What data have you disclosed by accessing a website, which of it will be processed, which will be shared? The GDPR is intended to make this not only transparent, but also controllable – by the user. And the sword of the GDPR is getting sharper – 4% penalty of annual turnover is felt by every company.
We regularly think about how which functions and websites can be implemented in a DSGVO-compliant manner for our customers – this can vary greatly in individual cases, so you should not derive any instructions from this article for yourself, but rather a pool of ideas that you can discuss with your data protection officer and technician. As part of our blog articles, no legal advice takes place.
The user decides
Consent Management Tools
One way to comply with the GDPR is to use cookie consent tools, such as Usercentrics – but these can have an impact on PageSpeed. At the same time, these tools reveal one thing above all:
Cookie Consent banners show by selecting the user which data a website operator would like to collect without a compelling reason.
And this compelling reason can also be user analysis – but perhaps not immediately with countless cookies, across multiple platforms and completely transparent, as Google or Facebook would like it to be for advertising that is as precisely tailored as possible.
Similarly, many marketing agencies, departments or employees have to accept the following question:
Does the collected user data coincide with the evaluated user data or is there a strong mismatch here?
The construction of huge data heaps on suspicion of possible later use is no longer justifiable.
The recommendation is simple: if no data is collected, no consent is required.
Where data must be compulsorily collected, usually not – there remains the obligation to inform about the data protection page. Cookie banner adé. The whole thing is not a dogma: if data is absolutely needed, then it can be collected. All that is needed is simply a valid justification for this.
There are many examples of how to avoid the use of cookie banners:
- Waiver of third-party content inclusion
- Cache/tunnel via own server instead of loading via the user browser
Advantage: The website loads faster and collected data is justified.
No cookies, no problems?
Third Party Cookies Die Out
Sooner or later, third-party cookies will no longer play a role, but ad-supported providers, such as Google, will continue to want to segment traffic on a target group-based basis. Google does not want to create this through a technically similar alternative to cookies, but through a completely new approach: cohorts
The basic idea sounds good at first: Instead of more and more individual identification of users, Federated Learning of Cohorts (Floc) is basically trying to accomplish only one task: the classification of users by user clusters. Based on browser history, the user is assigned to a cohort that is propagated through an API.
We share the WordPress project’s criticism of the Floc feature: it is to be assessed as a security risk for the user, as the user can be assigned to a group even more than before and can be discriminated against accordingly.
Cookies can be deleted or rejected, the user cannot do much about the cohort feature. WordPress will disable Google’s Floc feature on the server side by default – whether Google will also allow at least an opt-out on the user side is unclear and currently unlikely.
Either way, tracking approaches via third party cookies have no future. In the future, tracking will be done either first-party, i.e. via the website operator, or, if it goes to Google, via cohorts.
|Tracking provider||Primary purpose||Loading||size|
|Google Analytics||General user behaviour||127ms||20 KB|
|Yahoo Dot Tag (Gemini)||General user behaviour||28ms||7 KB|
|Mouseflow||Strokes||2062 ms||52 KB|
|Conversion tracking||23ms||7 KB|
|Bing||General user behaviour||7ms||8 KB|
You always pay a price for tracking – through increased loading times. High loading times lead to high bounce rates and low conversion rates. With tracking scripts, pay attention to how much they affect the performance of your website and use them when the evaluation is complete.
You benefit twice: avoiding unnecessary tracking not only reduces the complexity with regard to GDPR, but also improves the PageSpeed of your website.
The war of data was started by the GDPR and so far it looks as if it will be decided in the interests of users.
From our point of view, it is completely exaggerated that the advertising industry would be completely on a blind flight without third-party cookies or cohorts. We consider the claim that a user or group of users to be identifiable across millions of websites to be incompatible with the GDPR.
Of course, this makes activities such as retargeting or an almost uncannily precise playout of advertising more difficult – but who feels comfortable when data from Google Home, Gmail, Android, Google Search and through the use of Google Analytics or the Google Tag Manager almost every activity is recorded, classified and the user identified by Google.
For most websites, we have a clear recommendation to track only what makes sense and is actually evaluated.
Third-party services, such as Google Maps or Youtube videos, should be avoided, but alternative options should be explored.
Avoid third party cookies and try to design a website that does not require a cookie consent banner. With the right choice of tools and third-party providers, you’ll have a faster website and improve customer satisfaction – because who wants to click away those annoying banners every time you visit a website.
Use your GDPR-compliant positioning to build trust with your users: you don’t need a cookie banner because you’re not a data octopus. Let your data protection officer advise you or contact us to help you achieve your goal.