In spring 2018, the somewhat abstract "monster" named GDPR (General Data Protection Regulation) kept entrepreneurs in the entire European Union busy - in an administrative and costy way. I am definitely FOR data protection, keeping one’s privacy (also when surfing the internet!) and the sensitisation for the topic as such. However, I have to say that I don’t know one entrepreneur who doesn’t roll his/her eyes when mentioning this topic.
But it gets even worse: This abstract "monster" named GDPR (please excuse my fond language here) is reaching out its tentacles.
WHAT IS IT ALL ABOUT?
On 1 October 2019, a delicate case of violation of data privacy by the German online gaming platform Planet49 led to a judgement of the Court of Justice of the European Union which has a huge impact on websites in the EU. You can read the press release here.
Since that judgement, placing cookies on a website visitor’s device is only legal AFTER explicit consent. Meaning: a simple banner informing about the usage of cookies that can be (but doesn’t have to be!) confirmed by clicking an OK button violates data privacy and is, hence, illegal.
The CJEU judgement distinguishes between "technically required" and "technically not required" cookies. "Technically required" cookies can be placed also without the website visitor’s explicit consent (without those cookies, the website would not be functional).
"Technically required" cookies make sure that a website runs smoothly (i.e. navigation, language selection, automatically displaying a website’s mobile version on a smartphone etc.). "Technically not required" cookies relate to Google Analytics (or other tracking tools), marketing related services (like Facebook Pixel, LinkedIn tokens, data for Google AdWords and Google Retargeting, Youtube, rating services, social media plugins …) etc. Interesting: On October 14, 2020, Google Analytics introduced a cookie-free service with GA4. The pressure on the internet giant was probably too big.