Cookies and data protection

What are website cookies?

The function and meaning of cookies for websites should be well known to most: While these users are primarily intended to make it easier to surf the web, for example by storing login data, cookies help website owners, in particular, to recognize users and their behavior with the help of appropriate tools analyze on the web.

This provides essential insights into the site's performance and its content and ultimately helps to implement optimization measures. But, especially when creating user profiles for online marketing or optimizing your search engine marketing, website operators must now obtain the users' explicit consent.

Cookies and data protection for website operators in 2021

The topic of the use of cookies has been picking up speed since the end of last year due to the judgments of the European Court of Justice (ECJ) and, most recently, of the Federal Court of Justice (BGH). In the EU, the so-called cookie directive regulates how and when private user data may be stored.

The judgment of the ECJ in October 2019 confirmed once again that only those cookies are permitted, which are necessary for the technical operation of the website. For all other cookies, on the other hand, active user consent is required. This can be done, among other things, by ticking the boxes, which allow the website operator to use user behavior for their analysis purposes.

A requirement of this requirement was not previously enshrined in German law. Until now, the data protection regulation (GDPR) only stipulated that website operators state the extent of the use of cookies in their data protection declaration. But if you wanted to feel on the safe side as a company, you also informed your users with a website banner about the corresponding cookie information - mind you via pre-filled checkboxes and cookies already activated when entering the page.

Cookie opt-in instead of cookie opt-out

This procedure, i.e., a cookie opt-out function, is no longer permitted according to the latest judgment of the Federal Court of Justice. Accordingly, cookies may only be used if the user expressly grants his consent by setting checkboxes and clicking on an "Agree" button - cookie opt-in function.

But here too, there are exceptions or gray areas, to which neither the EU Cookie Directive nor the GDPR takes a stance. What is certain is that so-called “essential” cookies, which ensure the technically smooth operation of a website, remain free of consent. This includes, for example, the language selection of a website, the login status on an online portal, or the shopping cart cookie for online shops.

The EU ePrivacy regulation defines the need for a cookie “[...] if the sole purpose is to accomplish or promote the transmission of a message through a digital interaction network or [...] to give a solution requested explicitly by the client of website or individual To make the information culture readily available. "


use data tracking

Web tracking via Google Analytics or Facebook Pixel

Yet what does this mean for the role of third-party cookies - for example, Google or Facebook? Data storage solely for advertising and market research are subject to the legally required consent. The same applies to the creation of user profiles, user behavior analysis, or conversion measurement.

Although analysis tools such as Matomo and Google Analytics offer the option of using without cookies, since the data is stored on its server or processed strictly separately from other services, you are in a legal gray area here. The legal situation leaves some questions unanswered so that the opt-in variant for cookies appears more sustainable.

The case of general web tracking, on the other hand, looks much less specific. From the measurement of visitor flows on their website, operators often draw meaningful conclusions about their functionality, which can mean a technical necessity. If further legal adjustments can be expected in the future, an opt-out function remains permissible.

Remarketing & web tracking: What do customers need to consider now?

Numerous companies and websites in Germany and the EU do not meet the legal requirements of the new cookie policy. Therefore, it is recommended that the new guidelines be implemented promptly to avoid risks from fines proceedings. Companies on their website are not affected by the consent requirement if they decide in the future or continue to use only technically necessary cookies.

In the future, all others will certainly have to obtain the user's consent in the form of a cookie opt-in banner - by clicking (i.e., expressly). Until this happens, only necessary cookies may be set! It is also important to remember that permission fields must not be filled in beforehand and that the user is informed in detail about the type of data processing and the storage period. To ensure maximum transparency, it is also necessary to explicitly mention the third-party services used (e.g., GA, E-Tracker, Matomo, Facebook Pixel) in the wording. 

There is no requirement for the placement of the banners, although an opt-in field in the center of the screen may result in consent rather than at the bottom of the screen. An admittedly more radical step in the context of a “cookie wall” is also conceivable: This only grants users access to the content of the page if they also give their permission to use the data. All services have in common is that every consent given by a user can also be revoked on the website - for example, in the data protection declaration.

Web development from the perspective of the internet agency.FUF

What changes for an internet agency like Frank and friends? For numerous web projects.FUF is not only responsible for the design implementation but also for technical development. In addition to setting up the appropriate content management system (e.g., Drupal or TYPO3), external services must also be integrated via.FUF according to customer requirements.

As a rule, the integration of tracking tools such as Matomo, Google Analytics, tracker, or Facebook Pixel is a common task for new and existing projects. The extent to which these are used ultimately decides how relevant the adjustments to the cookie information must be. The new legal situation, therefore, also requires new solutions for future-proof remarketing - via Facebook, Google, and Co. - as well as a web analysis that is independent of consent. 

As a Stuttgart Internet agency, FUF is available to advise customers and individually tries to find the best possible solution for the various websites. In addition to a technically clean use of cookies, the correct placement of the banners, and the exact wording of their use are paramount. The ultimate goal is to avoid negative effects for website operators and, at the same time, to meet the legal requirements.

As part of the new case law, Frank and friends have already implemented the cookie banner of our long-standing customer - the Baden-W├╝rttemberg Chamber of Architects - in accordance with the requirements.

Also Read: The Leading 10 Modern Technology Companies in the world



Contact Form