.

What is a cookie banner?

A cookie banner, also known as a cookie consent banner, is an element that is placed in front of a website. It allows visitors to make personal settings as to which services they want to allow on this website and which not.

Above all, however, due to the requirements of the GDPR and TDDDG, the cookie banner must ensure that data processing operations only take place once visitors to the website have actively consented. Cookie banners therefore take technical measures to ensure that all scripts on the website that collect personal data are blocked.

As a website operator, you must provide a cookie consent banner in order to comply with the General Data Protection Regulation (GDPR), as cookies and other data are counted as personal data.

It is necessary to use a consent banner to obtain user consent for the use of cookies in accordance with data protection laws such as the GDPR and the TDDDG.

These laws require website operators to inform users about which cookies are set, what data they collect and for what purposes they are used. Obtaining consent is necessary to ensure users' data protection and to protect their privacy.

CCM19 offers cookie consent banners that comply with legal requirements and can be easily implemented on your website.

On this information page we list everything you as a website operator should know about cookie banners.

Animated cookie banner

Inhaltsverzeichnis
  1. Do I need a cookie banner for my website?
  2. What requirements must cookie banners meet under the GDPR and TDDDG?
  3. Cookie banner integrated in 5 minutes!
  4. How is a cookie banner structured in accordance with data protection guidelines and what functions must it fulfill?
  5. Cookie Banner Categories
  6. Data per integration / script
  7. How does a cookie banner work?
  8. 1. Cookie banner blocking
  9. 2. Cookie banner as tag manager
  10. How to create a GDPR-compliant cookie banner
  11. Cookie banner and TDDDG
  12. The relevant passage in the TDDDG from the new Section 25 reads:
  13. The threat of high fines under the new TDDDG
  14. Is your website also affected? Test now free of charge!
  15. When does the TDDDG apply?
  16. What are the benefits of a cookie banner?
  17. Cookie Banner Generator
  18. Cookie Banner Design / Cookie Banner Layout
  19. Standard positions:
  20. What is a cookie consent manager?
  21. What does Consent / Consent Management mean?
  22. Which cookies are permitted?
  23. What are technically necessary cookies?
  24. What is stored in a cookie?
  25. Does my cookie banner have to contain a link to my privacy policy?
  26. Does my cookie banner have to include a link to my legal notice?
  27. Can I also use a cookie banner in conjunction with Google Tag Manager (GTM)?
  28. Which selection options / confirmation types should my cookie banner offer?
  29. How can my website visitor revoke their cookie decision?
  30. Optimize cookie banner opt-in rate
  31. How many users reject or accept cookies?
  32. Are cookie banners mandatory?
  33. noyb wants to put an end to cookie banners
  34. New browser signal aims to make cookie banners obsolete
  35. Are cookie banners GDPR-compliant?
  36. What legal requirements must be met by a cookie banner?
  37. How can I make my cookie banner GDPR-compliant?
  38. Are there differences in the legal requirements for cookie banners in different countries or regions?
  39. What types of cookies need to be listed in my cookie consent banner?
  40. What happens if I do not have a cookie banner on my website or it does not comply with the legal requirements?

 

Whether you need a cookie banner for your website or not depends entirely on whether there are tools on your website that store cookies or other elements in your visitors' browsers.

In general, a distinction is made between technically necessary cookies (for which you do not need a banner) and other cookies. These can be cookies from Google Analytics, the Google Tag Manager or YouTube videos, for example.

Special care is required if you transfer data to companies outside the EU. The GDPR does not apply here and special user consent requirements apply.

If you cannot answer off the top of your head whether you are setting the relevant cookies or data, you can check this directly here.

The scanner checks your site and displays the result as to whether you need a cookie banner or not.

Do I need a cookie banner for my website?

 

What are the requirements for cookie banners?

The GDPR / General Data Protection Regulation and the new TDDDG require the prior, informed consent of the users of your website. In addition, the GDPR requires - and this is important! - that you must document each consent in the cookie banner.

To make the site GDPR-compliant and TDDDG-compliant, the cookie banner must be part of a cookie consent management solution for your website so that the following 4 points are covered!

