Cookies and data protection – What does legally compliant consent look like?

Anyone who regularly surfs the Internet knows that cookie consent banners come in many different shapes, colors and designs. Basically, all of them should pursue the same goal: to inform the site visitor which cookies are used and to request consent for the associated data processing.

The well-known cookie banner with an “Ok” button is now becoming increasingly rare, but has still not completely disappeared. Many site operators have already upgraded to the extended cookie banner to comply with the requirements of the GDPR.

But even the extended banners, with purpose-dependent consent option contain some pitfalls that can lead to data protection problems. Learn more about cookies and data protection below.

Cookies and data protection – wave of complaints against illegal cookie banners

Together with the European data protection organization noyb, Max Schrems is taking action against illegal cookie banners. Up to 10,000 letters of complaint are sent to the operators of the most visited websites of companies in Europe and the USA.

The focus is on all those banners that make it almost impossible for site visitors to refuse the use of cookies. In the meantime, website operators have found creative solutions to enable “purpose-dependent” consent on the one hand and to entice the site visitor to click on “Accept all” after all.

The problem is followed by the “solution” at the same time?

However, the headlines surrounding Max Schrems and the noyb organization in the context of “cookie consent” don’t stop. According to reports, the organization of data protectors is now working with the Vienna University of Economics and Business Administration on a solution to make cookie banners superfluous. This would make the question of what the privacy-compliant cookie banner should look like a thing of the past.

The solution “Advanced Data Protection Control” should enable the person concerned to make uniform settings for the use of cookies via the browser. It is no longer necessary to click through many differently designed consent banners, which are almost a science in themselves.

So what are the requirements for cookie consent?

According to statements by Mr. Schrems, the GDPR requires a clear “yes / no”. In addition, there is the statement of the Art. 29 Data Protection Working Party that the site visitor should have the option to reject or accept cookies for certain processing purposes.

A case of cookie banners that we frequently observe in practice is the option “Confirm selection” or “Accept all”. In the case of Confirm selection, only technically-required cookies are accepted by default. At the same time, the categories “Marketing” or “Statistics”, for example, can then be added.

It is undisputed that the site visitor should have a choice as to which cookies are used. Consent should be requested in as neutral and uncomplicated a manner as possible. It remains to be seen what the results of the wave of complaints will be and to what extent technical games will be tolerated by the supervisory authority.

What is your situation regarding cookies and data protection?

You are not sure whether the cookie consent solution of your website complies with the legal requirements? We would be happy to support you in ensuring GDPR compliance on your website. As part of a web check, we put your website to the test holistically and look at it both from a data protection perspective and at the level of IT security.

Call us at our headquarters in Hutthurm at +49 8505 91927 0 or at our new office in Munich at +49 89 413 2343 0 or contact us here!

Schlagworte: GDPR, GDPR compliant