Cookie Rules: Web Analytics and User Behavior

The function and importance of cookies for websites should be well known to most people: While they are primarily intended to make surfing the web easier for users, for example by saving login data, cookies help website owners to recognize users and analyse their behaviour on the web with the help of appropriate tools.

This provides important insights into the performance of the site and its content and ultimately helps to implement optimization measures. However, website operators must now obtain the explicit consent of users, especially when creating user profiles for online marketing purposes or optimizing their own search engine marketing.

Cookies and data protection for website operators in 2020

The issue of the use of cookies has been gaining momentum since the end of last year due to the rulings of the European Court of Justice (ECJ) and most recently the German Federal Court of Justice (BGH). In the EU, the so-called Cookie Directive regulates how and when private user data may be stored.

The ECJ ruling in October 2019 once again confirmed that only those cookies that are necessary for the technical operation of the website are permitted. For all other cookies, however, the user's active consent is required. This can be done, for example, by ticking a box that allows the website operator to use user behavior for its own analysis purposes.

This requirement has not yet been enshrined in German law - until now, the General Data Protection Regulation (GDPR) only required website operators to state the extent to which cookies are used in their privacy policy. However, companies who wanted to be on the safe side could also inform their users about the relevant cookie information via a website banner - using pre-filled checkboxes and cookies that were already activated when they entered the site.

Web tracking via Google Analytics or Facebook Pixel

But what does this mean for the role of third-party cookies - for example Google or Facebook? Data storage solely for the purpose of advertising and market research falls under the legally prescribed consent requirement. The same applies to the creation of user profiles, the analysis of user behavior or conversion measurement.

Although analysis tools such as Matomo and Google Analytics can be used without cookies, as the data is stored on a separate server or processed strictly separately from other services, this is a legal gray area. The legal situation leaves some questions unanswered here, so that the opt-in variant with cookies definitely seems more sustainable.

In contrast, the case of general web tracking is far less specific. By measuring visitor flows on their own website, operators often draw important conclusions about its functionality, which can be tantamount to a technical necessity. An opt-out function therefore remains permissible here too, even if further legal adjustments are to be expected in the future.

Remarketing & web tracking: What do customers need to consider now?

Numerous companies and websites in Germany and the EU do not yet comply with the legal requirements of the new cookie policy. In order to avoid the risk of fines, it is therefore recommended that the new guidelines are implemented promptly. If the decision is made to only use technically necessary cookies in the future or to continue to do so, companies are not affected by the consent requirement on their website.

In future, all others will have to obtain the user's consent - by clicking (i.e. explicitly) - in the form of a cookie opt-in banner. Until this happens, only necessary cookies may be set! It should also be noted that consent fields may not be pre-filled and that the user is informed in detail about the type of data processing and the storage period. In order to ensure maximum transparency, it is also necessary to explicitly name the third-party services used (e.g. GA, E-Tracker, Matomo, Facebook Pixel) in the wording.

Meanwhile, there is no requirement for the placement of banners, although an opt-in field in the middle of the screen may be more likely to result in consent than one at the bottom of the screen. An admittedly more radical step in the form of a "cookie wall" is also conceivable: This only grants users access to the content of the page if they also give their permission to use the data. What all solutions have in common is that any consent given by a user can also be revoked on the website - for example in the privacy policy.

Web development from the perspective of the Internet agency .FUF

What will change for an internet agency like Frank und Freunde? For numerous web projects, .FUF is not only responsible for the creative implementation but also the technical development. In addition to setting up the corresponding content management system (e.g. Drupal or TYPO3), .FUF also has to integrate external services via an interface in accordance with the customer's requirements.

As a rule, the integration of tracking tools such as Matomo, Google Analytics, etracker or Facebook Pixel are common tasks for new and existing projects. The extent to which these are used ultimately determines the extent to which the cookie notices need to be adapted. The new legal situation therefore also requires new solutions for future-proof remarketing - via Facebook, Google and the like - as well as consent-independent web analytics.

As a Stuttgart-based Internet agency, .FUF advises its clients and tries to find the best possible individual solution for the various websites. In addition to the technically clean use of cookies, the focus is on the correct placement of banners and the correct formulation of their use. The ultimate aim is to avoid negative effects for website operators while at the same time complying with legal requirements.

In the context of the new jurisdiction, Frank und Freunde has already implemented the cookie banner of our long-standing client - the Baden-Württemberg Chamber of Architects - in accordance with the requirements.