Data Protection Authority prohibits websites’ use of Google Analytics

Data Protection Authority prohibits websites’ use of Google Analytics

The Rhineland-Palatinate Data Protection Supervision (LfDi) now requires websites to obtain valid consent from the user for using Google Analytics and similar remarketing tools. 5-item checklist to acquire valid consent.

LfDi issues warning to websites using Google Analytics

No Google Analytics without valid consent! This seems to be the decree from the Rhineland-Palatinate Data Protection Supervision in Germany.

The State Commissioner for Data Protection and Information Security (LfDI) declared in a recent newsletter that prohibitions against website operators have already been issued regarding the use of Google Analytics and other similar tracking tools.

The LfDI announced:

From newsletter (translated)

”The LfDI has provided instructions to website operators in a number of procedures. This requires that websites must be adapted in such a way that the transmission of user data to other providers is only carried out with the knowledge and active consent of the website users. Specifically, this concerns the use of the services like Google Analytics and Google Remarketing.”

Websites who do not collect a GDPR valid consent when using Google Analytics or other services which set cookies that collect and process personal data, will be obliged to stop this practice or redesign their website to accommodate data protection regulations, the LfDi declares. 

The LfDi are ready to open legal proceedings against websites that do not comply with the decree.

No Google Analytics without valid consent Berlin DPA declares

Consent is paramount to using Google Analytics

The Administrative Court of Mainz (Germany) already established in a similar case that the legal basis under Article 6 of the GDPR also apply when using analysis tools such as Google Analytics.

Websites can no longer claim legitimate interests (article 6, 1(f)) when using services that collect and process website visitors’ personal data primarly for marketing purposes. 

What is legitimate interest under the GDPR?

It is required that websites use consent as the lawful basis (article 6, 1(a)) for using Google Analytics and similar tracking tools.

Furthermore, consent must be freely given and explicit. The LfDi draws attention to the recent EU-Court of Justice decision in the case against Planet49.

Informative cookie banners are no longer sufficient when using cookies that track visitors online (e.g. Google Analytics).

How to obtain valid consent using Google Analytics?

Google Analytics is a widespread tool for audience measurements and traffic analysis. Using Google Analytics, however, comes with some privacy restrictions.

As Google Analytics uses cookies (e.g. _ga) to harvest website visitors’ personal data (e.g. IP-address), the European General Data Protection Regulation (GDPR) does require that the processing of this data is based on consent.

Obtaining valid consent requires:


To collect valid consent, you need a cookie consent solution (banner) which:

  • Informs your visitors of cookies (who owns them; their purpose; lifespan)
  • Provides your visitors with the option to decline cookies (and tracking)
  • Holds back cookies before consent is obtained
  • Does not assume consent with pre-ticked boxes
  • Collects and stores consents for 5 years (in case of inspection by DPA).

Get started collecting valid consent

Collecting valid consent from your users is not difficult. Actually, with Cookie Information’s Consent Solution set up on your website, you’ll never have to worry about cookie rules and GDPR again.

Try our Consent Solution for 30 days [for free!]

What do you get?

Cookie Information's Consent Solution offers you a highly customizable consent pop-up for your website.
The pop-up integrates perfectly with your website UX design and is completely ePrivacy and GDPR compliant.

Features of the solution:

  • GDPR valid consent pop-up (to collect user consents)
  • Privacy controls (options for your user to decline cookies)
  • Cookie Policy (valid policy for privacy transparency)
  • Deep scan (of your website cookies)
  • Storage of Consents for up to 5 years (as required by law)
  • SDK implementation options (for blocking cookies prior to consent)
  • Compliance Dashboard (complete overview of cookies, consents and acceptance rates).
Get started

Your website will now comply with the requirements from the Rhineland-Palatinate Data Protection Supervision and the GDPR*.

*when Cookie Information’s Cookie Control SDK is correctly implemented.

Try Cookie Information’s Consent Solution for 30 days free of charge and no credit cards needed.

Or you can book a demo with Cookie Information if you have more than one site and are looking for a multiple site solution.

Get started Book Demo

book a meeting with jonas


No Google Analytics without valid consent Berlin DPA declares

What is legitimate interest under the GDPR?

Newsletter from Rhineland-Palatine Data Protection Supervision

General Data Protection Regulation 2016