A cookie banner is an upstream element of a website that allows visitors to make personal settings about which services they want to allow on this website and which not.

Above all, however, due to the requirements of DSGVO and TTDSG, the cookie banner must absolutely ensure that data processing operations only take place if the visitors to the website have actively consented. Cookie banners therefore use technical measures to ensure that all scripts on the website that collect personal data are blocked.

As a website operator, you must provide a cookie b anner to comply with the DSGVO (General Data Protection Regulation), as cookies and other data are counted as personal data.

It is necessary to use a cookie banner to obtain user consent for the use of cookies in accordance with data protection laws, such as the DSGVO and the TTDSG.

These laws require website operators to inform users about what cookies are set, what data they collect and for what purposes they are used. Obtaining consent is necessary to ensure users' data protection and to protect their privacy.

CCM19 offers cookie banners that comply with legal requirements and can be easily implemented on your website.

On this information page we list everything you as a website owner should know about cookie banners.

The GDPR / General Data Protection Regulation and the new TTDSG require the prior, informed consent of your website users. In addition, the GDPR requires - and this is important! - that you must document any consent in the cookie banner.

To implement the site in a DSGVO-compliant and TTDSG-compliant manner, the Cookie Banner must be part of a cookie consent management solution for your website, so that the following 4 points are covered!

1. To make an informed decision, you must provide visitors with detailed, specific and accurate information about all scripts and cookies used on the website in the Cookie Banner.
2. Visitors must be able to consent or withhold consent to each script and cookie , and you must be able to easily revoke that consent at any time!
3. Cookies may only be set after consent (Consent) and this consent must be documented.
4. Regular renewal of your visitors' consent, preferably every 6 to max. 12 months is necessary. Check the respective regulations in your country.

The cookie banner, the first banner that opens when you enter a website for the first time, must contain text, buttons and links.

First of all, there should be a short text explaining what the banner is for, what happens when the various buttons are clicked, and what happens when you click "Accept" and, most importantly, how to reject cookies!

Under this text there are usually 3 different buttons:

1. Accept - this is where you accept all cookies and scripts.
2. Reject - if you click here, only technically necessary cookies will be set.
3. More information or settings - this opens another window where additional detailed information about all cookies and scripts can be found.

Below the buttons there should be links to privacy information and the site's imprint. Both pages must be callable without blocking the content and without setting cookies!

After clicking on"Information" the following window should open.

Here the available categories are listed, which are currently estimated by leading lawyers as legally usable and thus also appear in various guidelines or judgments.

Cookie Banner Categories

1. Technically necessary
2. Advertisements / Ads
3. Analysis / Statistics
4. Personalization
5. Social Media
6. Other

You can define a hint text for each category here and visitors can check/uncheck each category. Of course, the category "Technically necessary" must be kept, otherwise the website would not work correctly. So cookies from this category may always be set.

This banner should contain both the "Save" and "Cancel" buttons. Additionally, buttons like "accept / reject all" can be included.

Next to the categories there is a button/link with a question mark, which, when clicked, opens another window with detailed information about the individual scripts and cookies.

In the detail view all data about all scripts are listed in detail. Among other things:

Data per integration / script

1. Who did the script come from?
2. Description of what it does
3. Link to the respective privacy policy of the producer
4. What data is collected in detail?
5. For what purpose is the data collected?
6. What cookies, local storage elements or other data are stored in the visitor's browser, how long are they stored and how are they stored?
7. Legal basis
8. Place of data processing

You can explicitly check and uncheck each inclusion here. To (de)activate cookies individually is not technically possible in most cases, so we have switched to listing and displaying them in a package with the respective script / tool.

With the close/save button, the data is transferred and stored in the browser of the browser. This so-called Consent is also stored anonymously in the Consent Management System.

It is of course possible to save the IP as well, but this should be avoided, as this is again a personal data element, which could again require consent on its own.

To create a cookie banner that is DSGVO compliant and TTDSG compliant, YOU need a specialized provider.

Most simple cookie banner scripts you can find unfortunately do not include essential points like detailed information, documentation of consent or detailed listing of providers at all!

If you use a non-compliant banner here that does not meet the above requirements, it can get very expensive very quickly in case of warning letters.

To create a DSGVO compliant / TTDSG compliant cookie banner, simply sign up for free here and go through the automatic scan in Onboarding. This process usually takes 2-3 minutes.

After that, everything is set up and you can integrate the Cookie Banner script into your site.

Check your own website for free now

On 20.05.2021, the German Bundestag passed the new TTDSG, which newly regulates the use and consent of cookies and any other information in the visitor's browser. Particular attention should be paid here to the fines that come into play.

