.

 

What is a cookie banner?

A cookie banner is an upstream element of a website with which visitors can make personal settings as to which services they would like to allow on this website and which not.

Above all, however, the cookie banner must absolutely ensure, due to the requirements of DSGVO and TTDSG, that data processing operations only take place if the visitors to the website have actively consented. Cookie banners therefore take technical measures to ensure that all scripts on the website that collect personal data are blocked.

As a website operator, you must provide a cookie banner to comply with the DSGVO (General Data Protection Regulation), as cookies and other data are counted as personal data.

In addition, the TTDSG (Telecommunications Telemedia Data Protection Act) will apply in Germany from 01.12.2021. This is another reason why you absolutely need a cookie banner on your website - otherwise it can quickly become very expensive.

On this information page we list everything you as a website operator should know about cookie banners.

Cookie banner animated

 

Whether you need a cookie banner for your website or not depends entirely on whether there are tools on your website that store cookies or other elements in the browser of your visitors.

In general, a distinction is made between technically necessary cookies (for which you do not need a banner) and other cookies. These can be, for example, cookies from Google Analytics, the Google Tag Manager or Youtube videos.

Special care is required if you transfer data to companies outside the EU. Here, the GDPR does not apply and special requirements for user consent apply.

If you can't answer directly off the top of your head whether you are setting appropriate cookies or data, you can check that directly here.

The scanner checks your page and displays the result of whether you need a cookie banner or not.

Do I need a cookie banner for my website?

 

What are the requirements for Cookie Banner?

The DSGVO / General Data Protection Regulation and the new TTDSG require the prior, informed consent of the users of your website. In addition, the DSGVO requires - and this is important! - that you must document any consent in the cookie banner

In order to implement the site in a DSGVO-compliant and TTDSG-compliant manner, the Cookie Banner must be part of a cookie consent management solution for your website, so that the following 4 points are covered!

  1. To make an informed decision, you need to provide visitors with detailed, specific and accurate information about all scripts and cookies used on the website in the Cookie Banner.
  2. Visitors must be able to consent or withhold consent to each script and cookie , and you must be able to easily revoke that consent at any time!
  3. Cookies may only be set after consent (Consent) and this consent must be documented.
  4. Regular renewal of the consent of your visitors, preferably every 6 to max. 12 months is necessary. Check the respective regulations in your country.

Here you can see how to integrate a CCM19 Cookie Banner into a website in 5 minutes. You don't believe? Then go ahead!

 

The cookie banner, the first banner that opens when you enter a website for the first time, must contain text, buttons and links

First of all, there should be a short text explaining what the banner is for, what happens when the various buttons are clicked, what happens when you click "Accept" and, above all, how to refuse cookies!

Under this text there are usually 3 different buttons:

  1. Accept - this is where you accept all cookies and scripts.
  2. Reject - if you click here, only technically necessary cookies will be set.
  3. More information or settings - this opens another window where additional detailed information about all cookies and scripts can be found.

Below the buttons there should be links to privacy information and the imprint of the site. Both pages must be accessible without blocking the content and without setting cookies!

Cookie Banner

 

 

CCM19 Consent Widget

After clicking on"Information" the following window should open.

Here, the available categories are listed, which are currently assessed by leading lawyers as legally usable and thus also appear in various guidelines or judgments

  1. Technically necessary
  2. Advertisements / Ads
  3. Analysis / Statistics
  4. Personalization
  5. Social Media
  6. Other

You can define a hint text for each category here and visitors can check/uncheck each category. Of course, the category "Technically necessary" must remain, otherwise the website would no longer function correctly. So cookies from this category may always be set.

This banner should contain both the "Save" and "Cancel" buttons. Additionally, buttons like "accept / reject all" can be included.

Next to the categories there is a button/link with a question mark, which, when clicked, opens another window with detailed information about the individual scripts and cookies.

 

In the detail view all data about all scripts are listed in detail. Among other things:

Data per integration / script

  1. From whom does the script originate?
  2. Description of what it does
  3. Link to the respective privacy policy of the producer
  4. What data is collected in detail?
  5. For what purpose is the data collected?
  6. What cookies, local storage elements or other data are stored in the visitor's browser, how long are they stored and how are they stored?
  7. Legal basis
  8. Place of data processing

You can explicitly check and uncheck each inclusion here. To (de)activate cookies individually is technically not possible in most cases, so we have switched to listing and displaying them in a package with the respective script / tool.

With the close/save button, the data is transferred and stored in the browser of the browser. This so-called Consent is also stored anonymously in the Consent Management System.

It is of course possible to store the IP with, however, should be refrained from, because it is here again a personal data element, which could again require consent.

