Examination of cookies and third-party services on Lower Saxony websites

Many websites use cookies or integrate services from third parties – for example analysis, map or weather services. To do this, the operator of the site requires the consent under data protection law of the user. This consent must comply with the legal requirements in order to be effective.

The State Commissioner for Data Protection (LfD) in Lower Saxony recently carried out a cross-industry examination of data protection-compliant tracking on the websites of 15 small and medium-sized companies in the federal state, with the result that the reviewed companies use cookies on their company websites rather sparingly, but at the same time provide users with too little information about what data is collected when they visit their sites.

Among other things, it was asked whether third-party services (e.g. map or weather services) had been integrated, whether cookies had been set and whether consent had been properly obtained. In addition, a technical check of the relevant websites was carried out.

An effective consent requires that the website operator informs the users transparently and completely about which data is collected and to which recipient it is forwarded. Here, significant shortcomings of the websites became apparent, which in some cases even led to the consent being ineffective, namely in all cases in which the necessary information was not provided at all. In some cases, subtle influences – so-called nudging – were also used to press for consent. This is always the case when the “Agree” option in the cookie banner is more eye-catching in colour compared to the “Reject” option or when the process of rejection is unnecessarily complicated by longer click paths.

A positive result of the study was that the controlled websites used cookies relatively sparingly. A maximum of 14 cookies were found, some even used only one. It can be assumed that the relevance of the cookie issue in terms of data protection law has been dealt with.

The State Commissioner for Data Protection (LfD) in Lower Saxony is currently carrying out a coordinated inspection of online media websites with the supervisory authorities of several other federal states. The final results are not yet available.

We will report on the results in one of the next ePrivacy newsletters …