  1. In order to make an informed decision, you must provide the visitor with detailed, specific and accurate information about all scripts and cookies used on the website in the cookie banner.
  2. Visitors must be able to consent or refuse consent to each script and cookie and you must be able to easily withdraw this consent at any time!
  3. Cookies may only be set after consent has been given and this consent must be documented.
  4. It is necessary toregularly renew the consent of your visitors, ideally every 6 to max. 12 months. Check the relevant regulations in your country.

Here you can see how to integrate a CCM19 cookie banner into a website in 5 minutes. Don't believe it? Then go ahead!

 

The cookie banner, the first banner that opens when you enter a website for the first time, must contain informational text, buttons and links.

First of all, a short text should be displayed explaining what the banner is for, what happens when the various buttons are clicked, what happens when you click on "Accept" and, above all, how to reject cookies!

There are usually 3 different buttons below this text:

  1. Accept - this accepts all cookies and scripts.
  2. Reject - if you click here, only technically necessary cookies will be set.
  3. Further information or settings - this opens another window in which additional detailed information about all cookies and scripts can be found.

Below the buttons there should be links to data protection information and the site's legal notice. Both pages must be accessible without the content being blocked and without cookies being set!

Cookie Banner

 

 

CCM19 Consent Widget

After clicking on"Information", the following window should open.

The available categories are listed here, which are currently considered legally usable by leading lawyers and thus also appear in various guidelines or judgments.

  1. Technically necessary
  2. Advertisements / Ads
  3. Analysis / Statistics
  4. Personalization
  5. Social Media
  6. Miscellaneous

You can define a text for each category here and visitors can check/uncheck each category. Of course, the "Technically necessary" category must be retained, as otherwise the website would no longer function correctly. Cookies from this category may therefore always be set.

This banner should contain both the "Save" and "Cancel" buttons. In addition, buttons such as "accept/reject all" can be included.

Next to the categories there is a button/link with a question mark which, when clicked, opens another window with detailed information on the individual scripts and cookies.

 

In the detailed view, all data on all scripts is listed in detail. Among other things:

Data per integration / script

  1. Who created the script?
  2. Description of what it does
  3. Link to the respective privacy policy of the manufacturer
  4. What data is collected in detail?
  5. For what purpose is the data collected?
  6. Which cookies, local storage elements or other data are stored in the visitor's browser, how long are they stored and how are they stored?
  7. Legal basis
  8. Location of the data processing

You can explicitly check and uncheck each integration here. In most cases, it is not technically possible to (de)activate cookies individually, which is why we have switched to listing and displaying them in a package with the respective script/tool.

With the close/save button, the data is transferred and saved in the browser. This so-called Consent is also stored anonymously in the Consent Management System.

It is of course possible to save the IP as well, but this should be avoided, as this is again a personal data element, which could again require consent.

Cookie banner details

 

Technically, a cookie banner works in two different ways. However, the result is the same in both variants: Scripts are executed in a controlled manner by the visitor, which place cookies or other elements in the visitor's browser.

This method is used most frequently, as it requires virtually no changes to the source code of the page. Only the script tag with the integration of the cookie banner must be integrated into the page.

The banner then blocks the execution of the scripts to be blocked (e.g. Google Analytics) on the page with the help of certain technical measures.

In this variant, the cookie banner functions as a tag manager. The desired scripts (e.g. Google Analytics) are entered in the Cookie Consent Manager. The Consent Manager then plays the banner for your site.

If consent is now obtained, i.e. the visitor accepts the setting of cookies, the script is executed first.

Attention, to be really safe and to comply with the approach of data economy required by the TDDDG and DSGVO, variant 2 is actually the recommended variant.

How does a cookie banner work?

 

compliant cookie banner

To create a cookie banner that is GDPR-compliant and TDDDG-compliant, you need a specialized provider.

Unfortunately, most simple cookie banner scripts you find do not contain essential points such as detailed information, documentation of consent or a detailed list of providers at all!

If you use a non-compliant banner that does not meet the above requirements, it can quickly become very expensive in the event of warnings.

