Services like Google Analytics may only be in use if the website owner obtains valid consent from their visitors, Berlin Data Protection Authority clarifies.
The German DPA warns of high fines for violations and points to several pending lawsuits.
No consent – no Google Analytics
In a press release on November 14th, 2019, the Head of the Berlin DPA, Maja Smoltczyk stated:
Therefore, valid consent is needed if website operators and owners want to use third-party analytics services like Google Analytics, which collect and process visitors’ data for commercial purposes.
Valid consent is required for using Google Analytics
Website owners should check their cookie consent solution immediately for third-party services and other tracking technologies which harvest visitors’ data.
Anyone who uses services like Google Analytics and Facebook Pixel must obtain valid consent from their visitors or remove the service altogether, Maja Smoltczyk continues.
The European Court of Justice clarified this on October 1st, 2019, in the case against Planet49.
Cookie pop-up banners with pre-ticked checkboxes for cookies and no options to decline cookies are not considered consent (see also recital 32 of the GDPR), the Court rules.
Cookie pop-up banners need to meet requirements in the GDPR
You need a proper cookie consent solution to obtain valid consent on a website.
However, most cookie pop-up banners on websites do not meet the standards of the GPDR; Maja Smoltczyk states:
German Data Protection Authorities on the move
In the spring of 2019, the German Data Protection Supervisory Authorities (DSK) published the “Guidance for providers of telemedia”. They worked out in detail under which conditions tracking of website visitors is permitted.
Despite the guidelines, the Berlin Data Protection Commissioner continues to receive numerous complaints about websites that disregard the guidance.
Audience analysis with no consent
On the other hand, the Berlin DPA says that it can be regarded as lawful (legal) to carry out an audience analysis that collects the number of visitors per page, device, and language settings (even if done by a third-party processor), if the processor does not use the data for his own purposes (commercially).
Services like Piwik Pro offer solutions where you 'own your own data.'.
How to use Google Analytics with valid consent?
Google Analytics is a fantastic free tool to measure website traffic. But Google Analytics collects and processes your visitors’ data for commercial purposes.
Therefore, valid consent for using Google Analytics is required by the GDPR.
To collect valid consent, you need a cookie consent solution (banner) which:
- Informs your visitors of cookies (who owns them; their purpose; lifespan)
- Provides your visitors with the option to decline cookies (and tracking)
- Holds back cookies before consent is obtained
- Does not assume consent with pre-ticked boxes Collects and stores consent for 5 years (in case of inspection by DPA).
With valid consent in hand, you can use Google Analytics as much as you like and benefit from the vast amount of data for retargeting and visitor profiling.
Get in touch with Cookie Information if you desire a solution that allows you to use Google Analytics legally.
More than 1000 companies use Cookie Information’s cookie consent solution. It collects more than 8 billion consents a year and is up to date with the ePrivacy Directive and GDPR.