On the occasion of Safer Internet Day, the Bavarian State Office for Data Protection Supervision (BayLDA) audited websites with a large reach with regard to obtaining and documenting user consents GDPR-compliantly. The results are distressing: tracking tools are not used in compliance with data protection regulations on any of the 40 Bavarian company websites investigated.
Three of the seven criteria that a user’s consent must meet according to the GDPR were specifically examined:
1. Consent must be given in advance: Data should therefore only be collected once consent has been obtained. Thus, website operators must ensure that the cookie banner is technically linked to the integrated tracking technologies.
Result: Only 8 of the 40 reviewed websites meet this requirement.
2 The consent must be informed. This means: At the time of giving consent, the user must be aware of all circumstances in connection with data processing and knowingly approve them.
Result: Only 4 of the 40 reviewed websites meet this requirement.
3. Consent must be given voluntarily, besides an “Accept” button, a “Reject” button on the cookie banner is therefore essential.
Result: Only 8 of the 40 tested websites satisfy this requirement.
The BayLDA evaluates the result as follows: “None of the consents obtained are valid. As a result it is thus illegal to process data through tracking tools requiring consent.”
The president of the BayLDA, Thomas Kranig, confirms:
“All the reviewed websites infringe data protection laws when deploying these tracking tools. For the responsible companies, our audit will have consequences. We have decided to put an end to these infringements and to assess initiating summary proceedings.”
How can you ensure that your tracking complies with data protection regulations and that you can still run personalised advertising? This is where a Consent Layer or a Consent Management Platform (CMP) comes into the equation, with which you programmatically obtain, manage and document the consents of your website visitors.
Source (Analysis results of the BayLDA data protection audit of 05.02.2019):
Presentation: “Sicher im Internet – Digitale Dienste im Datenschutzcheck” (ab Seite 20)
Obtain DSGVO-compliant consent
How can you ensure that you can use your tracking in compliance with data protection and continue to play personalized advertising? At this point, a Consent Layer or a Consent Management Platform (CMP) such as Usercentrics comes into play, with which you programmatically obtain, manage and document the consent of your website visitors. Arrange a free and non-binding demo today!