TTDSG 2022 & Google Analytics ban in Austria

We support dozens to hundreds of clients in the areas of online marketing and web development. Google Analytics and tracking also play a role in this.

Take a look at my video about this. Then you can read everything again at your leisure and implement it step by step.

And now you can read it all again.

The TTDSG - to whom does the Telecommunications and Telemedia Data Protection Act apply?

As I understand it, the TTDSG applies to all companies that provide services for German customers or sell products to Germany and the like.

An online shop from Austria that delivers to Germany, for example, is affected, but an installer who is only active in Vienna is not, in my view.

TTDSG stands for Telecommunications and Telemedia Data Protection Act.

You can't imagine much about it yet.

If you look at the full name of this federal law, which came into force in Germany on 1 December 2021, you'll understand a little better what it's all about:

Act on Data Protection and the Protection of Privacy in Telecommunications and Telemedia - TTDSG.

A hot topic? Maybe.

At least you should know about it.

I don't want to bore you with the legal text and theoretical explanations. You can read about it in another, more competent place. >> more information on the TTDSG

We deal with the practice.

The TTDSG in practice

For us, two points are important for the time being and must be observed.

1. The cookie banner - cookies must be selectable or deselectable (you already know this from the GDPR)
2. Cookies that are not system-relevant must not be active before selection

1. Cookies must be selectable or deselectable.

Let's take a look at an example.

In a cookie banner that is compliant with the TTDSG, there must be 3 buttons:

• Allow all (all cookies are activated)
• Customise (cookies can be selected)
• Reject (all cookies are rejected, i.e. deactivated)

A cookie banner must have these 3 options in order to comply with the TTDSG. In other words, cookies must be selectable or deselectable.

I'll talk later about the effects and problems this has for you as a website or web shop operator and how you can deal with them.

Before that, let's move on to the second important point.

We now know that the cookie banner must offer the option of selecting or rejecting cookies. The second important point is:

2. Cookies that are not system-relevant must not be active, i.e. executed, before selection.

This also applies in particular to the Google Analytics and Facebook pixel.

So that you can check whether these cookies are active on your site, let's take a look at an example.

Right-click on the page to open a window in which you select "analyse".

The DevTools bar opens. Select "Applications" and "Cookies" in the navigation on the left.

You can now see whether and which cookies are active.

Only system-relevant cookies may be activated.

If you click on the "Accept all" button in the cookie banner, you activate all cookies, including those that are not system-relevant, such as the Google Analytics cookie.

To summarise:

• The cookie banner must have an Accept button, a Reject button and the option to customise/edit and
• Google Analytics and Facebook Pixel must not be active before acceptance.

Dein Ansprechpartner:
Florian Prohaska - Co-Founder

Möchtest du mehr Kunden über das Internet gewinnen? Wir können helfen!

• SEO: Sichtbarkeit und qualifizierten Traffic durch gezielte SEO-Strategien
• Google Ads: Effektive Werbekampagnen für maximalen ROI.
• Webdesign: Professionelles Design, das deine Besucher beeindruckt.
• Webshops: Individuelle Lösungen für erfolgreiche Online-Shops.
• Content-Erstellung: Wertvolle Inhalte, die Interessenten überzeugen.

What is the downside of complying with the TTDSG?

In short: You will see less data in Google Analytics (in our experience, it is 20 to 60 per cent less data).

The same applies to Facebook data and other analytics data.

This is of course a challenge for you as a marketer. After all, you need this data to run your marketing properly.

What is the risk of not complying with the provisions of the TTDSG?

The risk of non-compliance is a sensitive issue.

Even the untrained eye, i.e. a layperson, can recognise whether there is a reject button on your cookie banner. It takes a professional to recognise whether a cookie is already loaded before it is accepted. However, they can find out in just a few seconds.

You are therefore very transparent and non-compliance with the TTDSG can be detected very quickly. In some cases, there is a risk of severe fines!

Therefore my recommendation: Implement it!

I'll explain how next.

How to implement the cookie banner in compliance with the law

As we work with WordPress, Joomla and Shopify in our agency, I can only give you expert recommendations for these systems.

To implement a legally compliant cookie banner in WordPress and Joomla, I recommend cookiebot.com. For Shopify it is GDPR Legal Cookie.

