Cookies have not only been a big topic since the decision of the GDPR. Nevertheless, since the introduction of the General Data Protection Regulation in March 2018, operators of websites, blogs and online shops have to take a closer look to determine whether they are actually acting in compliance with the law. Note: This article is not a substitute for professional legal advice and I make no claim to completeness. Please check for your individual case whether further procedures are necessary to ensure that your site fully complies with the GDPR guidelines.
Despite the attention that the regulation has received in the last two years and the foreseeable penalties if a website owner behaves unlawfully, a large proportion of websites in Germany are still without legally compliant cookie banners. A small banner with the inscription "This website uses cookies. By continuing to use this website, you agree", is an absolute disaster for website owners in 2020. The same goes for banners that have an "Accept all cookies" button, but no way to explicitly refuse to use them! In 90% of cases, the child has already fallen into the well, because the cookies were already set when the page was called up and before the button was confirmed. The functionality of the cookie banner should be that it prevents all scripts from loading until the visitor has clicked on the "Accept all" or "Accept necessary cookies" button.
With your browser, you can easily check if and when a site or your site sets cookies and forwards your data to other services. Here, for example, via the Google Chrome browser.
If you have already visited the site, you can delete the data stored by this website under the menu item "Clear Storage". Then reload the page and look at the menu item "Cookies" to see which scripts are loaded. You will usually find "_ga", a cookie that is set for Google Analytics, or "_fbp", the so-called Facebook pixel. With the help of these cookies, the site operators receive more information about you. However, the automatic anonymisation of visitors' IP addresses is a legal prerequisite. This means that information such as age group or geographical origin cannot be traced.
In the best case, no entries appear in your cookie menu when you reload the page until you have clicked on "Accept cookies" in the cookie banner. Furthermore, you must have the option to accept "only necessary cookies". These are scripts that have to be loaded so that the page itself functions properly. In this case, the shopping basket of an online shop, for example, can be hidden behind this, which keeps the products you have selected for purchase in its memory for the duration of your session.
There are several cookie banner generators on the German market and the scripts can cost up to €100 per month. Don't worry, they are usually also available for around €10 with monthly billing. Cookiebot.com, a Danish provider of cookie consent banners, even offers a free version. So if you are just starting your website, blog or shop and want to keep your monthly expenses low, this is a wonderful opportunity. Of course, you have to make a few compromises in terms of use. For example, the banner cannot be changed visually (apart from the positioning). At the same time, it can only be activated for a single domain. But you get a free cookie banner generator.
After registering with Cookiebot.com, you have the option of entering your domain in the settings menu. In the free version, as already described, it is only possible to enter a single domain for the cookie banner. The scan frequency is "monthly" by default. This means that Cookiebot scans your website monthly for new scripts and blocks them until the visitor has pressed the "Accept all" button in the cookie banner. In the "Dialogue box" tab, you have the option of specifying whether the banner is displayed at the top, bottom or as a pop-up. The cookies are categorised within the banner into "Preferences", "Marketing" and "Statistics". The user has the option to manually select which cookies should be loaded. It is absolutely necessary that none of the checkboxes are pre-selected. In the "Content" tab, you can adapt the texts of the banner as you wish. In the tab "Scripts" comes the interesting part, because then it is about the integration of the banner. First of all, the blocking of cookies should be set to "Automatic". In this way you ensure that all stored cookies are automatically retained until the cookies have been accepted.
You integrate the first of the two scripts in the HEAD tag of your website. It is important to note that this script is positioned before all other cookie scripts and is therefore loaded. Only then can the banner actually block them. The integration differs depending on which system your website or online shop is based on. In Wordpress, for example, you can integrate the script directly in the theme editor in header.php. If this is too complicated for you, use a plugin such as "Insert Headers and Footers".
In Webflow CMS, the script can be integrated in the "Project Settings" area under the "Custom Code" tab. Copy the source code into the "Head Code" field. Attention: If you have stored your Google Tracking and Facebook Pixel ID in the "Integrations" tab, these will be loaded before the cookie banner script and thus not blocked! Delete your IDs from the corresponding fields and add the integration scripts for Google and Facebook in the "Custom Code" tab under the cookie banner script.
The second script that Cookiebot makes available to you is the listing of the cookies that exist on your site. This must be included in the section of your privacy policy.
Once you have integrated the scripts, you can reopen your page in the browser and check whether and when your cookies are loaded using the method explained above. If there are cookies that the automatic scan of Cookiebot has not detected, you can add them manually in your Cookiebot Dashboard.
Cookie banners that comply with the GDPR have never been more important and will continue to be so. Illegal cookie banners will sooner or later have consequences for the respective operators, so it is important to draw attention to this. The integration via third-party tools is kept simple and can be done relatively quickly. And as you can see in this example, there are also free ways and means.
If you are looking for a Google Analytics alternative that is fully compliant with the GDPR and can therefore be operated without cookie banners, we can recommend Fathom Analytics. The problem with cookie banners is that it is usually rejected by more than 50% of the visitors and the data is therefore not collected for your statistics. This is a huge problem for the validity of your data.
Fathom is in no way inferior to Google Analytics, additionally does not store any personal user data and runs for European customers on a pure EU infrastructure. Your data is not stored and processed outside the EU. The interface is designed to be simple and clear, without complex menus. So you have all important data directly at a glance. Click here to learn more about Fathom Analytics.