Google analytics requires valid cookie consent

The Rhineland-Palatinate Data Protection Supervision (LfDI) now requires websites to obtain valid consent from the user for using Google Analytics and similar remarketing tools. We have a 5-item checklist to acquire valid consent.

LfDI issues warning to websites using Google Analytics

No Google Analytics without valid consent! This seems to be the decree from the Rhineland-Palatinate Data Protection Supervision in Germany.

The State Commissioner for Data Protection and Information Security (LfDI) declared in a recent newsletter that prohibitions against website operators have already been issued regarding the use of Google Analytics and other similar tracking tools.

The LfDI announced:

”The LfDI has provided instructions to website operators in a number of procedures. This requires that websites must be adapted in such a way that the transmission of user data to other providers is only carried out with the knowledge and active consent of the website users. Specifically, this concerns the use of the services like Google Analytics and Google Remarketing.”

Websites which do not collect a GDPR valid consent when using Google Analytics or other services which set cookies that collect and process personal data, will be obliged to stop this practice or redesign their website to accommodate data protection regulations, the LfDI declares. 

The LfDI is ready to open legal proceedings against websites that do not comply with the decree.

No Google Analytics without valid consent Berlin DPA declares

The Administrative Court of Mainz (Germany) already established in a similar case that the legal basis under Article 6 of the GDPR also apply when using analysis tools such as Google Analytics.

Websites can no longer claim legitimate interests (article 6, 1(f)) when using services that collect and process website visitors’ personal data primarly for marketing purposes. 

What is legitimate interest under the GDPR?

It is required that websites use consent as the lawful basis (article 6, 1(a)) for using Google Analytics and similar tracking tools.

Furthermore, consent must be freely and explicitly given. The LfDI draws attention to the recent EU-Court of Justice decision in the case against Planet49.

Informative cookie banners are no longer sufficient when using cookies that track visitors online (e.g. Google Analytics).

Google Analytics is a widespread tool for audience measurements and traffic analysis. Using Google Analytics, however, comes with some privacy restrictions.

As Google Analytics uses cookies (e.g. _ga) to harvest website visitors’ personal data (e.g. IP-address), the European General Data Protection Regulation (GDPR) does require that the processing of this data is based on consent.

To collect valid consent, you need a cookie consent solution (banner) which:

  • Informs your visitors of cookies (who owns them; their purpose; lifespan)
  • Provides your visitors with the option to decline cookies (and tracking)
  • Holds back cookies before consent is obtained
  • Does not assume consent with pre-ticked boxes
  • Collects and stores consents for 5 years (in case of inspection by DPA).

Collecting valid consent from your users is not difficult. Actually, with Cookie Information’s Consent Solution set up on your website, you’ll never have to worry about cookie rules and GDPR again.

What do you get?

Cookie Information’s Consent Solution offers you a highly customizable consent pop-up for your website.
The pop-up integrates perfectly with your website UX design and is completely ePrivacy and GDPR compliant.

Features of the solution:

  • GDPR valid consent pop-up (to collect user consents)
  • Privacy controls (options for your user to decline cookies)
  • Cookie Policy (valid policy for privacy transparency)
  • Deep scan (of your website cookies)
  • Storage of Consents for up to 5 years (as required by law)
  • SDK implementation options (for blocking cookies prior to consent)
  • Compliance Dashboard (complete overview of cookies, consents and acceptance rates).

Get started

Your website will now comply with the requirements from the Rhineland-Palatinate Data Protection Supervision and the GDPR*.

*when Cookie Information’s Cookie Control SDK is correctly implemented.

Share on facebook
Share on twitter
Share on linkedin
Share on email

No credit card needed

Start your free trial

250,000 clients already trust us with their website's cookie compliance ​

Is your website GDPR cookie compliant?

We'll give you the answer quickly - completely free
Free Webinar

How to perform GDPR compliant analytics and digital marketing

The guide to cookie consent in Sweden, Norway & Finland