Is such a cookie note mandatory in Germany?
This article discusses the following aspects:
- definition of cookies,
- which types of cookies are used,
- which cookies are used in Google’s web services
- what Google has to do with the whole story,
- the explanation of the terms opt-in and opt-out
- what the legislator stipulates in the Telemedia Act on the cookies used on its own website.
What are cookies and what forms of cookies are there?
According to Wikipedia, “cookies serve to store information associated with a website or domain locally on the computer for some time and to transmit it to the server on request” (Wikipedia, Cookie, 05.05.2017).
The cookies stored locally in the web browser can be used for technical purposes and for non-technical purposes. Internetwarriors.de say that cookies […] according to the directive are only unsolicited if necessarily for a function purpose.
The functionality of such cookies relates to the management of the user-selected language, the local storage of the shopping cart on the user’s device, or e.g. the automatic login / “stay logged in” when calling again an HTTP website, on which you have previously registered and logged in. On the other hand, there are cookies that are not technically necessary and can be used for other purposes. We’ll take a closer look at them using the cookies used by Google.
opt-in as consent
Opt-out as a rejection
The opt-out gives the user the opportunity to decline / revoke a service. This may be the refusal to use non-technically necessary cookies. Opt-out are also found in other areas such as for e-mail newsletters. By clicking on a link “Unsubscribe” placed in the footer area, the user commits an opt-out, eg. a contradiction to the further newsletter mailing.
The intent of Google’s User Agreement Policy is to present all collected data of the user and to receive a consent to the procedure.
Which cookies does Google use for its web services?
The cookies used by Google are intended for the identification of the user and serve the user and also Google. The cookies Google uses are to help users of Google products to adjust their website appearance, session status, security, analytics, processes, and advertising. Google stores cookies for regional settings, e.g. for retrieving weather reports, language setting and opt-out of a particular font size on different terminals.
Google also uses security cookies to “authenticate users, prevent fraudulent use of credentials, and protect users’ data from unauthorized access.” The cookie session_status assumes the role of analyzing the interaction between a user and a web page, such as a web page. “which pages users visit most frequently and if they receive error messages from certain pages”. Even without this cookie, the website can be displayed correctly. It is therefore a technically unnecessary Cookie.
The cookie for Google Analytics allows the website operator to create usage statistics. However, Google admits that “along with some of the advertising cookies described above, Google’s products, such as Google Search, as well as the entire web, are more relevant for ads.” In order to comply with this, however, advanced functionality would have to be used in analytics, for example. the retargeting has been set up.
The cookies Processes are technically necessary cookies. Google uses them for proper functionality, e.g. from Google Docs.
Which cookies need to be pointed out
[…] Website-operators […] need according to hosting.1und1.de […] the consent of the user. This applies to all cookies, […] especially advertising cookies that are used for retargeting […]. One such advertising service is [Google Adsense] (https://www.google.com/adsense/login/en/ “), which uses products and services from other websites to promote its use, which is a classic case of individualized advertising by setting Cookies.
The analysis service Google Analytics looks a bit different again: The service uses the cookie to represent the user behavior of returning users on their own website. User IPs can be anonymized Google Analytics IP-anonymized.
In this case, the data can not be used for advertising marketing because the obtained user data is anonymized and cannot be allocated anymore.
How can these statements now be reconciled with the Teleservices Act (TMG)? The Telemedia Act sometimes mentions the following three important points.
The Telemedia Act and the notification of the user about data storage
For example, the Telemedia Act regulates usage data for market research purposes
The Telemedia Act states in §15 Abs.5 that for the purposes of market research of others […] anonymized usage data may be transmitted to service providers. For the purposes of the analysis, data obtained can be transferred anonymously without any problems if implemented accordingly.
The Telemedia Act and the possibility of objecting to data storage
Website visitors should be informed as user-friendly as possible about the use and disapproval of cookies. What this could mean in concrete terms was explained by the EU Data Protection Commissioners of the “Article 29” group at the end of 2011 (source: Heise Verlag; https://www.heise.de/newsticker/meldung/Google-verpflichtet-Adsense-Nutzer-auf-Cookie-Hinweis-2765082.html">Google-committed-Adsense-user-on-cookie-note; 08.05.2017).
As justification is called that meanwhile the […] necessary consciousness developed, not least because of the on many British web offers unavoidable banners and pop-ups to use the files (Heise; https://www.heise.de/newsticker/meldung/Britische-Datenschutzbehoerde-weicht-Cookie-Regeln-auf-1797116.html">British DPA Dodges Cookie Rules on; 08.08.2017). Previously, the UK DPA had pushed for greater attention to the new EU rules.
(Heise; British DPA Dodges Cookie Rules ; 08.08.2017)