The relevant passage in the TTDSG from the new § 25 reads:

The storage of information in the end user's terminal equipment or access to information already stored in the terminal equipment is only permitted if the end user has consented on the basis of clear and comprehensive information. The information of the end user and the consent have to be provided in accordance with Regulation (EU) 2016/679.

High fines loom in the new TTDSG

If website operators do not take this into account, they will face high fines - up to 300,000 EUR can be imposed as fines. Presumably, this amount will only be imposed in individual cases, which is then at the discretion of the fine authority.

§ Section 26 Rules on fines

(1) It shall be an administrative offense for anyone who intentionally or negligently ... stores or accesses information in contravention of the first sentence of Section 25 (1).

(2) The administrative offense may be punished in the cases of paragraph 1 number 2, 3, 9, 11, 12 and 13 with a fine of up to three hundred thousand euros, .....

Is your website affected? Test it now free of charge!

You can test whether it affects you directly here with our Cookie Scanner. If cookies or other elements appear in the result that are not exclusively listed under the category "Technically necessary", you need a Cookie Banner from CCM19.

A cookie banner generator automatically creates a cookie banner suitable for your website or online store.

Usually you go through a multi-step process in which:

1. Your website is scanned
2. Cookies and other data recognized and categorized
3. Privacy and imprint read out
4. Cookie banner designs pre-populated
5. And an HTML snippet to be integrated is generated.

This snippet you must then only integrate into your page, which can then look like this:

CCM19 is e.g. such a cookie banner generator - and even a so-called cookie content management system.

Start now for free and try it out

Cookie banners can of course be designed and laid out in any way, and always in accordance with the CI of the respective page. Initially, however, the main question is where to place the banner on the page.

Standard positions:

1. Center, blocking
2. Top, blocking
3. Bottom, blocking and non-blocking
4. Bottom left, blocking and non-blocking
5. Bottom right, blocking and non-blocking

Blocking means that visitors cannot use the page before interacting with the cookie banner. So you have to agree or disagree with the cookies.

Try for free now.

Consent management simply means consent management, in this context the management of consents via the cookie banner of your own website.

In order to use cookies in a legally compliant manner for visitors or customers in accordance with the DSGVO / General Data Protection Regulation, you need a cookie banner that manages the consents in a legally compliant manner, records them and makes them available again on request.

Visitors must also be able to change this consent on their own via the website, for which you also need a suitable tool such as CCM19.

Start now for free and try it out

.

In principle, all cookies are allowed, but you must obtain consent via a cookie banner before setting the cookies in the browser.

Only technically necessary cookies, such as for the shopping cart, language settings or login status, may be set without consent.

Generally, cookies or their scripts are assigned to these categories:

1. Technically necessary
2. Display / Ads
3. Analysis / Statistics
4. Personalization
5. Social Media
6. Other

For all cookies except those assigned to the "Technically Necessary" category, you need visitors' consent before they can be set.

Almost any data can be stored in cookies, but basically the storage space per cookie is limited to 4kB.

What data is actually stored depends entirely on the provider of a cookie. Some store only a simple ID - so for example a UserID like 14839457, others store detailed GEO information in the cookie to check which location visitors of the website have.

To find out what the cookies store, you can go to the developer console in the browser and look at the contents of the cookies, but this is very technical.

Additionally, the information in the cookies is often encrypted as well, so the data is not easily decipherable.

For this reason, cookie banners are important because almost any personal information can be stored and transported in the cookies and with the help of the scripts that set these cookies.

A cookie banner does not necessarily have to contain a link to the privacy policy, however, the conditions under which this would not be necessary are difficult to establish.

In this respect, it makes sense that your cookie banner contains the link to the privacy policy.

Above all, it is important that

1. the privacy policy is accessible without the cookie banner
2. the cookie banner does not obscure it
3. no cookies are set on the privacy policy page for which consent would be required.

So make sure that the link is included in cookie banners, because you must be able to explain the privacy policy according to DSGVO before cookies are set by third-party providers.

A link to the imprint should also be included in the cookie banner.

It is especially important that

1. the imprint is accessible without the cookie banner,
2. the cookie banner does not cover the imprint
3. and that no cookies are set on the imprint page for which a consent would be necessary.

So make sure that the link is included in cookie banners, because you must be able to provide the imprint legibly according to DSGVO / Data Protection Regulation before cookies are set by third parties and also before visitors enter your actual site.

Start now for free and try it out

.

Cookie banners should generally provide a choice for all scripts used that process personal data and are not technically necessary.

The choices are usually tiered by category, these are usually:

1. Technically necessary
2. Advertisements / Ads
3. Analysis / Statistics
4. Personalization
5. Social Media
6. Other

In addition, it is necessary that in each category each individual tool that you include or use is sorted into the respective categories and can be (de)activated.

