09/11/2024 - Articles

Projektron website without cookies: Security and data protection come first

In today's digital world, cookies are ubiquitous. They enable personalized experiences, support marketing strategies and improve the functionality of websites. But at the same time, they raise significant privacy concerns and can significantly impair a website visitor's user experience. Projektron GmbH has taken a bold step and completely dispenses with cookies on its websites. In this blog article, we explain why a website without cookies can be the better choice and what advantages this brings for users and companies.

What are cookies?

Cookies are small text files that are stored on the user's device when they visit a website in order to collect and later retrieve information. These files often contain personal data such as IP addresses, pages visited or information entered in online forms. Since this data is sensitive, the active consent of users is required for storage and processing in order to ensure data protection.

There are different types of cookies that are used for different purposes:

  • Technically necessary cookies: These are essential for a website to function properly, for example, for the stability of the connection or to store login data.
  • Session cookies: temporary cookies that are used during a session and deleted after the browser is closed.
  • Marketing and tracking cookies: these store information about user behavior on websites in order to display personalized advertising or create user profiles. Since they are not technically necessary, they are controversial in terms of data protection.
  • Third-party cookies: these are set by external providers and are often used for advertising purposes or to integrate services such as YouTube or Google.

While cookies can improve the browsing experience by saving language settings or shopping carts, for example, they also pose risks to privacy. In particular, tracking and third-party cookies often collect data without the user's knowledge, which raises significant privacy concerns. For this reason, the consent of the user is necessary before these cookies can be set.

The cookie debate

The legal requirements for the use of cookies have become significantly stricter in recent years. Companies are obliged to follow strict data protection regulations, in particular through the GDPR and the planned e-Privacy Regulation. The most important legal milestones include:

  • ECJ ruling from October 2019 (Az: C673/17): The European Court of Justice ruled that the cookie policy must be implemented correctly, making the Telemedia Act (TMG) in Germany obsolete.
  • BGH ruling from May 2020: This ruling confirmed the ECJ's requirements that active user consent is required for all non-essential cookies (opt-in).
  • GDPR (General Data Protection Regulation): Since 2018, the GDPR has required explicit, informed consent from users for the processing of personal data.
  • e-Privacy Regulation: This regulation complements the GDPR and emphasizes privacy protection. It will further tighten cookie consent requirements and only allow the use of cookies without explicit consent in exceptional cases.

These legal requirements make it clear that companies must carefully plan their cookie strategies to avoid legal risks. Active, informed consent from users is essential if non-essential cookies are to be used. Marketing and tracking cookies are particularly criticized because they often collect data and share it with third parties without sufficient transparency.

The cookie debate shows that many users do not fully understand which cookies are really necessary and what happens to their data. Since the introduction of the GDPR, cookie banners that request consent have become widespread, but they are often perceived as annoying. This has led to growing skepticism towards websites that use numerous cookies and constantly ask for consent.

What is a cookie banner?

A cookie banner is a notice that appears when a visitor accesses a website for the first time. It provides information about the use of cookies and requests the user's consent to use certain cookies. A legally correct cookie banner must be transparent and user-friendly so that the visitor can make an informed decision about which cookies to accept and which to reject.

Essential information that a cookie banner must contain includes:

  • Type of data collected: The banner should clearly state what data is collected and how it is used.
  • Purpose of cookies: It must be clear what the cookies are used for, e.g. for tracking or functional purposes.
  • Third-party providers: Information on whether and to whom the data is passed on, e.g. to external service providers such as YouTube or Google.
  • Option to revoke: An easily accessible option to revoke consent at any time.

A legally watertight consent banner should also allow the user to actively select which cookies they want to allow. It is important that no pre-ticked boxes are used to meet the requirements of the German Federal Court of Justice (BGH). It must be designed to be user-friendly and non-manipulative, with clear options for accepting or rejecting cookies.

Is a cookie banner always necessary?

In fact, a cookie banner is only mandatory if the website uses cookies that go beyond purely technical functions. Technically necessary cookies do not require consent because they are essential for the website to operate. If no marketing or tracking cookies are used, there is no legal requirement to obtain user consent. This is why some websites – such as those from Projektron GmbH – deliberately do without cookies and thus also without annoying cookie banners.

The disadvantages of cookies and cookie banners

While cookies were originally developed to improve the user experience, their applications have expanded considerably over time. This has led to a number of problems affecting both user experience and user privacy.