To create a GDPR-compliant / TDDDG-compliant cookie banner, simply register here free of charge and run through the automatic scan in onboarding. This process usually takes 2-3 minutes.

Afterwards, everything is set up and you can integrate the cookie banner script into your website.

Check your own website now free of charge

 

On 20.05.2021, the German Bundestag passed the new TDDDG, which regulates the use and consent of cookies and any other information in the visitor's browser. Particular attention should be paid to the fines that apply here.

The relevant passage in the TDDDG from the new Section 25 reads:

The storage of information in the end user's terminal equipment or access to information already stored in the terminal equipment is only permitted if the end user has consented on the basis of clear and comprehensive information. The end user must be informed and consent must be given in accordance with Regulation (EU) 2016/679.

In addition to cookies, this naturally also applies to

  • Local storage,
  • Session storage
  • and database data

In other words, all data that is stored in the browser.

The threat of high fines under the new TDDDG

If website operators do not take this into account, there is a risk of high fines - up to EUR 300,000 can be imposed as fines. Presumably, this amount will only be imposed in individual cases, which is then at the discretion of the fining authority.

§ Section 26 Fining regulations

(1) Any person who intentionally or negligently ... stores or accesses information contrary to Section 25 (1) sentence 1.

(2) In the cases of paragraph 1 numbers 2, 3, 9, 11, 12 and 13, the administrative offense may be punished with a fine of up to three hundred thousand euros, ....

Cookie banner and TDDDG

 

 

Is your website also affected? Test now free of charge!

You can test whether you are affected here with our cookie scanner. If cookies or other elements appear in the result that are not exclusively listed under the category "Technically necessary", you need a cookie banner from CCM19.

When does the TDDDG apply?

The law comes into force on 01.12.2021 - so there are still a few months until then to get the problem under control.

 

For you as the operator, a cookie banner brings one thing above all: security.

Since no analysis scripts or other useful tools can be used without sufficient consent and consent management, you need a cookie banner to be able to continue evaluating your marketing measures in the usual way, for example.

Only with the help of consent management software or a cookie banner can you reliably prove that consent has been given for the scripts to be executed.

The GDPR and the new TDDDG are sufficiently strict and punishable by fines, so that the use of a banner is generally mandatory if you want to continue running your online business!

And yes - the use of e.g. Matomo on your craftsman website is definitely part of this.

What does a cookie banner do for me?

 

Cookie Banner Generator

A cookie banner generator automatically creates a cookie banner suitable for your website or online store.

As a rule, you go through a multi-step process in which:

  1. Your website is scanned
  2. Cookies and other data are recognized and categorized
  3. Data protection and imprint read out
  4. Cookie banner designs are pre-assigned
  5. And an HTML snippet to be integrated is generated.

You then only have to integrate this snippet into your page, which can look like this, for example:

Code snippet

CCM19, for example, is such a cookie banner generator - and even a so-called cookie consent management system.

Start now for free and try it out

 

Cookie banners can of course be designed and laid out as desired, and always in line with the CI of the respective page. Initially, however, the main question is where to place the banner on the page.

Standard positions:

  1. Center, blocking
  2. Top, blocking
  3. Bottom, blocking and non-blocking
  4. Bottom left, blocking and non-blocking
  5. Bottom right, blocking and non-blocking

Blocking means that visitors cannot use the site until they have interacted with the cookie banner. They must therefore agree to the cookies or reject them.

Try it now for free.

Cookie Banner Design / Cookie Banner Layout

 

A cookie consent manager is software that not only creates a cookie banner, but also manages and controls the content in this banner and stores the consents that visitors give via the website.

The platform also regularly scans your site for new cookies and scripts and alerts you to them.

With the help of a cookie consent manager, you can meet the requirements of the GDPR and the TDDDG and can correctly implement the legally compliant collection, storage and management of consents from consumers for the processing of personal data, contacting for advertising purposes or similar.

 

What is a Cookie Consent Manager?

 

What does Consent / Consent Management mean?

Consent management simply means consent management, in this context the management of consents via the cookie banner of your own website.

In order to use cookies for visitors or customers in a legally compliant manner within the meaning of the GDPR / General Data Protection Regulation, you need a cookie banner that manages and records the consents in a legally compliant manner and makes them available again on request.

