Data PrivacyFutureTech CommunityUncategorized

The Cookie Consent Law for Germany

This week will have quite some impact on the German online and e-commerce landscape, as on Thursday, May 28th 2020 the German Federal High Court of Justice (Bundesgerichtshof) is going to render a judgment on the Planet49 case.

The case is about a website, which offers online competitions. In the given case, one could sign up for such an online competition. But it required the user to either allow Planet49 to make use the personal data from the user for marketing or allow a web analytics tool to drop a cookie in order to analyze the browsing behaviour of the user. This happened in December 2013.

Since then multiple courts were working on the case, even the Court of justice of the European Union was asked for a statement. Also in 2018 GDPR set a new standard for the use of personally identifiable information (PII).

The expected outcome from multiple experts is, that every website requires consent from the user for every tracking and/or cookie which is not a hard requirement for running the website. The judgment is immediately binding, as it is not creating a new law but only create a clear interpretation of how to apply it.

Already, a lot of websites ask for consent from the users for using tracking and cookies. But if the outcome from Thursday will be, that the consent from the users is a hard requirement in order to use tracking, basically very website will require a so-called consent management platform (CMP).
Consent Management Platforms have evolved as a new branch in the advertising industry. Basically, every publisher or ad network operator has also its own CMP as part of its product offering. The IAB (Interactive Advertising Bureau) — as the European-level association for the digital marketing and advertising ecosystem — has created a common API and a compliance program for the CMPs and lists all the players.

This standard API allows the integration and consent handling in a convenient way, thanks to a machine-readable document of the vendors (tools which might require consent), that has more than 765 entries to date. The most prominent one — Google — is yet missing whereas other players such as Criteo or Taboola are part of this list.

On the one side, consent banners have pretty good usability in order not to kill the conversion of a website, but on the other side, they also work with so call Dark Patterns to make the user give more consent than they want and throw privacy overboard.

Let’s see what the outcome on Thursday is and hope for the best for users and online businesses.

Update 2020–05–28: Judgement was released.

Gerald Madlmayr

CTO at Stylight. Motivated by: Writing Java Code, Docker, K8S, Machine Learning, High performance Teams

Related Articles

Check Also

Close
Close
X