Cookie banner detail information

 

Technically, a cookie banner works in two different ways. However, the result is the same in both variants: Scripts are executed in a controlled manner by the visitor, which place cookies or other elements in the visitor's browser....

This method is used most often, because it requires almost no changes to the source code of the page. The only thing that needs to be done is to integrate the script tag with the cookie banner into the page.

The banner then blocks the execution of the scripts to be blocked (e.g. Google Analytics) in the page with the help of certain technical measures.

In this variant, the cookie banner functions as a tag manager. The desired scripts (e.g. Google Analytics) are entered in the Cookie Consent Manager. The Consent Manager then plays out the banner for your page

If now a Consent is reached, i.e. the visitor accepts the setting of the cookies, the script is only executed.

Attention, to be really sure and to comply with the approach of data economy required by the TTDSG and DSGVO, variant 2 is actually the recommended variant.

How does a Cookie Banner work?

 

compliant cookie banner

To create a cookie banner that is DSGVO compliant and TTDSG compliant, YOU need a specialized provider.

Most simple cookie banner scripts you find unfortunately don't include essential points like detailed information, documentation of consent or detailed listing of providers at all!

If you use a non-compliant banner here that does not meet the above requirements, it can get very expensive very quickly in the event of warning letters.

To create a DSGVO compliant / TTDSG compliant cookie banner, simply sign up for free here and go through the automatic scan in onboarding. This process usually takes 2-3 minutes.

After that, everything is set up and you can integrate the Cookie Banner script into your site

Check your own website for free now

 

On 20.05.2021, the German Bundestag passed the new TTDSG, which newly regulates the use and consent of cookies and any other information in the visitor's browser. Particular attention should be paid to the fines that come into play here.

The relevant passage in the TTDSG from the new Section 25 reads:

'The storage of information in the end-user's terminal equipment or access to information already stored in the terminal equipment is only permitted if the end-user has consented on the basis of clear and comprehensive information. The information to the end user and the consent must be provided in accordance with Regulation (EU) 2016/679.

In addition to cookies, this of course also concerns

  • Local Storage,
  • Session storage
  • as well as database data

In other words, all data that is stored in the browser.

High fines threaten in the new TTDSG

If website operators do not take this into account, they will face high fines - up to 300,000 EUR can be imposed as fines. Presumably, this amount will only be imposed in individual cases, which is then at the discretion of the fine authority

§ 26 Rules on fines

(1) It is an administrative offence to wilfully or negligently ... stores or accesses information in contravention of section 25, paragraph 1, sentence 1.

(2) The administrative offence can be punished in the cases of paragraph 1 number 2, 3, 9, 11, 12 and 13 with a fine up to three hundred thousand euros, .....

Cookie Banner and TTDSG

 

 

Is your website also affected? Test it now free of charge!

You can test whether it affects you directly here with our Cookie Scanner. If cookies or other elements appear in the result that are not exclusively listed under the category "technically necessary", you need a Cookie Banner from CCM19

From when does the TTDSG apply?

The law comes into force on 01.12.2021 - so there are still a few months left until then to get the problem under control.

 

For you as an operator, a cookie banner brings one thing above all: security.

Since without sufficient consent and the management of consent no more analysis scripts or other useful tools can be used, you need a cookie banner, for example, to continue to evaluate your marketing measures in the usual framework.

Only with the help of a consent management software or a cookie banner you can reliably prove that there is a consent for the execution of the scripts.

The DSGVO and the new TTDSG are sufficiently strict and punishable with fines, so that the use of a banner is usually mandatory if you want to continue to operate your online business!

And yes - the use of e.g. Matomo on your craftsman page is definitely part of it.

What does a cookie banner do for me?

 

Cookie Banner Generator

A cookie banner generator automatically creates a cookie banner suitable for your website or online shop.

Usually you go through a multi-step process in which:

  1. Your website is scanned
  2. Cookies and other data are detected and categorized
  3. Data protection and imprint are read out
  4. Cookie banner designs pre-populated
  5. And an HTML snippet to be integrated is generated.

You then only have to integrate this snippet into your page, which can then look like this, for example:

Code snippet

CCM19, for example, is such a cookie banner generator - and even a so-called cookie content management system.

Start now for free and try it out

 

Cookie banners can of course be designed and laid out in any way, and always in accordance with the CI of the respective page. Initially, however, the main question is where to place the banner on the page.

Standard positions:

  1. Centered, blocking
  2. Top, blocking
  3. Bottom, blocking and non-blocking
  4. Bottom left, blocking and non-blocking
  5. Bottom right, blocking and non-blocking

Blocking means that visitors cannot use the site until they have interacted with the cookie banner. So you have to agree or disagree with the cookies.