Visitors must also be able to change this consent independently via the website, for which you also need a suitable tool such as CCM19.

Start now for free and try it out

.

 

Which cookies are permitted?

In principle, all cookies are permitted, but you must obtain consent via a cookie banner before setting the cookies in the browser.

Only technically necessary cookies, e.g. for the shopping cart, language settings or login status, may be set without consent.

Cookies and their scripts are generally assigned to these categories:

  1. Technically necessary
  2. Advertisements / Ads
  3. Analysis / Statistics
  4. Personalization
  5. Social media
  6. Other cookies

For all cookies except those assigned to the "Technically necessary" category, you need the visitor's consent before they can be set.

Which cookies are allowed?

 

What are technically necessary cookies?

Technically necessary cookies are, as their name suggests, cookies that are necessary for the correct operation of a website or online store.

These can be cookies that contain the status of the shopping cart, the selected language or a login status, for example.

Technically necessary cookies may also be set at any time without the consent of the visitor, in some cases even without documentation.

However, we always recommend documenting technically necessary cookies sufficiently in your cookie banner.

 

What are technically necessary cookies?

 

What is stored in a cookie?

Almost any data can be stored in cookies, but the storage space per cookie is generally limited to 4kB.

The specific data stored depends entirely on the cookie provider. Some only store a simple ID - e.g. a UserID such as 14839457, others store detailed GEO information in the cookie to check the location of visitors to the website.

To find out what the cookies store, you can go to the developer console in the browser and look at the content of the cookies, but this is very technical.

In addition, the information in the cookies is often encrypted so that the data cannot be easily deciphered.

For this reason, cookie banners are important because almost any personal information can be stored and transported in the cookies and with the help of the scripts that set these cookies.

 

A cookie banner does not necessarily have to contain a link to the privacy policy, but the conditions under which this would not be necessary are difficult to establish.

In this respect, it makes sense for your cookie banner to contain the link to the privacy policy.

Above all, it is important that

  1. the privacy policy is accessible without a cookie banner
  2. the cookie banner does not obscure it
  3. no cookies are set on the privacy policy page for which consent would be required.

So make sure that the link is included in cookie banners, because according to the GDPR you must be able to explain the data protection regulations before cookies are set by third-party providers.

Privacy policy

 

Does my cookie banner have to contain a link to my legal notice?

A link to the legal notice should also be included in the cookie banner.

It is particularly important that

  1. the legal notice is accessible without the cookie banner,
  2. the cookie banner does not cover the legal notice
  3. and that no cookies are set on the imprint page for which consent would be necessary.


So make sure that the link is included with cookie banners, because according to the GDPR / General Data Protection Regulation, you must be able to provide the legal notice in a readable form before cookies are set by third-party providers and also before visitors enter your actual site.

Start now for free and try it out

.

Theoretically and practically, you can also use Google Tag Manager together with a cookie banner from CCM19.

Detailed instructions are available for this, although the implementation is relatively complex - if you work with the Google Tag Manager, you know this.

Nevertheless, there is a very significant problem here. According to the GDPR, TDDDG and other rulings, the integration of the Google Tag Manager itself requires consent. This means that the script may only be loaded after consent.

To avoid this problem, you can use CCM19 itself as a tag manager, which is a sensible default setting in many constellations!

If you do not want to do this, keep this problem in mind, it will almost certainly lead to a legal problem with your website at some point.

 

Google Tag Manager

 

 

Selection options

Cookie banners should generally offer a selection of all scripts used that process personal data and are not technically necessary.

The selection is usually graded according to categories, these are usually:

  1. Technically necessary
  2. Advertisements / Ads
  3. Analysis / Statistics
  4. Personalization
  5. Social Media
  6. Miscellaneous

In addition, it is necessary that in each category each individual tool that you integrate or use is sorted into the respective categories and can be (de)activated in each case.

These settings are confirmed as normal with the help of buttons and selection fields in forms.

 

Visitors to your website should be able to revoke the cookie decision just as quickly and just as easily as you have given it - this is a result of the GDPR.

