What data have you disclosed by accessing a website, which of it will be processed, which will be shared? This is supposed to make the GDPR not only transparent, but also controllable – by the user. And the sword of the GDPR is getting sharper and sharper – 4% penalty of annual turnover every company feels. We regularly think for our customers about which functions and websites CAN be implemented GDPR compliant – this can vary greatly in individual cases, so you should not derive instructions from this article, but a pool of ideas that you can discuss with your data protection officer and technician. As part of our blog articles, no legal advice takes place.

One way to comply with the GDPR is to use cookie-consent tools, such as Usercentrics – but they can have an impact on PageSpeed. At the same time, these tools reveal one thing above all:

Cookie Consent banners show by selecting the user which data a website operator would like to collect without a compelling reason.

And this compelling reason can also be the user analysis – just maybe not the same with countless cookies, over several platforms and completely glassy, as Google or Facebook would like to have for as accurate advertising as possible.

Similarly, many marketing agencies, departments or employees have to accept the following question:

Does the collected user data coincide with the evaluated user data or is there a strong mismatch here? The construction of huge data heaps on suspicion of possible later use is no longer justifiable.

Trend: No consensus required

This results in a trend that is as simple as it is attractive: where no data is collected, no consent is required. Where data must be collected, usually not – it remains the obligation to provide information about the data protection page. Cookie banner adé. The whole thing is not a dogma: if data is absolutely needed, then it can be collected. All that is needed is simply a justification for this.

There are many examples of how to avoid the use of cookie banners:

  • Alternative service providers for user analysis that do not use cookies and gdpR comply with
  • Waiver of third-party content inclusion
  • Cache/tunnel via own server instead of loading via the user browser

Advantage: The website loads faster and collected data is justified.

Third Party Cookies Die Out

Sooner or later, third-party cookies will no longer play a role, but ad-supported providers, such as Google, will continue to want to segment traffic on a target group-based basis. Google does not want to create this through a technically similar alternative to cookies, but through a completely new approach: cohorts

The basic idea sounds good at first: Instead of more and more individual identification of users, Federated Learning of Cohorts (Floc) is basically trying to accomplish only one task: the classification of users by user clusters. Based on browser history, the user is assigned to a cohort that is propagated through an API.

We share the WordPress project’s criticism of the Floc feature: it is to be assessed as a security risk for the user, as the user can be assigned to a group even more than before and can be discriminated against accordingly.

Cookies can be deleted or rejected, the user cannot do much about the cohort feature. WordPress will disable Google’s Floc feature by default – whether Google can opt out at least one on the user side is unclear and currently unlikely.

Either way, tracking approaches via third-party cookies have no future, the tracking will take place in the future either first-party, i.e. via the website operator, or when it goes to Google via cohorts.

result

The war of data was started by the GDPR and so far it looks as if it will be decided in the interests of users. From our point of view, it is completely exaggerated that the advertising industry would be completely on a blind flight without third-party cookies or cohorts. We consider the claim that a user or group of users to be identifiable across millions of websites to be incompatible with the GDPR.

Of course, this makes it difficult to do activities such as retargeting or an almost eerily tailor-made display of advertising – but who feels comfortable when data from Google Home, Gmail, Android, Google Search and the use of Google Analytics or Google Tag Manager captures, classifies and identifies almost every activity of Google.

Recommendation

For most webmasters, the clear recommendation applies from our side to track only what is also useful and is actually evaluated. Third-party services, such as Google Maps or Youtube videos, should be avoided, but alternative options should be explored.

Avoid third party cookies and try to design a website that does not require a cookie consent banner. With the right choice of tools and third-party providers, you have a faster website and improve customer satisfaction – because who wants to click away these annoying banners every time they visit the website.

Use your GDPR-compliant positioning to build trust with your users: you don’t need a cookie banner because you’re not a data octopus. Let your data protection officer advise you or contact us to help you achieve your goal.

About the author

Matthias Bathke is Managing Director of straightvisions GmbH. As a GDPR expert and PageSpeed evangelist, he is keen to develop stable and efficient solutions for our customers.

Need help?

We will be happy to advise you to find the best solution for you – just contact us.

Alster

Our Hamburgers love the original, the Hamburger Currywurst, Asia-Food and the view of the most beautiful skyline – the Alster.

Spree

Our Berliners love the original, the Berliner Currywurst, Asia-Food and the view of the most beautiful skyline – the Spree.