Try for free now.

Cookie Banner Design / Cookie Banner Layout

 

A Cookie Consent Manager is a software that not only creates a cookie banner, but also manages, controls and stores the content in that banner and the consents that visitors give through the website.

The platform also regularly scans your site for new cookies and scripts and alerts you to them.

With the help of a Cookie Consent Manager, you can meet the requirements of the GDPR and the TTDSG and can correctly implement the legally compliant collection, storage and management of consents from consumers for the processing of personal data, contacting for advertising purposes or similar.

 

What is a Cookie Consent Manager?

 

What does Consent / Consent Management mean?

Consent management simply means consent management, in this context the management of consents via the cookie banner of your own website.

In order to use cookies in a legally secure manner for visitors or customers in the sense of the DSGVO / Basic Data Protection Regulation, you need a cookie banner that manages the consents in a legally secure manner, records them and makes them available again on request.

Visitors must also be able to independently change this consent again via the website, for which you also need a suitable tool such as CCM19.

Start now for free and try it out

.

 

Which cookies are allowed?

In principle, all cookies are allowed, but you must obtain consent via a cookie banner before setting the cookies in the browser.

Only technically necessary cookies, such as for the shopping cart, language settings or login status, may be set without consent.

Generally, cookies or their scripts are assigned to these categories:

  1. Technically necessary
  2. Display / Ads
  3. Analysis / Statistics
  4. Personalization
  5. Social Media
  6. Other

For all cookies except those assigned to the "Technically Necessary" category, you need visitor consent before they can be set.

Which cookies are allowed?

 

What are technically necessary cookies?

Technically necessary cookies are, as their name suggests, cookies that are necessary for the correct operation of a website or online shop.

These can be, for example, cookies that contain the state of the shopping cart or the selected language or a login state.

Technically necessary cookies may be set at any time without the consent of the visitor, sometimes even without documentation.

Whereby we always recommend to document also technically necessary cookies sufficiently in your cookie banner.

 

What are technically necessary cookies?

 

What is stored in a cookie?

Almost any data can be stored in cookies, but in principle the storage space per cookie is limited to 4kB.

What data is actually stored depends entirely on the provider of a cookie. Some only store a simple ID - for example a UserID like 14839457, others store detailed GEO information in the cookie to check the location of visitors to the website.

To find out what the cookies store, you can go into the developer console in the browser and look at the contents of the cookies, however this is very technical.

Additionally, the information in the cookies is often encrypted as well, so the data is not easily decipherable.

For this reason, cookie banners are important because almost any personal information can be stored and transported in the cookies and with the help of the scripts that set these cookies.

 

A cookie banner does not necessarily have to contain a link to the privacy policy, however, the conditions under which this would not be necessary are difficult to establish.

In this respect, it makes sense that your cookie banner contains the link to the privacy policy.

Above all, it is important that

  1. the privacy policy is accessible without the cookie banner
  2. the cookie banner does not obscure it
  3. no cookies are set on the privacy policy page for which consent would be necessary.

With cookie banners, make sure that the link is included, because according to the GDPR, you must be able to explain the data protection provisions before cookies from third-party providers are set.

Privacy policy

 

Does my cookie banner have to contain a link to my imprint?

A link to the imprint should also be included in the cookie banner.

It is especially important that

  1. the imprint is accessible without the cookie banner,
  2. the cookie banner does not cover the imprint
  3. and that no cookies are set on the imprint page for which a consent would be necessary.


Make sure that the link is included in cookie banners, because according to the DSGVO / Data Protection Ordinance you must be able to present the imprint legibly before cookies are set by third-party providers and also before visitors enter your actual site.

Start now for free and try it out

.

Theoretically and practically, you can use the Google Tag Manager together with a cookie banner from CCM19.

A detailed tutorial is available, the implementation is relatively complex - if you work with the Google Tag Manager you know that.

Despite all this, there is a very significant problem. The integration of the Google Tag Manager itself is subject to consent according to DSGVO, TTDSG and other judgments. I.e. only after consent the script may be loaded.

To get around the problem, you can use CCM19 itself as a tag manager, in many constellations this is a sensible default setting!

If you do not want to do this, keep this problem in mind, it will almost certainly lead to a legal problem with your website at some point.

 

Google Tag Manager

 

 

Options

Cookie banners should generally offer a choice of all scripts used that process personal data and are not technically necessary.

The choices are usually tiered by category, these are usually:

  1. Technically Necessary
  2. Advertisements / Ads
  3. Analysis / Statistics
  4. Personalization
  5. Social Media
  6. Other

In addition, it is necessary that in each category each individual tool that you include or use is sorted into the respective categories and can be (de)activated.