With CCM19 we provide you with 2 options.

  1. Via a link to be inserted - which you enter manually into your page, e.g. in the footer of the page. A click on this link opens the settings mask where the visitor can revoke the decision in whole or in part.
  2. Via an icon automatically displayed on the page - which you can also see here at the bottom left. Clicking on it also opens the consent mask with the corresponding setting options.
    Just give it a try!

The revocation is of course also documented and can be checked in the event of a request.

Check your own website now free of charge

Revoke cookie decision

 

 

An important point for many companies is to increase the approval rates for cookie banners. Basically, more than 90% of visitors would rather not agree, which is a problem for many companies if they want to display personalized advertising.

For this reason, the topic of cookie banner optimization has been developing for some time, where real specialists are needed to implement the topic.

When optimizing banners to increase the consent rate, you must always bear in mind that the line between effective and legally prohibited consent is often very thin and is constantly shifting due to recent rulings.

A few basic rules usually help to improve opt-in rates.

  1. Introduce friendly wording
  2. Show trust signals on the banner
  3. Optimize the color scheme of the buttons - but make sure that you do not use so-called "dark patterns" - these are in a very dark grey legal grey area.

Cookie Consent Manager CCM19

 

How many users reject or accept cookies?

Fair

What percentage of your visitors fully accept your cookie banners or only accept the technical minimum depends on many factors, e.g:

  • Design
  • Colors
  • Trust
  • Positioning
  • Blocking
  • and much more.

Basically, it can be said that only about 1/3 of visitors accept all cookies without further optimization measures.

Another third accept the technically necessary cookies, the rest reject everything, but also accept the technically necessary cookies.

 

Of course, cookie banners are not mandatory. As long as you do not use cookies or other storage technologies or only use technically necessary ones, you do not need a cookie banner

However, the situation is different as soon as you use tools or scripts that transfer data abroad, set cookies, local storage elements or other data in your visitors' browsers.

As soon as you use this, GDPR-compliant cookie banners are indispensable, as you are not allowed to store any data without the consent of each individual visitor.

Mandatory cookie banner

 

A catchy headline, but what is meant is that operators of non-compliant banners will be contacted by the association and receive a letter of complaint.

Operators who do not correct the banners will be reported to the relevant data protection authorities, which can result in heavy fines.

The points that are most often noted are the following:

  1. No decline button on the first level (81%)
  2. Pre-hooked options (15%)
  3. Link instead of a button to decline (51%)
  4. Poor contrast on the decline button (73%)
  5. Highlighting contrast for agree buttons (73%)
  6. Cookies all under "legitimate interest" (27%)
  7. Cookies incorrectly sorted under "Technically necessary" (21%)
  8. Not as easy to revoke as to consent (90%)

It is astonishing that there are actually still operators who use pre-hooked options.

These are all points that we also consider to be justified points of criticism, the only point where we disagree is the highlighting of the Agree button. Provided that the reject button is displayed in the same way, the operator may well highlight the agree button in color.

However, all points can also be implemented with CCM19 without any problems.

 

Error

 

noyb and CSL of WU Vienna publish the specification and a prototype.

Noyb has now also made a proposal on how to make a large number of banner queries superfluous. With the help of a technical specification and a browser extension, they want to show that cookie banners are not needed.

Unfortunately, the bottom line is that the problem is twofold: it will be difficult not to see these settings as super tracking cookies and it remains the duty of the operator to set cookies and scripts only after consent.

This means that even if this is eventually implemented, the banners will at most be invisible more often, but will still be present. Quite simply because they take care of the cookies and scripts and comply with the prescribed documentation obligation and there may be visitors who do not send the signal.

Inspiration

 

Cookie Consent Manager CCM19

In our opinion, you definitely need a cookie banner to make your website GDPR-compliant.

The GDPR / General Data Protection Regulation and, more recently, the current TDDDG clearly stipulate that cookies may only be set with the consent of the visitor.

How to make your cookie banner GDPR-compliant:

A GDPR-compliant cookie banner allows visitors to your website to decide which cookies and scripts may be set, CCM19 is such a cookie banner and offers you the technical security that this function is also guaranteed.

