How to create a cookie banner that is GDPR compliant
Why do you need cookies?
Cookies are small text files that are sent to your computer from a website. Cookies store information about your visit, such as your preferred language and other settings. They also allow the website to remember your actions and preferences over time, so you don't have to keep re-entering them when you return to the website. This saves you time and makes the website more user-friendly.
Why do tracker cookies exist?
Tracking cookies are primarily intended to identify errors on the website and to remove them as quickly as possible or to optimize the operation of the site. This is done from simple page calls to what type of device you are using to so-called "heat maps" of the mouse clicks.
Why do I have to agree to a cookie banner?
Some sites or trackers collect more information about you than you might want to disclose (age, location, personal interests, marital status, and more) and use it to create e.g. B. an advertising profile. This is where the GDPR comes into play. Because the tracking (following) of users or user behavior was not only used for positive purposes in the past, there are regulations to limit misuse when collecting, recording and storing data.
How do I design my/a cookie banner to be legally compliant?
First of all: Not every cookie requires the consent of the visitor, as long as the use is absolutely necessary or technically necessary. These cookies do not have to be in the consent option. These cookies include, for example, your login, your shopping cart or your language selection. If you only use one of these cookies, you don't even need a cookie banner. You only have to refer to the use of such a "functional cookie" in your data protection declaration.
But if you enter a tracking code for e.g. B. "Google Analytics" or similar services, this may only be loaded if the user has actively consented. In addition, these options must not be preselected in the cookie banner!
It is also important that information such as the imprint or the data protection declaration must not be covered by a cookie banner.
Finally, the revocation of tracking and the like must be as simple as giving consent (cf. Art. 7 Para. 3 Sentence 4 GDPR).
A revocation function in your cookie banner is therefore necessary. If the revocation takes place, it must be ensured that the rejected cookies no longer collect any data from this point in time.
Whats the best way to do this?
You still want to create or have statistics created for your site and continue to use useful tracking tools, but do not want to run the risk of illegaly collecting data? The greatest security here is probably the way to an appropriate specialist lawyer. He can check your current solution and show you the need for optimization based on the current legal situation. In any case, before you start tracking, you should ensure that the data collection is legally compliant.
There are various third-party solutions on the market that can often be easily integrated into your website or online shop and "almost" ensure that tracking is legally compliant. Larger providers in particular make sure that their product is always up to date - both technically and legally. For example: UserCentrics
How do I protect myself from tracking?
Depending on the integration of a tracker or the "intentions" of the operator, it is difficult to completely avoid tracking or to contradict it. There are various tools on the market for this, including free tools, which usually reliably prevent unwanted tracking.
However, a little caution is required when choosing an appropriate "blocking tool". Because these programs can also track your progress and create data profiles about you. In any case, it is advisable to activate the tracking protection of your browser and to use a blocker whose source code is "open source". This ensures that "many eyes" have looked over the code and that it should therefore hardly have any unfair intentions.