Albin himself was also surprised by the fact that just displaying a consent window makes users directly flee by up to 40 PRozent. "The Consent banner obviously has a chilling effect on website visitors."
As the study further shows, no website with over 50 percent consent rate in the EU is even in possession of a legally effective consent banner. "Many websites harass their visitors without obtaining the required consent," says attorney Martin Steiger. The expert on law in the digital space also sees that most consent banners do not obtain legally valid consent. Many banners are designed in a misleading way or do not allow active, explicit and informed consent.
Whether a website needs a pop-up consent window at all depends on whether the operators of the site need the consent of homepage visitors for certain activities. According to Steiger, it's not where a website provider is located that matters, but which law applies. Most consent banners stem from the European E-Privacy Directive and the European General Data Protection Regulation DSGVO. Since the DSGVO came into force in 2018, cookie harassment has been the order of the day. For more than three years, users have been asked for their consent to the transmission of so-called cookies. These are pieces of information that are stored in the visitor's browser, and with the help of which advertisers are allowed to sound the halalalal on surfers.
Due to the countless online consent requirements, a certain cookie fatigue and annoyance has spread. More and more users also feel restricted by the many consent banners. According to Sandro Albin, many of the consent windows are also misleadingly presented. "So-called 'nudging' and 'dark patterns' make it more difficult for users to decline," he says. In this way, surfers are virtually persuaded or even pressured into giving their consent, in part with the help of manipulative processes.
This applies in Switzerland
In France, the data protection authority has just fined Google and Meta millions. This is because users on the two sites cannot reject cookies so easily. It is much easier for visitors to Google and Facebook, respectively, to say yes to cookie tracking. The authorities in our neighboring country to the west concluded that the complicated rejection process would therefore encourage users to opt for the simpler solution, namely clicking "I accept".
Albin advises to use the Consent Banner only where it is necessary for legal reasons. For Swiss traffic, he recommends a simple info banner like the one used by the Rhaetian Railway:
For traffic from the European area as well as accesses from countries where corresponding data protection regulations are in force, such a consent banner should be used:
If a consent window is nevertheless used on a website with Swiss users, then such a banner would also have to comply with the EU requirements: This means that such a window, as in the example of the washing machine manufacturer Schulthess, must have one click for "accept" and one click for "reject" at the top.
According to the expert, cookie-less tracking that does not process any personal data may be used before the consent banner. If the website visitor gives her consent afterwards, the tracking switches to normal cookie-based tracking. "In this way, website usage and campaign efficiency can still be measured, and at the same time you are DSGVO-compliant with this setup," says Albin.
The advertising franc also sticks to the Consent wall
The increased bounce rate due to approval windows also has frightening effects for advertisers. "The impact of advertising campaigns can no longer be measured, and advertising money is largely optimized to waste," continues Sandro Albin. With a media spend of 100,000 Swiss francs in a campaign, this would be around 65,000 Swiss francs, which would be spent in the dark without any feedback on the quality. This is devastating and many advertisers are certainly not even aware of it.
From the Advertisingweek.ch These Fusedeck analyses also show that the traffic quality of an advertising campaign varies greatly: the best advertising space provider delivers on average more than 200 percent better quality visitors than the worst publisher. With an average approval rate of 35 percent, according to Albin, only a few percent of the incoming users would even be counted via the known tracking and analytics systems. If advertisers can no longer optimize on 65 percent of the advertising budget used, it is not surprising that economic damage occurs.
The cookieless tracking is here
The marketing technology company Fusedeck enables its customers to measure the success and reach of websites without cookies. This is so that no more traffic is lost and website visitors who reject consent can also be measured. The Zurich-based company's cookieless session tracking has been DSGVO and e-privacy compliant since 2020.
In addition to Fusedeck, cookieless tracking can also be implemented with the free open source software Matomo, for example, which is also available as a cloud version. Matomo is used by various providers. One example in Switzerland is Friendly Analytics.
According to Martin Steiger, cookieless tracking has two major advantages: The measurement of success and reach remains possible without having to bother website visitors with a consent banner for cookies. Those who use cookieless tracking would also behave in a data-saving manner, according to the lawyer.
Cookieless tracking has the disadvantage that certain tracking options cannot be used or can only be used to a limited extent. However, it turns out that these options are often not needed at all or that alternative tools are available.
The lawyer recommends that his clients always check what tracking they actually need and how it can be used in a data-saving, user-friendly and target-oriented way. "For example, there is no point in using Google Analytics with many data protection problems, although you could rely on a data-saving alternative in Switzerland or at least in Europe." If, on the other hand, one is absolutely dependent on the possibilities of Google Analytics, it may be worthwhile to carefully weigh the regulatory effort, the economic benefits and the legal risks, he said.
What is the next legal step?
Data privacy and telecommunications law is currently being revised both in Europe and in Switzerland. In particular, this concerns the new Data Protection Act (DSG) in Switzerland and the ePrivacy Regulation as the successor to the ePrivacy Directive in Europe. From today's perspective, however, it is not yet clear when these decrees will apply. According to Zurich lawyer Martin Steiger, the new DPA could at best come into force on January 1, 2023.