These settings are confirmed normally with the help of buttons and checkboxes in forms.

 

Visitors to your website should be able to revoke their cookie decision just as quickly and easily as you did - this is a result of the GDPR.

With CCM19 we give you 2 possibilities.

  1. Via a link to be inserted - which you enter manually in your page, e.g. in the footer of the page. A click on this link opens the settings mask where the visitor can revoke the decision completely or in parts.
  2. Via an automatically displayed icon in the page - which you can also see here in the lower left corner. A click on it also opens the consent mask with the corresponding setting options.
    Try it out!

The revocation is of course also documented and can be compared in case of request.

Check your own website free of charge now

Cookie decision revoked

 

 

An important issue for many businesses is increasing the opt-in rates to cookie banners. Basically, more than 90% of the visitors would rather not agree, which is a problem for many companies when they want to play personalized advertising.

Therefore, the topic of cookie banner optimization has been developing for some time, where it takes real specialists to implement the topic.

When optimizing banners to increase the consent rate, you must always keep in mind that the line between an effective and a legally prohibited permission request is often very narrow and is also constantly shifting due to recent rulings.

A few basic rules usually already help to achieve better opt-in rates.

  1. Introduce a friendly wording
  2. Show already trust signals on the banner
  3. Optimize the color of the buttons - but make sure that you do not use so-called "dark patterns" - these are in a very dark gray legal gray area.

Cookie Consent Manager CCM19

 

How many users reject or accept cookies?

Fair

What percentage of your visitors fully accept your cookie banners or only the technical minimum depends on very many factors, such as:

  • Design
  • Colors
  • Trust
  • Positioning
  • Blocking
  • and much more.

Basically it can be said that only about 1/3 of the visitors accept all cookies without further optimization measures.

Another third accepts the technically necessary ones, the rest rejects everything but accepts the technically necessary cookies.

 

Of course, cookie banners are not mandatory. As long as you do not use cookies or other storage technologies or only technically necessary, you do not need a cookie banner

But it is different as soon as you use tools or scripts that transfer data abroad, set cookies, local storage elements or other data in the browser of your visitors.

As soon as you use this, cookie banners are indispensable for you because you cannot set this data without the consent of your visitors - each of them individually.

Cookie banner mandatory

 

Tearful headline, but what is meant is that operators of non-compliant banners are written to by the association and receive a letter of complaint

Operators who do not correct the banners will be reported to the relevant data protection authorities, which can then result in heavy fines

The points that are most noted are the following:

  1. No reject button on the first level (81%)
  2. Pre-checked options (15%)
  3. Link instead of a button to decline (51%)
  4. Poor contrast for reject button (73%)
  5. High contrast for agree buttons (73%)
  6. Cookies all under "legitimate interest" (27%)
  7. Cookies incorrectly sorted under "Technically Necessary" (21%)
  8. Not as easy to revoke as to agree (90%)

It's amazing that there are actually still operators who use the prechecked options.

These are all points that we agree with, the only point where we disagree is the highlighting of the agree button. Provided that the reject button is displayed in the same way, the operator is allowed to highlight the agree button

All points are also easily implemented with CCM19.

 

Error

 

noyb and CSL of WU Vienna publish the specification and a prototype.

In the meantime, Noyb has also made a proposal on how to make a large number of banner queries obsolete. With the help of a technical specification and a browser extension they want to show that cookie banners are not needed.

The problem is unfortunately divided, it will be difficult to understand these settings not as a super tracking cookie and it remains the duty of the operators cookies and scripts only after consent to set.

I.e. even in the event that this eventually prevails, the banners will be invisible at most more often, but still be present. Simply because they take care of the playout of cookies and scripts and comply with the mandatory documentation obligation and there may be visitors who do not send the signal.

Inspiration

 

Cookie Consent Manager CCM19

In order to make your website DSGVO compliant, we think you need a cookie banner in any case.

The DSGVO / Basic Data Protection Regulation and, more recently, the current TTDSG clearly stipulate that cookies may only be set with the consent of the visitor.

DSGVO compliant - this is how a cookie banner must be structured:

A DSGVO compliant cookie banner allows visitors to your website to decide which cookies and scripts may be set, CCM19 is such a cookie banner and offers you the technical security that this function is also guaranteed.

In addition to the existential cookies, which serve to display the website properly, there are also functional and analytical cookies, which are intended to help the website operator to better tailor its offer to the user and generate more customers or interested parties. The operator of the site is naturally responsible for the DSGVO-compliant design of the cookie consent banner.