Cookie consent management has become an indispensable part of the online presence of companies of all sizes. What they should consider when implementing it.
Why cookie consent management is necessary
Cookie consent management is a system that obtains and manages the consent of website visitors to the use of cookies and similar tracking technologies. Cookies are small text files that are stored on the user's device and can perform various functions. For example, the storage of login data, the analysis of user behaviour or the personalization of advertising.
The need for cookie consent management arises from the strict requirements of the General Data Protection Regulation (GDPR). Since the introduction of the GDPR, the European Court of Justice (ECJ) has issued several important rulings on the use of cookies in recent years.
These decisions are of particular importance for companies, as they specify the requirements for consent and information obligations.
Planet49 ruling by the ECJ clarifies the use of cookies
Probably the best-known ECJ ruling on the use of cookies is the so-called Planet49 ruling of October 1, 2019. This case concerned the question of whether a checkbox ticked in advance to consent to the storage of cookies meets the requirements of the General Data Protection Regulation (GDPR) and the ePrivacy Directive.
The ECJ ruled that a pre-ticked checkbox is not sufficient. The user's consent must be given through an active action, e.g. by ticking an unchecked checkbox.
Users must be clearly and comprehensively informed about the use of cookies. This includes information about how cookies work, the purposes of data processing and third parties who may have access to the data.
Furthermore, the requirements for consent apply regardless of whether the information stored is personal data or not. This means that the provisions on consent to cookies apply even if the cookies do not process personal data.
Consequences of the ECJ rulings for the use of cookies by companies
The ECJ's decisions have far-reaching implications for the practice of cookie use by companies. This is because they must ensure that their cookie banners and consent mechanisms comply with the following requirements:
- Active consent: Users must actively consent to the use of cookies. For example, by clicking a button or ticking a box. Pre-ticked checkboxes are not permitted.
- Comprehensive information: Companies must inform their users clearly and comprehensibly about the type of cookies used, their purpose and the third parties involved. This should be done in the website's privacy or cookie policy.
- Simple rejection: It must be just as easy to reject cookies as it is to accept them. Users must not be prevented from rejecting cookies by complicated procedures.
- Logging of consents: Companies should document user consent. This allows them to prove that consent has been properly obtained in the event of an inspection by the data protection authorities.
Using cookie consent management effectively
Cookie consent management thus implements the above-mentioned requirements and protects companies from legal consequences. This is because violations of the GDPR can result in high fines.
Reading tip: The five highest GDPR fines in June 2024
An effective Cookie Consent Management System (CCMS) should offer the following functions:
- User-friendly interface: A clear and easy-to-understand interface that informs the user about the use of cookies and gives them the opportunity to customize their preferences.
- Automated obtaining and management of consents: The CCMS should automatically obtain and document user consent.
- Regular updates: The CCMS should be updated regularly in order to comply with the latest legal requirements and to be able to react to supreme court rulings.
- Integrations: Compatibility with other tools and platforms used in the company to ensure seamless integration and data transfer.
Conclusion: Effective cookie consent management protects companies from legal consequences. However, companies can also gain the trust of users by handling user data transparently and addressing them respectfully. This is because users who feel safe and respected are more willing to disclose personal data. And if users consent to the use of cookies, the data collected is often of higher quality and more useful for the analysis and further development of the company.