There are two main reasons for this new flood of banners. On the one hand, in May the Federal Court of Justice ended the German special route that had allowed German website operators to save cookies on users’ devices without being asked, contrary to the European E-Privacy Directive. Second, following the new data protection laws in Europe and California, the advertising industry has agreed on a new standard for ensuring that data usage continues to comply with the law. The “Transparency & Consent Framework” is now available in version 2.0 and has been widely accepted – not least because Google supports the framework. Consequence: Anyone who tries today to do without such a cookie banner will be rejected by most advertising networks.
No consent, no cookies?
What is it specifically about? Cookies are actually an almost 30 year old web technology that makes it possible to save default settings in the browser. The server sends a short text string to the browser, which is saved there as a cookie. If you visit the same website again, the web server asks about the cookies that have been set and the text string is sent back.
This text string can consist of a postcode, for example, so that the forecast for your own place of residence is always displayed on the website of a weather service. The text string can also contain a unique identifier so that you do not have to log in every time you visit. Thanks to cookies, the shopping cart in the online shop is still full the next day, cookies can be used to save language preferences for websites or to find content that has been searched for with just a few clicks.
But cookies are also a central technology behind personalized advertising. For example, anyone who visits a website not only receives cookies from a publisher, but usually also the cookies from many advertising networks, which use them to track user activities across the web. With the compiled user profiles, users can be presented with targeted offers. With retargeting, for example, users are shown advertisements for goods that they previously viewed in an online shop but did not buy. In order to be able to play almost every advertisement in a targeted manner, the advertising industry collects comprehensive profiles that store all information relevant to advertising in a profile, from age, place of residence and income to interests and hobbies.
Trackers and non-trackers
The cookie banners are not just about cookies, but about many types of data processing. For example, advertisers want to prevent their advertising from appearing next to unsuitable content – so specialized “brand safety” providers ask which article an advertisement appears next to. If such scripts are refused, many advertisers will not want to advertise. Cookies also record how often a certain advertisement is played – after all, advertisers do not want to spend too much on one and the same user. Website operators who want to achieve reasonable prices on real-time programmatic advertising marketplaces have to provide a lot of data.
Anyone who operates a website and wants to earn money with advertising therefore has a clear goal: users should give their consent to data processing as often as possible. If the users refuse, a rapid loss of income is usually hardly avoidable: Even if the websites are still able to deliver certain advertisements to users without tracking, these banners are paid significantly less. And even at reduced prices, the data-hungry advertising industry usually doesn’t deliver enough advertising – if users reject all cookies, many advertising spaces usually remain empty.
Pushed for approval
The result looks accordingly: There are many operators who do their best to enable users to make an informed choice. However, many cookie banners appear to be purposely intended to confuse the user. The buttons for approval are highlighted in color, but the options for rejection are kept plain and ambiguous.
In the newly published information, the Lower Saxony data supervisory authority warns against such practices. “Nudging” is an attempt to get users to agree. The privacy advocates try to work out exactly where the limits are. “It is certain that there are limits to permitted nudging and that behavior-manipulating designs can lead to the ineffectiveness of the consent,” says the recommendations from Hanover. In no case should one rely on the default settings for the consent tools available on the market, which take over the processing of cookies for the site operator. A so-called cookie wall, in which users are locked out of content if they do not consent to cookies, is also incompatible with the General Data Protection Regulation. Data protection authorities from all over Germany are currently investigating the practice of cookie banners.