Cookies and data protection – What does legally compliant consent look like?

Together with the European data protection organization noyb, Max Schrems is taking action against illegal cookie banners. Up to 10,000 letters of complaint are sent to the operators of the most visited websites of companies in Europe and the USA.

The focus is on all those banners that make it almost impossible for site visitors to refuse the use of cookies. In the meantime, website operators have found creative solutions to enable “purpose-dependent” consent on the one hand and to entice the site visitor to click on “Accept all” after all.

However, the headlines surrounding Max Schrems and the noyb organization in the context of “cookie consent” don’t stop. According to reports, the organization of data protectors is now working with the Vienna University of Economics and Business Administration on a solution to make cookie banners superfluous. This would make the question of what the privacy-compliant cookie banner should look like a thing of the past.

The solution “Advanced Data Protection Control” should enable the person concerned to make uniform settings for the use of cookies via the browser. It is no longer necessary to click through many differently designed consent banners, which are almost a science in themselves.

According to statements by Mr. Schrems, the GDPR requires a clear “yes / no”. In addition, there is the statement of the Art. 29 Data Protection Working Party that the site visitor should have the option to reject or accept cookies for certain processing purposes.

A case of cookie banners that we frequently observe in practice is the option “Confirm selection” or “Accept all”. In the case of Confirm selection, only technically-required cookies are accepted by default. At the same time, the categories “Marketing” or “Statistics”, for example, can then be added.

It is undisputed that the site visitor should have a choice as to which cookies are used. Consent should be requested in as neutral and uncomplicated a manner as possible. It remains to be seen what the results of the wave of complaints will be and to what extent technical games will be tolerated by the supervisory authority.

You are not sure whether the cookie consent solution of your website complies with the legal requirements? We would be happy to support you in ensuring GDPR compliance on your website. As part of a web check, we put your website to the test holistically and look at it both from a data protection perspective and at the level of IT security.

Call us at our headquarters in Hutthurm at +49 8505 91927 0 or at our new office in Munich at +49 89 413 2343 0 or contact us here!