This text does not constitute legal advice. Laws change, there are always relevant court rulings and I can only present basic features in this framework, which do not necessarily fit every individual case. I therefore strongly advise you to seek legal advice. With regard to the GDPR, always have your website checked by a lawyer or a certified data protection expert.
Cookie banners have become a familiar, yet annoying sight.
The General Data Protection Regulation (GDPR for short) stipulates that users must give consent to the use of most cookies. Without this consent, only technical, necessary cookies may be set.
Some external applications and technologies used may also “track” users on other sites.
Google Maps remembers places you have already been to and how you got there (public transport connections picked out and then taken the bus at the given time, for example).
When a visitor comes to your website, they must be allowed to assume they are entering a "safe space". So before you invade your visitor with external services or your own analysis, you must ask for permission to do so. The cookie banner is then used for this purpose, which informs about what technologies you want to use, why, and how long the data will be stored.
The Munich Regional Court also ruled at the beginning of 2022 that users must give their consent for their IP address to be transmitted when a Google font is reloaded from the web when visiting a website. This rule presumably also applies to all other web fonts that are integrated externally.
The Consent is usually obtained via the cookie banner. However, anyone who stores the font on their own server (i.e. locally) does not have to ask for consent to use it.
Until 2022, external services such as Google Fonts, Google Maps, OpenStreetMap, YouTube, Vimeo or chatbots were integrated rather pragmatically.
However, a correct implementation according to GDPR is now more important than ever. For this reason, a legal advisor or certified data protection expert should always check your own web presence.
If you install a surveillance camera in your retail store, you need to clearly educate the clientele about its use.
A surveillance camera is a good analogy to analytics software on your website.
However, the camera in the store is more for crime prevention. After all, you don't watch the movies every night and then write down which visitor was in the store for how long or which product they looked at for how long.
A website visitor analysis is more critical, because you follow the visitor in fact at “every turn” and record every action on the website and save this over a longer period of time, honestly: without any valid reason.
For this reason, you need to give the visitor the option to opt out of this tracking.
In principle, the legal principle of “consent first” applies.
This means that individuals must not be presented with a fait accompli in connection with the use of their data. Before data is collected and your visitors are connected to external sources that collect information, the user concerned must consent to this.
The cookies that are set by the services must be listed, named and described individually in the cookie banner.
You must describe which service sets the cookie, what the cookie is called, why the cookie is set and how long this cookie is stored.
This sounds complicated at first, and it is. For example, Google Analytics does not set just one cookie, but needs several cookies to function properly. And each cookie performs different technical tasks. You have to do a lot of research and be technically proficient to find all cookies and describe them correctly.
In my many years of professional experience, I have found that very few customers have the time and stamina to evaluate analysis data and act on it. Mostly, an analysis is desired to feel a sense of success, or to have a sense of whether you are relevant in the market at all.
However, you can measure this relevance even better with how many contact requests come in through your website. An analysis of page views is also possible without extensive tracking with Joomla.
Small to medium-sized projects can get by with optimizing the website to the best of their ability, evaluating it regularly themselves and questioning it again and again.
The analysis of the data collected by cookies also has only a very limited informative value. Current browsers block analysis tools from the outset, and their cookie banner serves as a second barrier. So you only collect data from those people who have both turned off standard browser tracking on their own initiative AND accepted your cookie banner.
...you can display a self-illustrated map, I will be happy to offer you the implementation of such a map.
...you can insert a link to the map service on the web page and have it open in a new window.
... you can insert a content blocker and explain to the customer in advance what will happen if the area is activated. For example: If you click on the button here, a connection to GoogleMaps will be established.
...you can upload the video directly to your own website (However, beware: for large videos this is not advisable)
...you can insert a link to the video service on the website and have it open in a new window.
... you can insert a content blocker and explain to the customer in advance what will happen if the area is activated. For example: When you click the button here, a connection to YouTube is established.
...a similar, free font can be installed locally.
... the extension Acymailing can be used. (Provided that the newsletter mailing is agreed with your hoster).
The links accompanied with the signature "affiliate link" are referral links. If you sign a contract through them, I will receive a commission as a thank you for my recommendation - at no cost to you, of course!
For website operators who use multiple cookies, I recommend the CookieFirst (Affiliate-Link) consent tool.
This allows you to implement the cookie banner in a GDPR-compliant and user-friendly way.
The banner colors and layout are customizable and can be adapted to those of your own company.
2) Cookie description available in multiple languages.
The included texts make it unnecessary to have them written by an expert at your own expense.
3) Consent configurable according to GDPR
The consent options can be configured individually.
4) Easy integration of the scripts via CookieFirst.
If you wish, you can integrate the external scripts in a user-friendly way via CookieFirst, so that you do not have to intervene technically in the website when a new service is added.
For Joomla there is the KCM Kick Consent Manager as an extension, which can be used as an alternative to CookieFirst. However, the Kick Consent Manager requires a bit more independent configuration. You have to write the texts and descriptions for all cookies yourself and keep them constantly up to date.
GDPR for Joomla! has become a standard to manage cookies and resources and have your website compliant with the EU GDPR law. It actually blocks whatever cookies and resources and it's able to track any consent requested on the website, both for cookies and privacy.
The GDPR component is also capable to find the correct configuration to stay compliant with cookies and resources used on the website thanks to the Audit and Auto Configuration tool.
The previous explanations show: Ideally, cookies that are not technically necessary should not be used on your website at all. If this cannot be avoided, however, a GDPR-compliant banner should be used that also fits in with one's own website and is as user-friendly as possible.
You still have questions or need help with your Cookiebanner?
Then we should get to know each other.