With these applications, you are on the safe side with regard to the TTDSG.

Let's now turn our attention to the second major topic:

Google Analytics ban Austria & EU

On 13 January 2022, the Austrian data protection authority found that the integration of Google Analytics into a website violates the GDPR (General Data Protection Regulation).

>> you can read it here

The accusation is that a digital footprint (user ID, IP address, browser information, etc.) is transferred to Google, i.e. a US company.

Max Schrems from the Noyb association has brought similar model lawsuits in all EU member states - Austria was the first country to pass a judgement on this.

It remains to be seen whether this will be the same in all other European countries, i.e. whether the ban on integrating Google Analytics into websites will also be imposed.

A lawsuit against Google was dismissed. The idea behind this lawsuit was that Google should be held responsible for these data protection violations. Unfortunately, this is not the case; as a company, we need to adapt to this and make appropriate changes.

I will now show you what these changes can be.

How you can circumvent the Google Analytics ban

Google Analytics can no longer be used in the usual way or only in certain ways.

I'll show you what steps you can take and whether and if so, what alternatives there are for you.

Google Analytics alternatives

You can choose between two options:

1. You use Google Analytics on the server side, i.e. a virtual server is connected in between, or
2. you consider changing tools.

1. Use Google Analytics on the server side

On developers. google.com you can see a graphic that shows how this works if you integrate Google Analytics directly into the website.

Source: https://developers.google.com/tag-platform/tag-manager/server-side/intro

Someone comes to the website and the website talks directly to Google Analytics. This means that the data (user ID, IP address and browser information etc.) is transferred directly to Google.

If you activate server-side tagging (you can see this in the second graphic), you simply have your own server in between.

Source: https://developers.google.com/tag-platform/tag-manager/server-side/intro

The website then talks to the server and the server talks to Google Analytics. This means that user data is not transmitted to Google. Google receives the data from the intermediary server.

Set up Google Analytics in compliance with the GDPR

You now want to set up Google Analytics so that it complies with the General Data Protection Regulation. Then please go through the following steps.

1. In Google Analytics, go to Administration >> Settings >> Account settings
   
   In the lower section, you can accept the details for data processing. To do this, simply click on "Manage data processing addition details" on the right and follow the individual steps.
   
   
2. Add a note to the privacy policy on your website stating that data is transferred to Google Analytics.
   
   You are welcome to copy and use the part from our privacy policy.
   
   
3. The cookie banner must offer the options to accept, reject and edit and that Google Analytics is not active before clicking on the Accept button.
   
   
4. I would also recommend that you activate IP address anonymisation. The following video shows you step by step how this works.
   
   
5. The last step, activating server-side tracking, is actually the most complicated. You need to rent a server for this and you can then implement the whole thing via the Google Tag Manager.
   I will be filming a detailed video on this in the next few weeks and publishing it on our YouTube channel (and also embedding it here).

So, that was the first solution - Google Analytics server-sid-tagging.

The second solution is:

2. Changing the analytics tool

In my opinion, Matomo Analytics or the Piwik PRO Analytics Suite are best suited for this.

The main difference between the two analytics tools is that Matomo is open source, i.e. free, while Piwik is subscription-based.

Matomo is installed on your own web server or a server of your choice. This means that you always have data sovereignty. Piwik analyses data via the Piwik server, which is also hosted in the EU, in Germany to be precise. In both cases, there should therefore be no problems with data transfer and the GDPR.

Conclusion and my recommendation

In the past, we have had to learn that the General Data Protection Regulation is always very hotly publicised and that we implement everything dutifully. And then certain things don't materialise or it is unclear who will implement them, what penalties will be imposed and when, etc.

From my point of view, it definitely makes sense to use the right cookie banner, because you can see relatively quickly whether you are GDPR-compliant or not. You don't want one of your competitors to recognise that your website is not legally compliant and possibly report you.

You should therefore now consider whether Google Analytics is the tool of your choice and whether you run the risk of a fine or whether you should switch to Matomo or Piwik.

I have shown you the alternatives. The decision is entirely up to you.

If you need coaching or support with the implementation, please contact us. Our email address: This email address is being protected from spambots. You need JavaScript enabled to view it. just describe your scenario to me and we'll have a quick chat.