Why the annoying cookie notices?

Permanent Cookies-Notices are annoying, but why are they legally necessary?

A ruling by the Federal Court of Justice (BGH) of 28.05.2020 (Case No. I ZR 7/16)[1] has led to uncertainty among website operators with regard to the use of Cookies was conducted. One of the issues at stake in this concluded trial was the following: Can the defendant provider of online competitions obtain an effective declaration of consent from its users to the use of cookies by activating a checkbox in the registration form in advance? Cookies for advertising?

The BGH denied this in the specific case and ruled "that the provider Cookies to create user profiles for advertising or market research purposes only with the user's consent. The user's consent, which must be declared electronically, which allows the retrieval of information stored on their end device with the help of Cookies by means of a preset checkbox does not satisfy this consent requirement."

Website visitors must Cookies-Consent to use

It is significant that the BGH referred a number of fundamental questions to the Court of Justice of the European Union (CJEU) for assessment in the course of the proceedings and then referred to the relevant opinion of the CJEU in its grounds for the judgment.

Even if the judgment itself only applies to advertising purposes Cookies The interpretation shared by most commentaries emerges from the cited reasons for the judgment: Before using any services that are not necessary for the provision of the desired services, the Cookies effective consent must be obtained from the user by actively checking a corresponding checkbox, for example.

Matomo can also be used without Cookies use

An important consequence of this interpretation is that, beyond all advertising-related personalization, this also applies to the use of Cookies active user consent is required for web analysis with tools such as Google Analytics or Matomo.
A simple reference to the use of cookies to click "I agree" without any alternative is no longer sufficient. If you use Matomo, you can consider simply deactivating the analysis at this point. Cookies to run. Matomo is relatively easy to configure in this respect. Measured values based on the recognition of returning visitors tend to lose reliability, but are still available. Instead of the Cookies anonymous "fingerprints" of users are used to recognize them based on certain system properties.

For the sake of completeness, it should be mentioned that some sources assume that, from a legal point of view, this "fingerprinting" requires consent in the same way as the use of analytics.-Cookies3] A judicial assessment of this question is still pending.

In contrast to this, some argue[4] that the exclusive use of technically necessary Cookies and cookie-free Matomo analysis, any cookie consent can be completely dispensed with.

Effectively obtain permission if it cannot be dispensed with:

A veritable market has quickly formed around the issue of cookie consent, in which various providers offer the legally compliant processing of user information and consent, whereby the costs incurred vary greatly[5].
There is also a wide range of ready-made plugin solutions for popular platforms such as WordPress or Contao[6].

The visible result basically corresponds to the following scheme for all offers:

Method A: Pop-up with direct selection of settings

• Note text,
• visible checkboxes for the types of the used Cookies - For example, "Necessary" (or "Required", "Essential"), "Advertising purposes", "Statistics", whereby the "Necessary" are preselected,
• Accept selection" button,
• Accept all" button (usually highlighted),
• Links such as "Data protection", "Imprint", "Further information" etc.

Method B: Pop-up with detailed settings in the 2nd step

• Note text,
• Accept all" button,
• Button "Only necessary Cookies accept" (or analogously)
• Customize settings" button, which links to more or less complicated settings pages,
• Links such as "Data protection", "Imprint", "Further information" etc.

Method C: Pop-up with well-hidden detailed settings

• Note text,
• Accept all" button,
• Customize settings" button, which links to more or less complicated settings pages,
• Links such as "Data protection", "Imprint", "Further information" etc.

This is an overview of the solutions that have spread across the web. Whether each of them or one or the other is particularly suitable, whether by clicking on "Accept all" or other use, for obtaining effective consent in the light of the underlying BGH ruling would ultimately only be determined in specific legal proceedings, which are still pending.

Sources

• [1] - https://www.heise.de/ct/artikel/Cookies-only-with-active-consent-permitted-4783626.html
• [2] - https://juris.bundesgerichtshof.de/cgi-bin/rechtsprechung/document.py?Gericht=bgh&Art=en&Datum=Aktuell&Sort=12288&nr=107623&pos=6&anz=672
• [3] - https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32002L0058&from=de
• [4] - https://usercentrics.com
• [5] - https://www.ccm19.de
• [6] - https://www.e-recht24.de/artikel/datenschutz/12119-bgh-urteil-cookies-consent.html
• [7] - https://cookieinformation.com
• [8] - https://www.cookiebot.com
• [9] - https://www.content-iq.com/tracking-mit-matomo-ohne-cookies/
• [10] - https://www.it-recht-kanzlei.de/matomo-richtig-verwenden-dsgvo.html

See also