Crispy, delicious, and a possible legal problem when creating a website: these are cookies. Almost everyone loves them as a snack, and almost every website uses them. At least since the GDPR, a lot has changed fundamentally for website operators. And this is where cookie banners come in.
With this article, we want to take a look inside the cookie jar together. We explain what cookies are all about, why you need a cookie banner, and how to set it up correctly.
What are cookies anyway?
Cookies are basically small data packages that are created when using web browsers and websites. This contains individual usage data. This usage data is primarily personal data, i.e. information about how people interact with websites. This includes e.g. B. Factors such as the browser used, the location of the person, the length of stay, the clicks and actions, and much more.
These cookies are generally recorded in order to optimize the overall user experience. Companies use personal data to optimize their website, make applications more user-friendly, or carry out targeted marketing. In this way, potential customers can be addressed more precisely and suitable solutions can be offered.
Kurum: It is not a matter of collecting data for the mere will of collecting. Instead, it is about improving one’s own product or website, or Internet application on the basis of recorded empirical values. The goal is usually user-friendliness.
That’s why you need a cookie banner
GDPR has had a huge impact on how cookies are collected. Because the protection of personal data was provided with clear specifications the processing of cookies became a legally more difficult issue.
Cookie banners provide the answer to the content of the GDPR: because the GDPR basically states that personal data may only be recorded at all with consent and with clear information about what is being recorded.
The result: There is now a pop-up window for cookie consent on almost every website.
But that wasn’t the only law that affected cookie banners. With the TTDSG, a new legal regulation came, which changed the cookie banner again. In this law, for the first time, there were more specific instructions as to what a cookie banner must contain.
Overall, this means for you as the website operator: Cookie banners are legally required as soon as you want to collect personal data. Since this data is essential for any company that works in a targeted manner, it has become almost standard to integrate a cookie banner on every website.
8 things to consider with your cookie banner
1. Consent to non-technically necessary cookies
As soon as you save cookies that are not technically necessary, you must obtain consent. Conversely, this means that if you only record technically necessary cookies, this is not necessary. However, this case only applies to very few websites. As a rule of thumb, it is therefore better to ask too much and unnecessarily for consent than to make a mistake in the end from a legal point of view.
2. Data processing may only start after the cookie banner
Actually quite logical: Your website may only start data processing once the cookie banner has been answered.
And logically, only the data to which consent has been given may be processed. So make sure that everything is technically set up correctly.
3. The cookie banner must allow access to the imprint and data protection declaration
A good cookie banner must allow users to provide at all times all information necessary to be able to make an informed decision about data processing.
This means: The Privacy Policy and the Imprint must be freely accessible at all times. If your cookie banner covers these points in the footer menu of your website, then you must enable access to the imprint and data protection declaration via the banner itself. After all, these two pages contain important information that is relevant for a decision on whether to accept or reject cookies.
In addition, you must provide sufficient in the banner and make it clear which cookies are specifically involved. This is the only way to speak of a well-founded decision.
4. Buttons must be equal
It had been established for a long time: the button for consent to cookies is colored and highlighted, and the one for the rejection is discreet and unobtrusive. This has ended since the TTDSG. Because here it is clearly stipulated: The buttons must all have equal rights. It is therefore no longer allowed to emphasize any variant in terms of design.
5. Users must actively give their consent
This was also common practice for a long time: the various consent boxes were simply all preselected, and Users only had to confirm. The TTDSG also puts a stop to this. Instead, the cookie banner must be designed in such a way that users give their consent individually. In this way, all decision-making power lies with the people whose data is at stake at all times.
6. The text may be unique
Honestly, most internet users are annoyed by the banners. Especially on smartphones, the pop-ups are often very annoying. An individual and entertaining cover letter can help here. Because it is by no means prescribed that each cookie banner may only consist of standard texts.
Instead, you can use the first lines to communicate certain characteristics of your company. Do you also rely on a relaxed and humorous tonality in other ways? Then you can also bring them here. After all, the cookie banner is the first thing new users see on your website. Make the cover letter as individual as possible.
7. Revocation must be possible at any time
Even if your users may have consented to data processing, this does not release you from further processing duties. Because it must be possible to revoke this consent at any time. Ideally, you should not hide the cookie banner completely, but leave it as a kind of bookmark on the edge. So it can be clicked again at any time and the preferences can be changed.
8. Timeliness is particularly important
Privacy is a hot topic and legislation is regularly being drafted and refined. It is therefore important that you always inform yourself about current developments and adapt your cookie banner accordingly. This is the only way to ensure that your website is always set up and usable in a legally correct manner.
Does your cookie banner meet all requirements?
If you have implemented all of the points mentioned, you should be in good shape. If you have any doubts about the subject, it always makes sense to call in an additional data protection expert. In this way, you can ensure that your website deals with the topic of cookie banners in a sensible and legally correct manner.