Drücke „Enter”, um zum Inhalt zu springen.
Hinweis zu diesem Datenschutz-Blog:
Anscheinend verwenden Sie einen Werbeblocker wie uBlock Origin oder Ghostery, oder einen Browser, der bestimmte Dienste blockiert.
Leider wird dadurch auch der Dienst von VG Wort blockiert. Online-Autoren haben einen gesetzlichen Anspruch auf eine Vergütung, wenn ihre Beiträge oft genug aufgerufen wurden. Um dies zu messen, muss vom Autor ein Dienst der VG Wort eingebunden werden. Ohne diesen Dienst geht der gesetzliche Anspruch für den Autor verloren.

Ich wäre Ihnen sehr verbunden, wenn Sie sich bei der VG Wort darüber beschweren, dass deren Dienst anscheinend so ausgeprägt ist, dass er von manchen als blockierungswürdig eingestuft wird. Dies führt ggf. dazu, dass ich Beiträge kostenpflichtig gestalten muss.

Durch Klick auf folgenden Button wird eine Mailvorlage geladen, die Sie inhaltlich gerne anpassen und an die VG Wort abschicken können.

Nachricht an VG WortMailtext anzeigen

Betreff: Datenschutzprobleme mit dem VG Wort Dienst(METIS)
Guten Tag,

als Besucher des Datenschutz-Blogs Dr. DSGVO ist mir aufgefallen, dass der VG Wort Dienst durch datenschutzfreundliche Browser (Brave, Mullvad...) sowie Werbeblocker (uBlock, Ghostery...) blockiert wird.
Damit gehen dem Autor der Online-Texte Einnahmen verloren, die ihm aber gesetzlich zustehen.

Bitte beheben Sie dieses Problem!

Diese Nachricht wurde von mir persönlich abgeschickt und lediglich aus einer Vorlage generiert.
Wenn der Klick auf den Button keine Mail öffnet, schreiben Sie bitte eine Mail an info@vgwort.de und weisen darauf hin, dass der VG Wort Dienst von datenschutzfreundlichen Browser blockiert wird und dass Online Autoren daher die gesetzlich garantierten Einnahmen verloren gehen.
Vielen Dank,

Ihr Klaus Meffert - Dr. DSGVO Datenschutz-Blog.

PS: Wenn Sie meine Beiträge oder meinen Online Website-Check gut finden, freue ich mich auch über Ihre Spende.
Ausprobieren Online Webseiten-Check sofort DSGVO-Probleme finden

Google Analytics is also consentable without cookies due to device access

0
Dr. DSGVO Newsletter detected: Extended functionality available
More articles · Website-Checks · Live Offline-AI
📄 PDF for this post
📄 Article as PDF (only for newsletter subscribers)
🔒 Premium-Funktion
Der aktuelle Beitrag kann in PDF-Form angesehen und heruntergeladen werden

📊 Download freischalten
Der Download ist nur für Abonnenten des Dr. DSGVO-Newsletters möglich

Google and some marketing people would like Google Analytics to be consent-free if cookies are disabled through configuration. Correct is that Google Analytics always accesses the user's device and is therefore consent-worthy on its own. This also doesn't change with the Google Consent Mode, which hasn't earned its name.

Introduction

In advance: The law does not know the term "cookie". The legal regulations deal with access to your and my Device. Cookies are "only" the most popular representative of this category, but by no means the only relevant case.

With the Google Consent Mode, Google promises that Google Analytics can be used even without consent (because without cookies) is allowed. That this is wrong, I show with a simple example. Even without Consent Mode, some Google Analytics bind without cookies and without consent. This does not make it much better. Maybe some do not know that the Consent Mode from Google contradicts an order processing relationship because Google processes data for its own purposes (cf. Art. 28 DSGVO). The fool or main responsible person is anyway the website operator. Do you want to belong to the fools?

This post shows that Google Analytics makes accesses to the user's end device which require consent. The legal provision for this is very simple.

In addition to this little problem, which I will name below, note here only on further legal problems with Google Analytics.

Data transfer to the US

A lot has already been said here. Even Google has said something about data transfer to the US:

All analysis data is always processed by Google Analytics in the US.

Written statement to the Austrian supervisory authority.

For more details, see an earlier contribution to Google Analytics.

User profiling and personalization

Google Analytics is extremely powerful. Hardly imaginable that this would be possible without user profiling. The Google Client ID, which Analytics tracks, is a personally identifiable data value. More about this in a study by Google Analytics.

European Data Protection Authorities

Meanwhile, some European data protection authorities consider Google Analytics generally unlawful or only permitted with consent (in theory, if the tool itself is not compatible with the GDPR at all). Here you can find more about that:

  • Denmark
  • France
  • Austria
  • Italy
  • Germany: Was there a statement? I know none that is analogous to the above.

Now to the actual topic of this post:

The reason why Google Analytics always requires consent.

The Cookie Paragraph

In the TTDSG, Germany's data protection law that has been in effect since December 1, 2021, the word Cookie does not appear even once. Since May, the TTDSG is now called TDDDG, but it remains word-for-word unchanged. For those who want to know more about it, here is § 25 TTDSG, which is also referred to as the Cookie Rule (slightly abridged for better clarity):

(1) The storage of information in the end user's terminal equipment or access to information already stored in the terminal equipment shall only be permitted if the end user has consented.
(2) Consent in accordance with paragraph 1 is not required
1. if the sole purpose of storing information in the end-user's terminal equipment or the sole purpose of accessing information already stored in the end-user's terminal equipment is to carry out the transmission of a communication over a public telecommunications network, or
2. if the storage of information in the end-user's terminal equipment or access to information already stored in the end-user's terminal equipment is strictly necessary to enable the provider of a telemedia service to provide a telemedia service explicitly requested by the user.

Summary regarding websites and Google Analytics:

Access to the user's end device is only permitted without consent if access is technically necessary.

Section 25 of the TTDSG regarding Google Analytics

Access to my device is not necessary for Google Analytics to function. This alone makes it unnecessary because Google Analytics is not necessary. We want to be precise: even for reach measurement, a cookie is not required, as I can report objectively (because it's technically verifiable) from personal experience.

To clarify: Consent is required if it is not technically necessary that

  • Data stored in the user's device will be saved OR
  • Accessed on data in the user's device.
Excursus: What is the difference in accessing the Viewport compared to accessing the Referer, the current URL, or the IP address
Read full article now via free Dr. GDPR newsletter.
More extras for subscribers:
Offline-AI · Free contingent+ for Website-Checks
Already a subscriber? Click on the link in the newsletter & refresh this page.
Subscribe to Newsletter
About the author on dr-dsgvo.de
My name is Klaus Meffert. I have a doctorate in computer science and have been working professionally and practically with information technology for over 30 years. I also work as an expert in IT & data protection. I achieve my results by looking at technology and law. This seems absolutely essential to me when it comes to digital data protection. My company, IT Logic GmbH, also offers consulting and development of optimized and secure AI solutions.

Underground conversation: Revolutionary Offline-AI, unbeatable & secure