Fines announced for website tracking without consent

Many data protection authorities have already published their annual report for 2023, while others are still waiting. A look at these annual reports is always interesting for our consulting practice in order to keep an eye on the authorities' main areas of activity and legal opinions. 

Although there are rarely any big surprises, as the numerous publications by the authorities during the year already provide us with many insights, there are also some “little things” that are interesting.

Fines for tracking without consent 

In its 13th activity report for 2023, the Bavarian State Office for Data Security (LDA Bayern), for example, gave an outlook that in future, some website operators who use tracking tools on their website without user consent could face fines.

The fact that tracking without consent on the website is no longer legally possible since the TTDSG came into force at the end of 2021 is of course no surprise, but in practice many website operators have not bothered because “the others do it that way too” and no comprehensive measures or fines have been imposed by the authorities.

In their latest report, the LDA Bavaria now points out that they expressly want to create a “deterrent effect” and will therefore impose fines for these clear violations. The first cases were already handed over to the central fines office in 2023.

Use of Google Analytics without consent 

In its report for 2023, the State Commissioner for Data Protection and Freedom of Information Bremen (LfDI Bremen) also points out that it has already imposed fines in five cases for the use of Google Analytics without user consent. The LfDI Bremen also emphasizes how important it is to pay attention to the “data protection-compliant design of the banner”.

These references from the annual reports are also of particular importance because we are aware of a letter from the State Commissioner for Data Protection and Freedom of Information NRW (LDI NRW) from our current consulting practice in which it accuses the operator of a website of specific violations in the use of cookies and third-party tools as well as in the design of the cookie banner. The European Supervisory Authority's Website Auditing Tool (EDPB), which was only published at the beginning of the year, is used for the audit. This shows that the authorities now have an easy way to audit websites and suggests that such letters may be sent more frequently. 

Our recommendation

We therefore recommend checking the use of tracking tools on your own website. If consent has not yet been obtained, the introduction of a cookie banner is usually required. If you have already obtained consent, this should comply with the current requirements of the supervisory authorities. This is because in data protection, ineffective consent is no consent. The data is then processed without a legal basis and therefore unlawfully.

We would be happy to support you in checking and designing your website in compliance with data protection regulations.  

Similar posts

02. March 2022

First data protection authorities declare the use of Google Analytics illegal

The French and the Austrian data protection authorities declared the use of Google Analytics on company websites to be illegal and demanded that companies concerned stop using the tool.
Data protection
EU-GDPR
IT law
IT security
Back

Dr. Christian Lenz

Lawyer / Specialist lawyer for tax law / Specialist lawyer for information technology law

To the profile of Dr. Christian Lenz

Kirsten Garling

Lawyer

To the profile of Kirsten Garling

Joshua Kniesburges

lawyer

To the profile of Joshua Kniesburges

Data protection EU-GDPR IT law

Contact

Get in touch with us

Mail Contact form Telefon +49 228 81000 0
By uploading the YouTube video, you consent to cookies being set by YouTube and Google and to data being transferred to these providers. We process the data in order to be able to analyse access to our YouTube videos or to evaluate the effectiveness of our advertising and ads. YouTube and Google also process the data for their own purposes. In addition, you also agree that your data may be transferred to the USA, although there is a risk in the USA that the US authorities may gain access to your data for surveillance purposes and that you may not have adequate legal protection against such. You will find further information in our Data Protection Policy.
Load YouTube Video
By uploading the podigee podcast, you consent to cookies being set by YouTube and Google and to data being transferred to these providers. We process the data in order to be able to analyse access to our YouTube videos or to evaluate the effectiveness of our advertising and ads. YouTube and Google also process the data for their own purposes. In addition, you also agree that your data may be transferred to the USA, although there is a risk in the USA that the US authorities may gain access to your data for surveillance purposes and that you may not have adequate legal protection against such. You will find further information in our Data Protection Policy.
Load podigee Podcast