LfDI issues warning to websites using Google Analytics
No Google Analytics without valid consent! This seems to be the decree from Rhineland-Palatinate Data Protection Supervision in Germany.
The State Commissioner for Data Protection and Information Security (LfDI) declared in a recent newsletter that prohibitions against website operators have already been issued regarding using Google Analytics and other similar tracking tools.
The LfDI announced:
” The LfDI has provided instructions to website operators in a number of procedures. This requires that websites must be adapted in such a way that the transmission of user data to other providers is only carried out with the knowledge and active consent of the website users. Specifically, this concerns the use of the services like Google Analytics and Google Remarketing.”
Websites that do not collect a GDPR valid consent when using Google Analytics or other services which set cookies that collect and process personal data will be obliged to stop this practice or redesign their website to accommodate data protection regulations, the LfDI declares.
The LfDI is ready to open legal proceedings against websites that do not comply with the decree.
Consent is paramount to using Google Analytics
The Administrative Court of Mainz (Germany) already established in a similar case that the legal basis under Article 6 of the GDPR also applies when using analysis tools such as Google Analytics.
Websites can no longer claim legitimate interests (Article 6, 1(f)) when using services that collect and process website visitors’ data primarily for marketing purposes.
It is required that websites use consent as the lawful basis (article 6, 1(a)) for using Google Analytics and similar tracking tools.
Furthermore, consent must be freely and explicitly given. The LfDI draws attention to the recent EU-Court of Justice decision in the case against Planet49.
Informative cookie banners are no longer sufficient when using cookies that track visitors online (e.g., Google Analytics).
How to obtain valid consent using Google Analytics?
Google Analytics is a widespread tool for audience measurements and traffic analysis. Using Google Analytics, however, comes with some privacy restrictions.
As Google Analytics uses cookies (e.g., _ga) to harvest website visitors’ data (e.g., IP address), the European General Data Protection Regulation (GDPR) does require that the processing of this data is based on consent.
To collect valid consent, you need a cookie consent solution (banner) which:
- Informs your visitors of cookies (who owns them; their purpose; lifespan)
- Provides your visitors with the option to decline cookies (and tracking)
- Holds back cookies before consent is obtained
- Does not assume consent with pre-ticked boxes
- Collects and stores consent for 5 years (in case of inspection by DPA).
Get started collecting valid consent
Collecting valid consent from your users is not difficult. With Cookie Information’s Consent Solution set up on your website, you’ll never have to worry about cookie rules and GDPR again.
What do you get?
Cookie Information’s Consent Solution offers you a highly customizable consent pop-up for your website.
The pop-up integrates perfectly with your website UX design and is completely ePrivacy and GDPR compliant.
Features of the solution:
- GDPR valid consent pop-up (to collect user consent)
- Privacy controls (options for your user to decline cookies)
- Cookie Policy (valid policy for privacy transparency)
- Deep scan (of your website cookies)
- Storage of Consents for up to 5 years (as required by law) SDK implementation options (for blocking cookies before consent)
- Compliance Dashboard (complete overview of cookies, consents, and acceptance rates).
Your website will now comply with the requirements from the Rhineland-Palatinate Data Protection Supervision and the GDPR*.
*when Cookie Information’s Cookie Control SDK is correctly implemented.