Cookie Policy
What is the Cookie Directive (EU Cookie Law)?
The Data Protection Directive – also known nationwide as the “Cookie Directive” – is a European directive (ePrivacy Directive) from 2002 – revised in 2009 – which has been implemented into national law in the European member states.
If you own a website or an online store, you are subject to the requirements of the privacy laws as interpreted by your country of residence, regardless of whether your website is privately owned or owned by a company or public authority.
The data protection guidelines state that all websites in the EU must obtain the consent of their visitors to store cookies on users' computers or smartphones (devices).
Who does the Cookie Policy apply to?
If your website uses cookies (first-party and third-party cookies), you are responsible for informing your website visitors about your use of cookies. You must do this explicitly in a cookie consent banner.
In addition, you must collect and securely store your users’ consent to cookies (up to 5 years).
The storage of consent is necessary and must be verifiable in case you are subject to an inspection or have to respond to a request for information about personal data from the state data protection authority.
Remember that the requirements for the collection and processing of personal data have been tightened with the General Data Protection Regulation (GDPR).
This is what the EU Cookie Directive says
In the European Union, the Directive 2009/136 / EC the Personal data protection when visiting websites. The EU Cookie Directive, which was passed in 2009, was supposed to be implemented by all member states by 2011 at the latest - but this did not happen.
The Cookie Directive essentially stipulates that visitors to a website are informed about the use of cookies in an easily understandable form and must consent to their storage. According to the directive, cookies may only be used set without asking will if they technically necessary – for example, to implement a service requested by the user. These include Session cookies to store the language setting, log-in data and shopping cart or Flash cookies to play media content.
However, website operators require user consent to use most cookies. This applies to all cookies that are not technically necessary for the functioning of the website. In particular, advertising cookies that are necessary for the Retargeting used, but also analysis and social media cookies are included. However, the EU directive does not specify exactly how the requirements mentioned are to be implemented. There is uncertainty, especially with regard to the consent of website visitors.
Contents of the current EU Cookie Directive
With the Cookie Directive, the European Union wants to better protect Internet users' personal dataThe EU generally distinguishes between technically necessary and non-necessary cookies:
- Technically necessary cookies: Necessary data storage includes cookies that are absolutely necessary for the functions of a website. This means, for example, saving log-in data, the shopping cart or the language selection using so-called session cookies (which are deleted when the browser is closed).
- Technically unnecessary cookies: Non-necessary cookies are text files that are not only used to ensure the website works, but also collect other data. These include the following:
- Tracking cookies
- Targeting cookies
- Analysis cookies
- Cookies from social media websites
Necessary cookies According to the Cookie Policy, they may be set from the beginning, i.e. even without prior consent by the user. In contrast, website visitors must consent before cookies store non-essential data. Thus, the EU Cookie Directive, according to general understanding, requires a so-called Opt-in solution for non-essential cookies.
This is the difference between opt-out and opt-in:
- Opt-out: Cookies are set from the beginning – users can only subsequently object to data storage.
- opt in: Cookies are not set from the beginning, but only when the user agrees to the data storage.
