Christmas is coming soon and cookies are being baked everywhere again. But it's not just at Christmas that you should pay attention to cookies; your website and the services integrated into it also bake cookies every day, but not every visitor wants them. In this blog post, we explain what this means for you and what you need to do to avoid legal problems.
What are cookies anyway?
Cookies are small text files that are stored on the computer by the web browser. These files are used to store information about the user and their interactions with a website. Cookies enable the provider to recognize the user and provide personalized experiences.
Cookies can serve a variety of purposes, from storing login information to tracking user behavior for analytics purposes. Although cookies help to improve the user experience, they can also raise privacy concerns. It is important to note that cookies should be stored on the basis of the user's consent, and there must be mechanisms in place to manage or reject cookies (Consumer portal BW).
Legal background to cookies
Consent tools (cookie banners) are legally necessary when it comes to effective consent for user tracking or the setting of non-essential cookies. However, care should be taken to use a "real" consent tool where the user can actually consent or reject. Cookie banners are still frequently used that simply indicate that the website uses cookies. However, this is not legally permitted. A user must be able to specifically consent or reject.
The topic of consent to the processing of personal data is a perennial issue on the internet, especially since the GDPR (General Data Protection Regulation). However, not only the use of a genuine consent tool, but also the design play an important role.
Necessary cookies
What does "necessary cookies" actually mean? Necessary cookies are required to use a website properly. These include "session cookies" in an online store, for example, which save the shopping cart or cookies that save a login. In general, all cookies that are necessary for the proper operation of the website are summarized here.
Non-essential cookies
Non-essential cookies, on the other hand, are all types of cookies that are not necessary for the operation of the website or its use. These include, for example, tracking cookies that record surfing behavior, cookies from third-party services that are integrated on the website (such as YouTube or Google Maps, etc.). Analysis cookies, such as those from Google Analytics, or cookies for advertising.
What should a cookie consent banner look like now?
- Consent may not be given automatically. Sentences such as: “By visiting our site, you accept the use of cookies” (or similar) are not permitted. The mere statement “We use cookies” with an “OK” button is also inadmissible.
- As long as a user has not made a decision, no non-essential cookies may be set at any time.
- Third-party services (Youtube, Google Maps, etc.) may not be loaded without consent, as personal data (IP address) is transferred to a foreign provider.
- There must be both an “Accept” button and a “Reject” button. Both should be “equal”. This means that the “Reject” button must not be hidden, on a different level, or difficult to read (keyword nudging). It should also not be placed or designed in such a way that a user is tempted to click on the “Accept” button. There are now rulings that both buttons don't have to look the same, but this can quickly become a problem. What is clear here and what is not is not finally defined. For example, if the “Reject” button is gray and the “Accept” button is green, it will definitely be inadmissible. We simply recommend always displaying both buttons in the same color. Some cookie plugins, such as Borlabs, even indicate if you want to use different colors.
- The buttons should Unique designations have:
- "Accept everything" and "Reject"
- "Agree" and "Only allow essential / (technically) necessary cookies"
- "Accept all" and "Only allow essential / (technically) necessary cookies"
- Pre-selected checkboxes in selection options are not permitted. If you have the option to allow individual cookies or cookie groups in the banner, then these must not be preselected. Of course, this only applies to non-essential cookies.
Statement from the European Data Protection Board on the design of cookie banners
Because there is no uniform regulation on the subject of cookie banners across the EU, the European Data Protection Board (EDPB) has drawn up guidelines with its "Cookie Banner Taskforce". In its draft report, the EDPB confirms which cookie banner settings are misleading:
- Missing reject button on the first level of the cookie banner
- Pre-ticked boxes on the banner so that the user cannot actively consent
- "Nudging", where the text becomes practically illegible due to such a low contrast between the text and the background of the button
- Complicated links to reject cookies, instead of a "Reject" button
- Missing revocation button - No button available to revoke the cookie consent
Do you have any further questions about using a content tool?
If you have any further questions about content tools and cookie banners, or are unsure whether your website complies with the legal provisions, simply contact us without obligation. We will take a look at your website and discuss the next steps with you in a free consultation.
Leave a Reply