Illegal Cookie Use on Germany's Leading News Website

On January 2, the Federation of German Consumer Organisations (VZBV) announced that the District Court of Munich I has forbidden BurdaForward GmbH from employing tracking cookies without the express consent of consumers.

The cookie banner that appeared on the focus.de website disobeys the General Data Protection Regulation (GDPR), which influenced the authorities to take action.

Learn more about this topic on the Verbraucherzentrale Bundesverband website.

The Lawsuit Against BurdaForward GmbH

The website focus.de, the largest news portal in Germany, is run by BurdaForward GmbH, a subsidiary of the Burda media company.

A "cookie banner" appears once the user accesses the website, asking for their permission to store cookies and evaluate data on their end device for analysis and advertising reasons.

Users had just two options on the banner's home page: either full consent to the processing of their data and their browsing activities by a number of third-party organizations by clicking "Accept," or a “settings” option.

In the latter scenario, a window called "Privacy settings" appeared, containing settings for more than 100 third-party providers who were distinguished based on how much data they used across more than 140 screen pages.

The buttons labeled "Accept All" and "Save Selection" were prominently displayed. However, the option to "Reject All" was discretely shown in the window's upper right corner with a faded font.

This case is pretty similar to Google’s cookie consent banner that didn’t comply with General Data Protection Regulation (GDPR) - you had to customize a variety of choices to reject tracking and there was no “Reject All” button.

How the Design of the Cookie Banner Is Deceptive

The Federation of German Consumer Organisations' argument that the consent gained through the used banner is invalid was supported by the Munich regional court that ruled that this goes against GDPR requirements.

Due to the layout of the cookie banner, the consent gained on focus.de was not the result of a voluntary choice. With so many configuration options available on the second level of the banner, refusing consent requires more work than simply approving data processing.

The divergent handling of the choices "grant consent" and "refuse consent" lacks any logical justification.

Advantages of Choosing Cookieless Software Solutions

Most cookie consent pop-ups that are presented to European Union internet users, purportedly asking for permission to follow their web behavior, are likely in violation of local privacy rules.

The General Data Protection Regulation (GDPR) of the EU sets a clear standard for valid consent when it is used as the legal justification for processing the personal data of web users: consent must be informed, specific, and freely given. 

But many websites fail to create a banner based on these three pillars which can lead to GDPR fines.

However, there exist alternatives to cookie consent banners, such as cookieless tracking tools, like TWIPLA.

In the context of online privacy, cookieless tracking is a more secure option since no data is stored on the devices of users. Instead, cookieless tracking uses fingerprinting - the first time a person accesses a website, a digital fingerprint is left behind that can be detected on a subsequent page visit.

The fingerprint cannot provide information on what a visitor does outside of sessions related to a certain site because it is not retained on the user's device. Cross-tracking is therefore impossible. 

There is some anonymized data retained, but it is only accessible within the analytics environment and cannot be linked to a specific person's routines or past. Your online activities are private to everyone.