1. Impairment of the user experience

Cookie banners are now a standard feature of almost every website. They often appear as annoying pop-ups that delay access to the actual content. Users must first give or refuse consent before they can see the desired information. This additional step can be frustrating and negatively affect the overall experience.

2. Privacy concerns
 

Many cookies are used to track user behavior and create detailed advertising profiles. This raises serious ethical concerns as personal data is collected without sufficient transparency and consent. Users feel monitored, which undermines trust in the website and the company.

3. Legal risks
 

Not all websites strictly adhere to data protection regulations such as the GDPR. This can lead to significant legal problems and heavy fines. Companies that use cookies unlawfully expose themselves to a high risk, especially if they do not properly obtain user consent.

Cookie banner risk: Better to do without than risk mistakes?

A faulty cookie banner poses significant legal risks for website operators. A study by the Bavarian data protection authority has shown that many websites in Bavaria still do not meet the legal requirements for cookie banners. Of 1,000 sites checked, violations were found on about 350, including the use of so-called “dark patterns”, in which the “Reject All” option is hidden or difficult to find in order to persuade users to give their consent. These types of violations can result in significant consequences for operators.

The investigation shows how risky it is to use a cookie banner that does not comply with data protection regulations. Even though automated testing procedures such as those used by the Bavarian State Office for Data Protection Supervision cover a large number of websites, many operators remain unsure whether their cookie banners are legally compliant. In many cases, it is therefore safer to do without cookies altogether to avoid legal problems and provide users with a more transparent and privacy-friendly experience.

The advantages of a website without cookies

1. Improved user experience

Without cookie banners, the annoying pop-up that forces users to make a decision before they can see the contents of the website is no longer necessary. This results in a more seamless and pleasant browsing experience that increases user satisfaction.

2. Increased data protection and privacy
 

Without the use of cookies, no personal data is collected or shared with third parties. This protects the privacy of users and strengthens trust in the website and the company. Users can be sure that their data will not be used for tracking or personalized advertising.

3. Legal certainty

By not using cookies, many of the legal requirements for obtaining consent are eliminated. This way, companies avoid potential fines and legal disputes related to data breaches.

4. Faster loading times and better SEO

Cookies and the associated scripts can increase the loading times of a website. A faster website not only improves the user experience, but can also have a positive effect on search engine rankings. Search engines prefer fast and efficient websites, which increases visibility in search results.

Focus on data protection and security: Projektron GmbH

Projektron GmbH has had a certified information security management system (ISMS) according to ISO 27001 in place since 2018. This certification confirms that we apply and continuously improve the highest standards for information protection. Our ISMS is based on a comprehensive concept that protects the confidentiality, integrity and availability of data. We only want to collect and process the information that is absolutely necessary to provide our users and customers with the best possible service. A central concern for us is to strictly implement the principles of transparency,data protection,data minimization and information security.

A major step we took in this regard in 2023 was to redesign our website. To meet data protection and data security requirements, we decided to make our website cookie-free. This means that we deliberately refrain from using tracking cookies and similar technologies that typically collect and store personal data. By avoiding cookies, we consistently implement the principle of data minimization, which is also enshrined in the General Data Protection Regulation (GDPR).

For you as a visitor, this means that you can use the Projektron website completely without consent and without having to worry about your data being passed on. This conscious decision is part of a comprehensive data protection concept that also aims to avoid third-party services such as Google Fonts, reCaptcha or YouTube that could transfer personal data such as IP addresses to third parties. You can learn more about this landmark decision on the cookie page of Projektron.

Projektron's path to a cookie-free website

Projektron GmbH has taken a number of measures to make its websites completely cookie-free. Here are the main strategies we have implemented along the way:

1. Customized solutions with TYPO3

Instead of standardized content management systems like WordPress or web construction kits, we rely on Typo3 and consciously avoid plugins or extensions that require cookies. Instead, we develop our functions, such as our event calendar, tailored to our specific requirements. This enables us to provide an efficient and targeted web solution without integrating unnecessary third-party scripts. This way, our website remains easy to manage and content can be updated without extensive training.

2. Avoiding Google Analytics and using Matomo

At Projektron, we deliberately avoid using Google Analytics in order not to pass on your data to third parties or to track your visitor behavior. Instead, we use Matomo, a privacy-friendly web analytics solution. Matomo enables us to offer comprehensive analysis functions without transferring personal data to external servers. We store all data on our server infrastructure hosted in Germany according to the highest security standards and data protection in accordance with strict German guidelines. We can also enable anonymization features and ensure that data is only collected with your consent. Our goal is to provide you with a safe and transparent online experience without compromising your privacy.