In addition to the existential cookies, which serve to display the website properly, there are also functional and analytical cookies, which are intended to help the website operator to better tailor its offer to the user and generate more customers or interested parties. The website operator is of course responsible for the GDPR-compliant design of the cookie consent banner.

 

 

A cookie consent banner must meet several legal requirements in order to comply with data protection laws such as the GDPR and the TDDDG. These include:

  1. Providing transparent information about the use of cookies and their purposes: Users should be informed about which cookies are set, what data they collect and for what purposes they are used.
  2. Obtain the user's consent before setting non-essential cookies: Consent is only not required for strictly necessary cookies. For all other cookies, such as analysis, marketing or tracking cookies, active user consent is required.
  3. Give users the option to withdraw their consent or change their settings: Users should be able to review and change their cookie settings at any time.
  4. Record and retain user consent: Website operators must be able to prove that they have properly obtained consent from users.

CCM19 helps you comply with these requirements and ensures that your cookie banner complies with current data protection laws. Our service offers easy implementation, customization options and continuous updates to help you comply with the law.

.

CCM19 - Cookie Consent Tool

 

Settings

To design a GDPR-compliant cookie banner, you should follow the steps below:

  1. Provide transparent information: Inform users clearly and comprehensibly about the cookies used, their purposes and the type of data collected. Make sure the information is easily accessible and understandable.

  2. Obtain active consent: Ensure that your cookie banner obtains the user's consent for the use of non-essential cookies before activating them. Use clear consent mechanisms, such as buttons or checkboxes. Things like "consent by use" or pre-selected options are not allowed.
  3. Offer choices: Give users the ability to customize their cookie settings and accept or reject different categories of cookies.
  4. Enable revocation and changes: Allow users to withdraw their consent or change their cookie settings at any time. Provide an easily accessible option for this on your website.
  5. Log consent: Keep records of user consents to comply with legal requirements and be able to provide evidence in the event of a review.
  6. Keep an eye on updates: Keep your cookie banner and privacy policy up to date to reflect changes in legal requirements or the cookies you use.

 

 

 

Yes, there are differences in the legal requirements for cookie banners in different countries or regions. Although the GDPR applies throughout the European Union, some countries have enacted additional national laws, such as the TDDDG in Germany. These laws may impose additional requirements on the design and implementation of cookie banners.

It is important to be aware of the applicable laws in the countries and regions where your website is active and to ensure that your cookie consent banner complies with these requirements.

CCM19 provides support for legal compliance in different countries and regions and ensures that your cookie banner complies with the respective requirements.

 

World

 

In your cookie banner, all cookies used should be listed and divided into different categories. Cookies are usually divided into the following categories, and often into further subcategories:

  1. Technically necessary cookies: These cookies are necessary to enable basic functions of the website, such as navigation, access to protected areas and security functions. User consent is not required for these cookies.
  2. Functional cookies: These cookies enable additional functions and personalized settings, such as saving language settings or displaying embedded videos. User consent is required for these cookies.
  3. Analysis and performance cookies: These cookies collect information about user behavior and the use of the website in order to measure and improve its performance. User consent is also required for these cookies.
  4. Marketing and targeting cookies: These cookies are used to display personalized advertising and to track user behavior across different websites. User consent is essential for these cookies.

CCM19 helps you to list all cookies used on your cookie banner and categorize them accordingly. We support you in complying with legal requirements and providing transparency to your users.

.

Cookie banner details

 

DSGVO penalties

If you do not have a cookie consent banner on your website or it does not comply with the legal requirements, this can lead to significant fines and sanctions. Data protection authorities can impose fines based on the severity of the violation and your company's annual turnover. In some cases, these fines can be up to 4% of annual global turnover or €20 million, whichever is higher.

In addition, non-compliance with cookie banner requirements can lead to a loss of trust from your users and a negative image of your company.

With CCM19, you can ensure that your cookie banner complies with legal requirements and that you are protected from potential penalties. Our service offers you easy implementation, ongoing updates and customization options to create a GDPR and TDDDG compliant cookie banner for your website.

.