usually enable the website to be compliant in order to obtain data protection-compliant consent – but it is up to the website operator to configure the tool correctly.

Practical tip: The default settings for consentmanager are already set to the recommended values. If you are unsure how to set up our tool, simply use the default settings.

No data processing prior to consent

The LDF also makes it clear once again that data processing, ie setting cookies and calling up third-party providers, may only take place if consent has been given (e.g. through a consent banner on the website).

Practical tip: Use our Cookie Crawler conformity test to determine that no cookies are set without consent.

Information in the consent layer

In addition, the LDF once again clarifies which information belongs in a consent banner on the website in order to obtain consent in accordance with data protection regulations. These are in particular:

  • identity of the person responsible,
  • processing purposes,
  • the processed data,
  • the intention of an exclusively automated decision (Art. 22 Para. 2 lit. c) and
  • the intention to transfer data to third countries (Art. 49 para. 1 sentence 1 lit. a)

It is also made clear that the purposes must be specific. Wording like “improving the surfing experience” or “marketing, analysis and personalization” is not sufficient.

The same applies to specifying the partners: it is not sufficient to say that “partners” will process the data – all partners must also be named individually.

Practical tip: The consentmanager already provides most of the required data, but you should check whether the purposes are named sufficiently specifically for your areas of application.

Unambiguous consent and nudging

Finally, the LFD makes it clear that a button must be clearly understandable and clearly labeled. An “Okay” button is not sufficient here and “Accept all” can also be too unclear (if the text does not adequately describe what is accepted).

At the same time, the LFD makes it clear that the so-called “PUR models” (accept advertising or take out a subscription) can be compliant.

The LFD also goes into detail that so-called nudging or dark patterns are not permitted. The point is that the user is consciously or subconsciously pushed to make a decision and thus “free choice” is undermined. This is already the case if, for example, the reject button is designed differently (less conspicuous) or rejection is only possible by clicking on “Settings” or the like.

Practical tip: Always use two buttons (accept and reject) and formulate them clearly.

The complete report of the LFD Lower Saxony can be found here .


more comments

General

Newsletter 09/2024

New features: Data Subject Rights (DSR) tool The GDPR provides that those affected (such as website visitors, customers or other persons whose data is processed) enjoy certain rights. This includes, in particular, the right to query their rights and obtain information about the data processed. The rights include, among others: Our new DSR tool now […]
consentmanager logo with the text ‘consentmanager is a Google CMP Gold Partner’ on the left side. Gold medal with a ribbon next to a shield with the text ‘Certified CMP Partner’ in Google brand colours.
News

consentmanager achieves Gold Status as Google CMP Partner

consentmanager is pleased to announce that it has been named a Gold Tier CMP Partner within Google’s Consent Management Platform (CMP) Partner Program. This recognition is awarded to us with consideration of the following criteria: The latest development in the Google Partner Program makes CMP implementation easier for our customers. Now you can integrate your consent banner directly […]