By Matthias Schneider
Many websites use manipulative methods to get at their users' data. Data protectionists are now launching an offensive against cookie banners.
For three years now, the European General Data Protection Regulation (GDPR) has required website operators to ask for permission if they want to collect their users' data. In reality, however, data protection is often the same as reading the general terms and conditions. Because the cookie banners, i.e. those buttons on which you indicate whether you want to share your data or not, are often designed suggestively.
What are cookies?
Cookies are small data sets that websites store to make users identifiable. With their help, individual profiles can be created that allow far-reaching conclusions to be drawn about surfing behavior, preferences and lifestyle. This knowledge is then used, for example, for personalized advertising.
What tricks do the providers use?
Often the button that consents to the collection of all data is large, green and attractively designed. The button that prohibits data collection is usually well hidden. Popular tricks are to gray it out or bury it several levels deep in the menu.
Are manipulative cookie banners legal?
"No," says Marco Blocher. He is a data protection lawyer at the European association Noyb, which made a name for itself with a successful lawsuit against Facebook, among other things. According to Blocher, the GDPR requires users to be informed and voluntarily consent to the collection of their data. In reality, however, a free decision is not possible with more than 90 percent of the websites. That's why Noyb yesterday sent 560 letters of complaint to German and US companies asking them to make their cookie banners fair. More than 10,000 further complaints are to follow. "We have deliberately not yet lodged an official complaint with the data protection authorities, but have given the companies one month," explains Blocher. Because many are not even aware that they are acting wrongly. "According to the GDPR, the buttons for accept and reject must always be of the same design and accessible," says Blocher. If this is not the case, the consent is invalid and the company is not allowed to process the data.
How do cookies specifically affect users?
How can you protect your data?
Tatjana Halm recommends using different providers for maps, e-mail and web search services. This is because everyone only gets part of the data and cannot create a complete profile. "You can also block and delete cookies," explains Halm. Because the shorter the cookies remain on the computer, the less information they can collect. "So that data is not collected in the first place, you have to do the work and reject everything with the cookie banners - it's worth it."
What settings can you make for data protection?
With the Google Chrome browser, the path leads to the three dots at the top right, which symbolize the settings. The “Delete browser data” setting can be accessed via the “History” field. In the settings menu you can block advertising cookies completely via "Privacy and security". Before deleting, however, you should check whether you really know all the passwords, since login data will also be deleted. In Firefox you have to click on the library symbol (top right, third from the right). "Chronicle" takes you to "Clear recent history". Now you only have to enter the desired period and what should be deleted. You can also manage cookie settings in Firefox via the “Privacy and Security” menu item.
What is the German legislator planning?
Just last Friday, the Federal Council approved the law regulating data protection and the protection of privacy in telecommunications and telemedia (TTDSG). According to the Federal Ministry of Economics, the law is intended, among other things, to open up the possibility of “developing user-friendly and competitive consent management”. This consent management can affect, among other things, profile-based systems. That would mean creating a profile, managing your privacy settings there, and then using the profile to log into the websites you visit. They must then automatically adopt the data protection settings. The law will come into force on December 1, 2021 and has yet to be fleshed out by a government regulation. Politically, the cookies still have a grace period.
How are the Internet companies reacting?
Many digital companies are already saying goodbye to cookies. Market leader Google has already blocked third-party cookies from its browser. Critics, i.e. the competition from Google, now fear that the group can use its market power to open up other data sources while they get nothing. The objection is not unfounded, because providers have to finance their content. If they don't sell user data, they have to ask for money -- but many consumers don't want that.
You can read more about cookie banners here.
List of rubrics: © Lino Mirgeler