No Google Analytics without valid cookie consent

The Berlin Data Protection Authorities sent a warning to all website owners using Google Analytics. Get your cookie pop-up banners up to date with the GDPR or fines for infringements will be handed out. Assess your website's cookie pop-up here.
Table of Contents

Services like Google Analytics may only be in use if the website owner obtains valid consent from their visitors, Berlin Data Protection Authority clarifies.

The German DPA warns of high fines for violations and points to several pending lawsuits.

No consent – no Google Analytics

In a press release on November 14th, 2019, the Head of the Berlin DPA, Maja Smoltczyk stated:

The integration of Google Analytics requires a consent which meets the requirements of the General Data Protection Regulation.

Therefore, valid consent is needed if website operators and owners want to use third-party analytics services like Google Analytics, which collect and process visitors’ data for commercial purposes.

Valid consent is required for using Google Analytics

Website owners should check their cookie consent solution immediately for third-party services and other tracking technologies which harvest visitors’ data.
Anyone who uses services like Google Analytics and Facebook Pixel must obtain valid consent from their visitors or remove the service altogether, Maja Smoltczyk continues.

Consent is only valid if the user of the specific data processing clearly and actively consents.

The European Court of Justice clarified this on October 1st, 2019, in the case against Planet49.
Cookie pop-up banners with pre-ticked checkboxes for cookies and no options to decline cookies are not considered consent (see also recital 32 of the GDPR), the Court rules.

Cookie pop-up banners need to meet requirements in the GDPR

You need a proper cookie consent solution to obtain valid consent on a website.
However, most cookie pop-up banners on websites do not meet the standards of the GPDR; Maja Smoltczyk states:

A so-called cookie banner, which assumes that pure surfing on the website or the like should mean consent, is inadequate. The same applies to preactivated boxes in declarations of consent.

German Data Protection Authorities on the move

In the spring of 2019, the German Data Protection Supervisory Authorities (DSK) published the “Guidance for providers of telemedia”. They worked out in detail under which conditions tracking of website visitors is permitted.
Despite the guidelines, the Berlin Data Protection Commissioner continues to receive numerous complaints about websites that disregard the guidance.

Audience analysis with no consent

On the other hand, the Berlin DPA says that it can be regarded as lawful (legal) to carry out an audience analysis that collects the number of visitors per page, device, and language settings (even if done by a third-party processor), if the processor does not use the data for his own purposes (commercially).

Services like Piwik Pro offer solutions where you 'own your own data.'.

How to use Google Analytics with valid consent?

Google Analytics is a fantastic free tool to measure website traffic. But Google Analytics collects and processes your visitors’ data for commercial purposes.
Therefore, valid consent for using Google Analytics is required by the GDPR.
To collect valid consent, you need a cookie consent solution (banner) which:
  • Informs your visitors of cookies (who owns them; their purpose; lifespan)
  • Provides your visitors with the option to decline cookies (and tracking)
  • Holds back cookies before consent is obtained
  • Does not assume consent with pre-ticked boxes Collects and stores consent for 5 years (in case of inspection by DPA).
With valid consent in hand, you can use Google Analytics as much as you like and benefit from the vast amount of data for retargeting and visitor profiling.
Get in touch with Cookie Information if you desire a solution that allows you to use Google Analytics legally.
More than 1000 companies use Cookie Information’s cookie consent solution. It collects more than 8 billion consents a year and is up to date with the ePrivacy Directive and GDPR.