Attention: Insufficient cookie banners soon in the sights of data protectionists

After the German data protection authorities published a guidance document last year, the Planet49 case should now be known to every website operator and numerous lawyers have also informed about the necessity of cookie banners, the data protection authorities have now announced that they want to separately monitor these cookie information solutions and also sanction inadequate use. Many cookie consent banners are designed in a questionable manner and may therefore be considered illegal.

Key Facts

Data protection authorities now monitor cookie information solutions and can impose sanctions for inadmissibility.
Faulty cookie banners are often difficult to identify or use.
The Accept button is often easier to click than the Reject button.
Missing or unclear refusal options can have legal consequences.
Websites need clear information banners to comply with data protection.
Larger suppliers will be checked first, but all should be compliant.
Early action is advisable in order to avoid warnings.

This mainly concerns those solutions where the Accept button is much more clearly easier to click than the Reject button, or those where individual buttons can only be rejected individually. Also, many such banners are not exactly clear.

These include, for example, such solutions

Here the reject button is not present at all or only by pushing the “Necessary” button.

This solution is also unlikely to stand up to deeper scrutiny.

Rejecting cookies is not possible or only occurs if you use a paid subscription.

Some large media sites have no cookie banners at all, although services such as Doubleclick and Google Adsense are used.

Of course, when surfing the web, you also constantly see websites with mere notices that cookies would be used. In the vast majority of cases, these are not sufficient. The only exception would be (and even this is not uncontroversial) if really 100% only technically absolutely necessary cookies are set. This should rarely be the case and with Wordpress, due to the use of numerous plugins that save some presets, it is almost never feasible.

Even if it is likely that larger, high-reach providers will be investigated first in the first step, every provider should take care of a legally compliant implementation, not only with the coming TTDSG. Moreover, it cannot be ruled out that warning agents will jump on the current bandwagon.

Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.