Switching from Google Analytics to Matomo involves some differences, especially with regard to data protection, data collection and analysis functions. Here is a comparison of the two and the effects of the switch on Matomo analysis options:

Google Analytics

Matomo

Data collection and use

  • Collects data about user behavior on a website and sends it to Google servers, often in the US
  • Uses cookies to identify users and track their movements across different pages and sessions
  • User behavior is tracked across different websites and apps, creating extensive profiles
  • Google also uses the collected data for its own purposes, e.g. personalized advertising
  • User data can be stored on your own servers and not passed on to third parties
  • No profiling or data sharing for third-party marketing purpose
  • Anonymization features so that personal data, such as IP addresses, are not fully captured

Evaluation options and restrictions

  • Wide range of analysis tools (including demographic data, user interests, device information, geographic locations, behavioral data on visitor history, conversion tracking)
  • In-depth marketing options: functions such as target group retargeting and integration into Google Ads
  • Machine learning functions: predict visitor behavior and create personalized reports
  • Basic and advanced analytics (including visitor data, page usage, bounce rates, dwell time and conversion tracking)
  • Anonymization of data so that no personal data is processed directly
  • Event tracking and e-commerce tracking also possible, but without the in-depth insights of external data sources
  • Heatmaps and session recordings to visually analyze user behavior
  • No machine learning algorithms and no integration into the Google ecosystem/li>
  • Data on demographic information or interests is limited
  • Retargeting and user-defined target group analysis are only available to a limited extent or not at all

Page views, time on site, bounce rates, conversion tracking, heat maps and event tracking are still possible with Matomo. Detailed analysis of user behavior and creation of individual reports are also available, but with less detail and without linking external data sources. So, abandoning Google Analytics means compromising on data protection and data control. The main advantage of Matomo is that it does not share data with third parties and is therefore more privacy-friendly. It is GDPR compliant and offers users greater control over their personal data. In our view, this aspect clearly outweighs the others.

However, the suitability of Matomo depends on the focus of the website: for e-commerce sites that rely on detailed analytics, audience retargeting, and machine learning, Google Analytics offers more extensive features. For B2B sites or companies where data protection and data minimization are priorities, the somewhat more limited analytics options of Matomo are often sufficient and more sensible.

3. No loading of external data

We store fonts, JavaScript libraries and graphics locally instead of loading them from external services such as Google Fonts or content delivery networks (CDNs). This reduces data traffic and increases our independence from third-party providers. It also minimizes data protection risks and can improve our website's loading times. Our approach is in line with our comprehensive quality and security measures.
 

Projektron is ISO/IEC 27001 certified, which reaffirms our commitment to the highest standards of information security management. For more information about our security standards, please visit our Quality and Security page.

4. GDPR-compliant alternative to Google Maps

For interactive maps, Projektron GmbH uses OpenStreetMap instead of Google Maps. The map data is loaded via a proxy so that no user data is passed on to OpenStreetMap. This ensures compliance with the GDPR and protects the privacy of users. These maps are used, for example, on the “How to get here” page to show locations such as the company headquarters and other relevant addresses. OpenStreetMap is a free and license-free map project that collects and provides geographical data from users.

5. No embedding of external videos

On our website, we use a privacy-friendly method for embedding YouTube videos by using the special URL youtube-nocookie.com. This approach is designed to protect your privacy by preventing YouTube from automatically saving cookies when loading our page.

When using the “youtube-nocookie.com” URL, YouTube will not set any cookies on your device when you visit our site initially. This means that no data about you will be passed on to YouTube until you actively interact with the video. Cookies will only be set if you play the video or click on the “Watch on YouTube” link to watch the video directly on the YouTube website.

This method allows us to minimize the initial privacy impact and better protect your data from being shared with third parties immediately. This is especially important if you value a privacy-friendly web configuration and want to ensure that your privacy is respected while you enjoy our content.

6. Only technically necessary cookies

In exceptional cases where cookies are technically necessary (e.g. for user areas or contact forms), Projektron GmbH only uses temporary session cookies that are automatically deleted after you leave the page. These cookies do not require any explicit consent and still enable the website to function smoothly.

