11.06.2019 - Tags:

Tracking Cookies - Currently still illegal!

Cookie Banner:

• The banners show an overview of all processing operations requiring consent, which can be explained and activated in function.

• Access to privacy and imprint may not be prevented by cookie banners.

• Before and while the banner is being displayed all further scripts from a website or web app are blocked if they can potentially capture user data. Only after approval, the data processing may actually take place.

• Without the option to refuse cookies it lacks the required voluntariness.

• A consent must be revocable as simple as possible.

As of late Cookie banners have been appearing almost everywhere. For most of the time they cover the content when visiting a website and require an "accept" or "ok". This could be seen as a direct implication of the General Data Protection Regulation which was released at the end of May 2018.  Accordingly, this task should first have been taken over by the European E-Privacy Regulation, which still does not exist. Thus, shortly before the entry into force of the GDPR, a position paper was published which required explicit consent of users regarding site tracking mechanisms. Through creating a user profile these mechanisms are able to track the behavior of people on the internet. According to the position paper the informed consent must "be obtained in the form of a statement or other clearly confirming act before the data processing"1. From the beginning this special route of consent solution was very controversial.

By examining 40 websites of larger providers in early 2019, the Bavarian data protection authority found out that not one provider meets all the strict requirements. Many of the currently displayed banners are clearly unlawful. Especially the missing option of rejecting cookie usage is a common problem. In addition, operators must present the processing of data to users in a transparent and comprehensible manner. In addition to a listing of the individual forms of processing, the function of a specific consent to individual forms of data processing is often absent. Only then will it be possible for users to make decisions with the complete knowledge of the specific situation and to understand the scope of the consent. It has to be acknowledged that in specific cases, the interest of the website provider has to be weighted with the interest and the fundamental rights and freedoms of the individual user. Even after a year, there is still much legal uncertainty in this area.

Enter the letters from the image


07.11.2019 - Judgment of the ECJ on (tracking) cookies [more...]

24.10.2019 - Environmental protection by aixzellent [more...]

02.10.2019 - End-to-end encryption (I): Increasing cooperations between IT companies and states – Is this the end of secure messaging in Germany? [more...]

11.06.2019 - Tracking Cookies - Currently still illegal! [more...]

15.04.2019 - Copyright law – What you should know [more...]

27.02.2019 - Two Factor Authentication [more...]

31.01.2019 - Static vs. dynamic website - which one is the right for your company? [more...]

30.10.2018 - Informational self-determination – the concept of decentralisation as an alternative to powerful data gathering companies [more...]

01.10.2018 - Nextcloud: Control is the key to security [more...]

24.08.2018 - GDPR for Consumers: Power to the People [more...]