Consent: Consumer advocates criticize cookie regulation as a pipe dream
According to consumer associations, the planned cookie regulation will be ineffective. The federal association criticizes the plan to manage consent.
(Image: Proxima Studio/Shutterstock.com)
The German Federation of Consumer Organizations (vzbv) has little sympathy for the regulation approved by the German government on Wednesday to manage consent for cookies. The executive wants to establish services with which consumers can give and manage their consent or refusal to the collection of personal information on the Internet in accordance with the General Data Protection Regulation ( GDPR). The aim is to reduce the flood of cookie banners. However, the vzbv does not believe that the initiative could have a "positive effect" in its current form.
The consumer advocates see it as particularly problematic that providers of digital services do not have to accept the decisions made by users via consent management services, also known as Personal Information Management Systems (PIMS). If users do not give their consent to the setting of cookies, online services could ask for consent again as often as they like. Only an opt-in should apply permanently and a reminder should only be possible after one year at the earliest. According to the vzbv, users are thus put under pressure to say yes. This is unacceptable and contradicts the requirements of the GDPR. Furthermore, this approach removes the incentive for consumers to use consent management services.
According to its statement, the association also sees hardly any incentives for companies to integrate PIMS. In general, it complains about the inescapable, complex and ubiquitous collection of data in the area of online advertising. The scope of consent is therefore "usually completely unclear, not only with regard to the complex infrastructure and the data processing bodies involved, but also with regard to the enormous and cross-context scope of user profiles". It is therefore fundamentally doubtful that such consents "were given in an informed manner and meet the requirements of the GDPR".
Targeted advertising system is the main problem
According to the vzbv, annoying cookie banners lead to consumers "only registering with consent management services under pressure" and giving their consent in order to be spared further opt-out arias. In these cases, the voluntary nature of consent must therefore be doubted all the more, says the association. Providers of digital services could therefore not rely on the legal certainty of an opt-in. Without a "fundamental adjustment of the underlying ecosystem at a regulatory and technical level", the corresponding expectations for the success of PIMS would be misguided.
Browser manufacturers in particular should ensure that a signal stored via the provider of digital services is not suppressed, delayed, decrypted or altered in any other way, the vzbv adds. In practical terms, this would mean Users who, annoyed, click on "accept" in a consent banner could no longer rely on being protected from tracking and profiling for advertising purposes by the privacy-friendly settings they have made in their browser. Browsers would have to store cookies – against the wishes of users –. This would particularly disadvantage browser providers that protect their users with "Do not track" presets, for example, and dilute their competitive advantage.
Digital economy finds partly praising words
Consumer advocates demand that providers of digital services must comply with users' decisions. Repeated requests should be prohibited. The requirements should also apply to all providers of digital services that integrate consent management services. Users should also be able to choose freely between different consent management services.
In contrast, the German Digital Industry Association (BVDW) welcomed the plan in principle, as it takes into account the freedom of economic activity and entrepreneurial freedom of choice. "However, there are still legal uncertainties," BVDW Vice President Moritz Holzgraefe told heise online. "This concerns, among other things, the technical feasibility of signal processing, for example, as well as the handling of multiple consents and corresponding conflicts." The responsibilities between all parties involved and the associated liability issues have also not been clarified. In addition, the government is "taking a special national path" with this step.
(vat)