These settings are confirmed normally with the help of buttons and checkboxes in forms.

Visitors to your website should be able to revoke the cookie decision as quickly and as easily as you have given it - this results from the GDPR.

With CCM19 we give you 2 possibilities.

1. Via a link to be inserted - which you enter manually in your page e.g. in the footer of the page. A click on this link opens the settings mask where the visitor can revoke the decision completely or in parts.
2. Via an automatically displayed icon in the page - that you can also see here in the lower left corner. A click on it also opens the Consent mask with the corresponding setting options.
   Feel free to try it out!

Of course, the revocation is also documented and can be checked in case of an inquiry.

Check your own website free of charge now

What percentage of your visitors fully accept your cookie banners or only the technical minimum depends on very many factors, such as:

• Design
• Colors
• Trust
• Positioning
• Blocking
• and much more.

Basically it can be said that only about 1/3 of the visitors accept all cookies without further optimization measures.

Another third accepts the technically necessary ones, the rest rejects everything but accepts the technically necessary cookies.

Of course, cookie banners are not mandatory. As long as you do not use cookies or other storage technologies or only technically necessary, you do not need a cookie banner

However, it looks different as soon as you use tools or scripts that transfer data abroad, set cookies, local storage elements or other data in the browser of your visitors.

As soon as you use these, cookie banners are indispensable for you because you cannot set these data without the consent of your visitors - each of them individually.

noyb and CSL of WU Vienna publish the specification and a prototype.

In the meantime Noyb has also made a proposal how to make a lot of banner queries obsolete. With the help of a technical specification and a browser extension they want to show that cookie banners are not needed.

The problem is unfortunately twofold, it will be difficult to understand these settings not as a super tracking cookie and it remains the duty of the operators cookies and scripts only after consent to set.

I.e. even in the event that this will eventually prevail, the banners will at most more often invisible, but still be present. Simply because they take care of the playout of the cookies and scripts and comply with the mandatory documentation obligation and there may be visitors who do not send the signal.

In order to make your website compliant with the GDPR, we believe that you definitely need a cookie banner.

The DSGVO / Data Protection Regulation and recently also the current TTDSG clearly stipulate that cookies may only be set with the consent of the visitor.

DSGVO compliant - this is how a cookie banner must be structured:

A DSGVO compliant cookie banner allows visitors to your website to decide which cookies and scripts may be set, CCM19 is such a cookie banner and offers you the technical security that this function is also guaranteed.

In addition to the existential cookies, which are used to display the website properly, there are also functional and analytical cookies, which are intended to help the website operator to better tailor its offer to the user and generate more customers or interested parties. Of course, the website operator is responsible for the DSGVO-compliant design of the cookie consent banner.

To design a DSGVO compliant cookie banner, you should follow the steps below:

1. Provide transparent information: Inform users clearly and understandably about the cookies used, their purposes and the type of data collected. Make sure the information is easily accessible and understandable.
   
   
2. Obtain active consent: make sure your cookie banner obtains users' consent for the use of non-essential cookies before activating them. Use clear consent mechanisms, like buttons or checkboxes. Things like "consent by use" or pre-selected options are not allowed.
3. Provide choices: Give users the ability to customize their cookie settings and accept or reject different categories of cookies.
4. Allow revocation and changes: Allow users to revoke their consent or change their cookie settings at any time. Provide an easily accessible option on your website to do this.
5. Log consents: Keep records of user consents to meet legal requirements and provide evidence in the event of an audit.
6. Keep track of updates: Keep your cookie banner and privacy policy up to date to reflect changes in legal requirements or the cookies you use.

Yes, there are differences in the legal requirements for cookie banners in different countries or regions. Although the GDPR applies across the European Union, some countries have enacted additional national laws, such as the TTDSG in Germany. These laws may impose additional requirements on the design and implementation of cookie banners.

It is important to be aware of the applicable laws in the countries and regions where your website operates and ensure that your cookie banner complies with these requirements.

CCM19 provides support for legal compliance in different countries and regions and ensures that your cookie banner meets the respective requirements.

If you do not have a cookie banner on your website or it does not comply with the legal requirements, this can lead to significant fines and sanctions. Data protection authorities can impose fines based on the severity of the breach and your company's annual turnover. In some cases, these penalties can be as high as 4% of annual global turnover or €20 million, whichever is greater.

In addition, failure to comply with cookie banner requirements can lead to a loss of trust with your users and a negative image of your business.

With CCM19, you can ensure that your cookie banner complies with legal requirements and protects you from potential penalties. Our service offers easy implementation, ongoing updates and customization options to create a DSGVO and TTDSG compliant cookie banner for your website.

.