Know your cookies

How You Can Avoid Cookie Banners on Your Website

Cookie banners are not only extremely unpopular among users on the web. They significantly disrupt the user experience of a website and are therefore also often unpopular with web designers. We show some tricks that can help to reduce cookies and ideally do without cookie banners on the website.

Cookie information, also often called "cookie banners" or "consent banners", are a relatively recent phenomenon brought about by the General Data Protection Regulation. Since the GDPR came into force in 2018, it has been necessary to inform users about the setting of specific cookies and to obtain their consent when personal data is stored, processed or passed on. The more appropriate term would therefore also be consent banner rather than cookie banner, as it is not just about cookies but in particular about consent to the processing and transfer of personal data.

What many people do not know: There are ways to avoid cookie banners on your own website. Mostly it is the tracking of users on the website and the embedding of fonts by providers such as Google Fonts that make cookie banners necessary. We will show alternatives to this, so that you can say goodbye to cookie banners. First, however, let's clarify what we are dealing with in the case of a cookie.

Cookies are basically small files that a web browser stores on the user's computer. For example, if you visit a site on the Internet for the first time and it uses cookies - as so many sites do - a new cookie is created on the user's computer.

The use of cookies can have a variety of functions and not all cookies are problematic in terms of data protection. Here, an important distinction should be made:

On the one hand, there are cookies that are technically necessary to ensure the functioning of a website. Examples of this are language settings, as well as so-called session cookies are practical helpers on the Internet that make it possible to be logged on to websites in the first place. These cookies usually do not require a cookie banner if they do not collect or process personal data.
On the other hand, there are so-called tracking cookies - these are those cookies that cause data protection problems by collecting, processing and/or passing on personal data to third parties. Third parties (such as Google) can subsequently use this personal data for their own purposes.

Thus, it is not all cookies that pose a problem, but very specific cookies and with them the collection and disclosure of personal data. Often, the use of these tracking cookies happens through the integration of external services such as Google Analytics or Google Fonts.

Example: typical cookie banner or consent banner. Source: github.com

When we talk about tracking, we usually mean the measurement of user behavior on websites or web applications in the web sector and online marketing. A very popular tool used by many website operators is Google Analytics, which is admittedly a very practical tool with high functionality. However, there are some data protection concerns about Google Analytics. Google uses so-called tracking cookies to collect and process personal data across websites. Therefore, if you want to use Google Analytics to measure user behavior, you must also use a consent banner on the website to obtain the user's consent in advance.

Our alternative suggestion: There are also GDPR-compliant tracking tools that do not process personal data at all and therefore do not require a Consent Banner. One such alternative to Google Analytics is Plausible Analytics, which does not collect any personal data and is therefore 100% GDPR-compliant. Plausible Analytics nevertheless gives website operators a very good overview and detailed analysis of what is happening on their own website. We have been using this tool for over a year and have not missed any data so far. How Plausible works and what it offers? Find out here.

Hosting Fonts Locally #

Many websites use Google Fonts, a font visualization service provided by Google. This service allows fonts to be included directly on websites for free via APIs.

The problem with this: The use of Google Fonts is not allowed without the consent of the users, because according to a German court decision of January 2022, the use of Google Fonts without consent is not GDPR-compliant. If you want to use Google Fonts, you must obtain the consent of the user in advance.

A simple alternative to this is to host the fonts on your own server. Hosting fonts locally means that the fonts are stored on your own server and that the fonts are not integrated via an external service (as is the case with Google Fonts, for example). This also means that no data is transmitted to third parties, which eliminates the reason why consent is required.

Know Your Cookies #

Depending on which other (external) services you use on your website, other cookies may also be used. It is important to always know which specific cookies are used, what they are used for and why they are necessary - and to make this information clearly available to users. At the same time, you should always ask yourself the question: Do I really need these cookies or is there an alternative to avoid the setting of certain cookies, thus also giving me the option of not using the cookie banner?

If the cookies are actually needed and they require a cookie information for the users, then this should also be designed GDPR-compliant. Because even if cookie banners are set, it does not automatically mean that they are used correctly. For example, misleading designs are often used which are intended to make rejecting cookies extremely complicated and difficult.

Better safe than sorry: Especially when it comes to data protection, website operators should act fairly and, above all, in compliance with the GDPR with respect to users.