Website Cookies & Compliance: What Companies need to know

The use of cookies opens up important opportunities for website operators to personalize their website and analyze data. But how acceptable are website cookies in the age of DSGVO and website compliance? In this article, you’ll learn how website cookies are used, what risks they pose, and what the future holds for them.

What are cookies and what do you need them for?

Cookies are small text files that are stored in the user’s browser to record personal settings for websites visited. They are needed, for example, for the shopping cart function in online stores and more generally to save user settings for the next visit to the website.

Cookies can also be used to create user profiles of visitors across websites and devices. This provides website operators with valuable insights into the use of their website and enables advertisers to display personalized advertising.

Firstly, website cookies ensure the error-free functioning of websites – this is referred to as technically necessary cookies.

Secondly, they are used for advertising purposes and user analysis – these are referred to as third-party cookies, as in this case it is not the website operators themselves who store information about the behavior of website visitors, but third-party providers (for example, advertising networks or website analysis tools).

Identify compliance risks on your website with Ryte!

Learn more

Website cookies and compliance

So far so good. But what is the “problem” with cookies? It’s simple – when cookies are set, personal data of your visitors is processed. And for this you need their consent!

Cookie guidelines in accordance with GDPR

The basis for the regulation is the General Data Protection Regulation (GDPR), which has been in effect in the EU since May 25, 2018.

While there is no separate law in the GDPR concerning the use of website cookies, it does regulate the principles for processing personal data (Article 5 EU GDPR; Article 6 EU GDPR), which includes the use of cookies. Accordingly, website operators must inform about the use of cookies and first obtain the consent of the visitors before cookies become active on a website.

This is where the famous cookie banner comes into play. When visiting a website for the first time, you as the website operator must indicate to your visitors exactly what kind of cookies are used on the website and give them the option of consenting or rejecting each type of cookie.

Figure 1: Cookie banner privacy settings

You also need to specify in the privacy policy which tools on your website use cookies (for example, tracking tools like Google Analytics). If you don’t know exactly which cookies are used on your website, you can use Ryte Compliance to track them down.

Figure 2: Cookies report in Ryte Compliance

Website cookies and their risks

Having your website GDPR compliant and following corresponding compliance guidelines is important for a number of reasons.

The hopefully most obvious reason is, of course, your visitors. Protecting their privacy should always be a top priority. Lately, consumers are becoming more and more vigilant about how their data is used. Non-compliant handling of personal data can severely damage trust and thus the relationship to your customers.

Further, the non-compliant use of cookies also poses significant legal risks. The data protection requirements for websites have increased significantly with the introduction of the GDPR and are now strictly sanctioned. At the beginning of 2022, for example, the French data protection authority imposed multi-million fines on Google and Facebook for cookie violations, and many other companies are also facing severe penalties.

Hence, a DSGVO-compliant consent management should be on top of the to-do list of every website operator to avoid legal notices and high fines.

What’s next for website cookies and tracking?

Data protection is an important topic of our time and even the big players are looking for new, compliant solutions to it. Already in 2020, Google announced that they would end the option to use third-party cookies in their browser. Although the deadline has already been postponed several times, in an interview at DMEXCO 2022 Google confirmed the intention to switch off third-party cookies in 2024.

This will certainly pose a major challenge to many advertisers, as they are currently depending on third-party cookies, at least as of today. It remains to be seen which alternative tracking solutions will replace third-party cookies and how their data privacy compliance will look like.