The ruling of the Federal Court of Justice has now also been published following its announcement at the end of May. Many cookie notices have been adapted in the meantime, but very few of them are legally compliant. First legal warnings have been issued and further warnings should not be long in coming.
This checklist should help you to ensure legal conformity following the BGH ruling*:
Is the current etracker data protection notice available on your website?
We have recently updated the sample text. You can find the latest template text and objection link in your account under Settings → Privacy → Data protection notice and right to object.
Please make sure that “yourdomain.com” has been replaced by your main domain.
Is the current etracker code integrated on your website?
You can find the current code under Settings → Setup/Tracking code. This includes the parameter for cookie-less tracking (data-block-cookies=”true”) as well as for the respect of do-not-track settings in browsers (data-respect-dnt=”true”).
With cookieless tracking you can record visit data in a legally compliant manner despite the rejection of statistical cookies.
This was confirmed to us by ePrivacy Consult in the latest GDPR audit:
“[…] On the basis of our detailed examination, we consider it justifiable to legitimize the data processing at etracker Analytics and etracker Optimiseralso with regard to the DSK paper from March 2019 and the ECJ ruling of 01.10.2019 by the legal basis of Art. 6 Para.1 lit.f) GDPR (legitimate interests). In cookie-less mode (standard mode), the use of etracker Analytics is legal without any obligation to give consent.”
Can you spare yourself and your users cookie consent banners on your website?
With cookieless tracking, you don’t need a cookie notice unless other non-essential cookies are used “to create user profiles for advertising or market research purposes“. Also pay attention to possible cookies by integrating Google Maps, YouTube videos and alike and use the integration via 2-click solutions or corresponding plugins if necessary.
Is your cookie consent legally compliant?
If non-essential cookies or similar technologies are used, the following requirements for effective consent must be met in particular:
- Information on the duration of the cookie’s function and whether third parties can access the cookies (such as Google or Facebook) must be provided.
- The possibility of refusal must not be unnecessarily complicated or hidden. If dialogues are designed in such a way that users are directed to consent, this constitutes an unreasonable disadvantage for consumers, i.e. if the dialogue “appears to be designed to prevent the consumer from becoming aware of it and to induce him or her to transfer the right of choice to the defendant”.
- The expression of will must take the form of a clear affirmative action for the specific case, in an informed manner. General references to the use and purpose of cookies are not sufficient.
- Checkboxes must not be preset.
Please also note the requirements for valid consent of the European Data Protection Board (edpb), which are set out in the guidelines also published in May and which in some areas go beyond the principles of the Federal Court of Justice’s ruling.
If you use a cookie consent, do you activate etracker cookies correctly?
Make sure that the etracker script is always executed – regardless of any consent banner and regardless of any consent of the visitor. You can find instructions for integration into content solutions here.
*This checklist is for general information, not for advice on individual legal issues. The requirements for a legally compliant design of websites and services are subject to constant change. Although we make every effort to keep this checklist up-to-date, it is possible that statements may be incorrect, incomplete or out of date.