Is your cookie banner GDPR compliant?

In August 2021, around 40 companies in Berlin received mail from the Berlin Commissioner for Data Protection and Freedom of Information, Maja Smoltczyk, with a request to adapt the tracking on their websites to the data protection regulations. Enclosed is the corresponding press release. 

The GDPR clearly states: Website operators who want to track user behaviour with the help of cookies and other technologies need a legal basis. Many cookie banners on websites differentiate cookies, but often no effective consent is obtained. 

It must be easy for every user to refuse or consent to tracking. Tracking preferences to force consent are not legally compliant. 

The authority’s notice campaign was a first warning to selected companies. The responsible parties were requested to immediately design the data agreement in accordance with the GDPR requirements. A second examination of the websites of the companies reprimanded may result in measures by the authority. 

Seek competent advice on designing and auditing your cookie banners. Here are the most important requirements for a practical and data-saving opt-in procedure: 

  • Obtain consent only when necessary. 
  • Differentiate between different processing operations. 
  • If consent is required, the options should not be too extensive. The user should be able to make the settings according to his or her wishes with just a few clicks. 
  • The use of the website service should not depend on consent. 
  • The following applies to the module: easy to use, adapted to the user group and compatible with different end devices. 
  • All information on the processing of data must be transparent, easy to understand and neutrally designed. 
  • A data-saving default setting should be provided. 
  • The design must not distract the user from the essentials and manipulate the user into changing the settings. 
  • A data protection cockpit should enable subsequent management of the authorisations granted. 
  • Make the topic more understandable with icons and pictograms. 
  • Conclusion: Transparency in consent strengthens your trustworthiness.