In spring 2018, the somewhat abstract "monster" named GDPR (General Data Protection Regulation) kept entrepreneurs in the entire European Union busy - in an administrative and costy way. I am definitely FOR data protection, keeping one’s privacy (also when surfing the internet!) and the sensitisation for the topic as such. However, I have to say that I don’t know one entrepreneur who doesn’t roll his/her eyes when mentioning this topic.
But it gets even worse: This abstract "monster" named GDPR (please excuse my fond language here) is reaching out its tentacles.
WHAT IS IT ALL ABOUT?
On 1 October 2019, a delicate case of violation of data privacy by the German online gaming platform Planet49 led to a judgement of the Court of Justice of the European Union which has a huge impact on websites in the EU. You can read the press release here.
Since that judgement, placing cookies on a website visitor’s device is only legal AFTER explicit consent. Meaning: a simple banner informing about the usage of cookies that can be (but doesn’t have to be!) confirmed by clicking an OK button violates data privacy and is, hence, illegal.
The CJEU judgement distinguishes between "technically required" and "technically not required" cookies. "Technically required" cookies can be placed also without the website visitor’s explicit consent (without those cookies, the website would not be functional).
"Technically required" cookies make sure that a website runs smoothly (i.e. navigation, language selection, automatically displaying a website’s mobile version on a smartphone etc.). "Technically not required" cookies relate to Google Analytics (or other tracking tools), marketing related services (like Facebook Pixel, LinkedIn tokens, data for Google AdWords and Google Retargeting, Youtube, rating services, social media plugins …) etc. Interesting: On October 14, 2020, Google Analytics introduced a cookie-free service with GA4. The pressure on the internet giant was probably too big.
WHAT DOES THIS MEAN?
Every website that is made for EU citizens must display a banner to actively ask every website visitor for explicit (thus, manual) consent for technically not required cookies when entering the website. A standard pre-set consent (= all check boxes automatically ticked) to all cookies is illegal since the CJEU judgement.
In addition to that, every website visitor must have the possibility to change his/her consent at any time.
WHAT IS THE BEST SOLUTION?
As you can maybe imagine, this situation causes quite a stir in the entire business as it leads to technical (and thus financial) challenges for every website owner/operator. After consultation with the Austrian trade association, in-depth information from Heinrich Partner lawyers in Germany and talks with other relevant entrepreneurs within the industry, I decided to use a specific cookie consent service. I thoroughly tested this service and ran several technical tests to make sure this is the ideal solution for my clients and me.
That cookie consent service acts like this: No cookies, which are technically not required, are placed on my website visitor’s device unless he/she manually ticks the specific check boxes and clicks the OK button (no matter if desktop, laptop, tablet or smartphone).
I have already implemented this legally compliant cookie consent solution for the majority of my website clients. New website clients are offered this too.
DO COOKIE CONSENT SERVICES AFFECT MY WEBSITE IN A NEGATIVE WAY?
No matter what cookie consent service you use > If implemented correctly, a website visitor is only tracked in Google Analytics (or another tracking tool) after the website visitor explicitly (!) says "yes" to the statistic cookies in the cookie bar. If a website visitor does not grant consent or simply leaves the cookie consent banner open without saying "yes" or "no", he/she is not tracked in Google Analytics at all. Uff, that’s hard news.
Some online marketing agencies even speak of the "death of Google Analytics" or the "death of online marketing". Well, I wouldn’t go that far for now. But time will tell.
MY CONCLUSION
As so often, the European Union affronts many people and many website owners feel forced to do something and invest money. Even though, there are not so many GDPR dissuasions yet, you should not neglect this topic. A dissuasion can cause severe financial damage to your business. This is why I highly recommend implementing a legally compliant cookie consent banner on your website.