7. Transparent data processing at Projektron

At Projektron, data protection is not just a technical feature, but firmly anchored in the company philosophy. The data protection declaration of Projektron explains in detail how the company handles personal data. Projektron places the highest value on ensuring that all data processing meets the strict requirements of the EU General Data Protection Regulation (GDPR). This also includes not collecting unnecessary data and securely storing all processed information.

What cookies are used on your website?

To determine which cookies your own or another website sets, you can open the developer tools in your browser using the F12 key. Here is a step-by-step guide to checking the cookies:

  1. Press F12 in the open browser or right-click on the page and select “Inspect”.
  2. In the developer tools, there are several tabs such as “Elements”, “Console”, “Network”, etc. Select the tab “Application” (in Chrome and Edge) or “Storage” (in Firefox).
  3. On the left side, you will see a list under “Storage” or “Cookies”. Click on “Cookies” and select the current domain.
  4. Now you will see a table with all cookies set by this site. Here you will find information such as:
     
    • Name: The name of the cookie
    • Value: The value of the cookie
    • Domain: The domain that set the cookie
    • Path: The path for which the cookie applies
    • Expires/Max-Age: The expiration date of the cookie
    • HttpOnly: Indicates whether the cookie is only accessible via HTTP on the server side
    • Secure: Indicates whether the cookie is only transmitted via HTTPS

If you open the “Network” tab and reload the page, you will also see all HTTP requests and can thus check whether cookies are sent with certain requests.

In addition, there are various online tools that can help you find out whether and which cookies are used on your website. These so-called cookie checkers provide a first orientation but are no substitute for comprehensive technical or legal advice. They merely provide a general assessment of cookie use.

One example of such a tool is Cookiemetrix. After entering your URL, it checks your website for the following criteria:

  • Banners Found: Is a cookie banner displayed and does it meet legal requirements?
  • Third-Party Domains: Are cookies or scripts from external providers such as YouTube integrated?
  • Stored Cookies: Are cookies possibly stored before explicit consent?

It is important to note that these analyses only apply to the page tested, but not to your entire website. This means that cookies may be set on a particular page of your website, while this may not be the case on another page. For example, a subpage with Google Maps may use cookies, while the home page does not use cookies.

Conclusion: The future without cookies – security and user-friendliness

At a time when data protection is becoming increasingly important, Projektron GmbH's decision to dispense with cookies is a forward-looking approach. A cookie-free website offers clear advantages for both users and companies:

  • Improved user experience: Without annoying cookie banners, visitors can access content directly and unhindered. In addition, the website benefits from faster loading times.
     
  • Increased data protection: By eliminating tracking cookies, the privacy of users is protected and the storage of personal data is no longer necessary.
  • Legal certainty: Compliance with the GDPR and the elimination of potential legal pitfalls associated with cookies minimizes the risk of non-compliance.
  • Optimized search engine ranking: Faster loading times and less technical effort can positively influence search engine ranking.

Projektron's commitment to a secure digital future
 

By not using cookies, Projektron sets a new standard for secure, privacy-friendly and user-centered web use. We show that it is possible to respect the privacy of users and offer an optimal surfing experience at the same time.

With a cookie-free website, we not only pursue legal security, but also create trust. By opting for a cookie-free website, we not only respect your right to data protection, but also consciously focus on protecting your personal data without using unnecessary trackers. This is not only a win for data protection, but also a signal for responsibility and innovation in the digital age. As a user, you can be sure that your data is protected while enjoying an undisturbed and pleasant online experience.
 

About the author

Kai Sulkowski is a marketing editor, in-house SEO and responsible for website content at Projektron GmbH. As an expert in digital content and search engine optimization, he has extensive experience in creating privacy-friendly web solutions. In his article about Projektron's implementation of a cookie-free website, he shows how data protection and user-friendliness can go hand in hand – a topic that is particularly close to his heart.

Disclaimer

This blog article is for information purposes only and does not constitute legal advice. Please consult a qualified lawyer for legal advice. When implementing your cookie-free website, be sure to consult your data protection officer.

More interesting articles on the Projektron blog

Vier Boxen mit Bildern
Projektron does not use cookies on its websites at all. In this blog article, we explain why a website without cookies can be the better choice and what advantages this brings for users and companies.

Projektron does not use cookies on its websites at all. In this blog article, we explain why a website without cookies can be the better choice and what advantages this brings for users and companies.

All references To top