No Google Analytics without valid cookie consent

The Berlin Data Protection Authorities sent a warning to all website owners using Google Analytics. Get your cookie pop-up banners up to date with the GDPR or fines for infringements will be handed out. Assess your website's cookie pop-up here.

Services like Google Analytics may only be used, if the website owner obtains valid consent from their visitors, Berlin Data Protection Authority clarifies.

The German DPA warns of high fines for violations and points to several pending lawsuits.

In a press release on November 14, 2019, the Head of the Berlin DPA Maja Smoltczyk stated:

The integration of Google Analytics requires a consent which meets the requirements of the General Data Protection Regulation.

Maja Smoltczyk – Head of the Berlin DPA

Therefore, if website operators and owners want to use third-party analytics services like Google Analytics – which collect and process visitors’ personal data for commercial purposes – valid consent is needed.

Link: Newsletter from Rhineland-Palatine Data Protection Supervision

Website owners should check their cookie consent solution immediately for third-party services and other tracking technologies which harvest visitors’ personal data.  

Anyone who uses services, like Google Analytics and Facebook Pixel, must either obtain a valid consent from their visitors or remove the service altogether, Maja Smoltczyk continues.

Consent is only valid if the user of the specific data processing clearly and actively consents.

Maja Smoltczyk – Head of the Berlin DPA

This was clarified by the European Court of Justice on October 1st, 2019 in the case against Planet49.

Link: EU Court of Justice rules against Planet49 – storing cookies requires consent

Cookie pop-up banners with pre-ticked checkboxes for cookies and no options to decline cookies is not considered consent (see also recital 32 of the GDPR), the Court rules.

Link: The General Data Protection Regulation (GDPR) – recital 32 on consent

To obtain a valid consent on a website, you need a proper cookie consent solution.

However, most cookie pop-up banner on websites do not meet the standards of the GPDR, Maja Smoltczyk states:

A so-called cookie banner, which assumes that pure surfing on the website or the like should mean consent, is inadequate. The same applies to preactivated boxes in declarations of consent.

Maja Smoltczyk – Head of the Berlin DPA

German Data Protection Authorities on the move

In the spring of 2019, the German Data Protection Supervisory Authorities (DSK) published the “Guidance for providers of telemedia” and worked out in detail under which conditions tracking of website visitors is permitted.

Despite the guidelines, the Berlin Data Protection Commissioner continues to receive numerous complaints about websites that disregard the guidance.

Link: 200.000 complaints against the use of Google Analytics

On the other hand, the Berlin DPA says that it can be regarded lawful (legal) to carry out an audience analysis which collects the number of visitors per page, device and language settings (even if done by a third-party processor), if the processor does not use the data for his own purposes (commercially).

Services like Piwik Pro offer solutions in which you ‘own you own data’.

Google Analytics is a fantastic free tool to measure website traffic. But Google Analytics collects and processes your visitors’ personal data for commercial purposes.

Therefore, valid consent for using Google Analytics is required by the GDPR.

To collect valid consent, you need a cookie consent solution (banner) which:

  • Informs your visitors of cookies (who owns them; their purpose; lifespan)
  • Provides your visitors with the option to decline cookies (and tracking)
  • Holds back cookies before consent is obtained
  • Does not assume consent with pre-ticked boxes
  • Collects and stores consents for 5 years (in case of inspection by DPA).

With a valid consent in hand, you can use Google Analytics as much as you like and thereby benefit from the vast amount of data it offers for retargeting and visitor profiling.

Get in touch with Cookie Information if you desire a solution which allow you to legally use Google Analytics.

Cookie Information’s cookie consent solution is used by more than 1000 companies; collects more than 8 billion consents a year, and is up to date with the ePrivacy Directive and GDPR.


Share on facebook
Share on twitter
Share on linkedin
Share on email

- Webinars - Webinars - Webinars - Webinars

- Webinars - Webinars - Webinars - Webinars

Where to start with cookies?

Join our webinars about compliance in the Nordics