You probably know “cookie banners” popping up when you call up a website and want you to accept the cookies policy. In the meantime, there are vast numbers of layout options and formulations—which might be a result of the legal-related uncertainty in terms of cookies. But first, let us explain how a cookie works.
Nowadays, web pages are being transmitted via “hypertext transfer protocol” (HTTP). This protocol is a stateless one. In a stateless protocol, “HTTP requests” which a web browser sends to a server (i.e. to a computer on which the respective web page is stored) are always without reference to previous requests. The cookies should somehow overcome the “statelessness” of the given protocol.
Cookies are small text files which the server stores within the web browser and represent it. When a web browser sends a request containing a cookie, the server identifies the web browser or the cookie again. As a result, the server “knows” that the shoe laces were already in the shopping basket and displays the given website with respective data.
Cookies are available in many forms:
Depending on the type of cookies, the server “learns” a lot about the user via the browser in short time.
What is the connection between the technical process described and the all-pervasive cookie banner?
In short, it is the uncertainty about the regulations on the data processing. Cookies are personal data which need a legal framework if they be processed. Well, there is the other side of the coin, too. According to the association of the federal supervisory authorities and of the Länder (“Datenschutzkonferenz”), one must clearly give one’s consent to allow analysing and tracking by using particular types of cookies. Companies using cookie banners want to be sure to be given your consent. However, they usually fail to do so because, for example, they do not inform you sufficiently, the cookies are already stored before you click on the “Accept” button, or, if you stay on the web page without any clear action confirming your decision.
Currently, the University is using these cookies:
|ROUTEID||It stores the live server on which the user is currently located so that the user returns to this live server.||end of the web session (closing the web browser)|
|The content management system identifies a user. The cookie contains the information on a randomly generated session ID.||
end of the web session
|It contains a token so that visitors and their behaviour on the web pages of the University may be clearly identified.||
end of the web session
|If set, the user is not being tracked.||2 years|
As you can see, the website uses a persistent cookie for the purpose of analysis. In comparison to the association of the supervisory authorities (“Datenschutzkonferenz”), we are convinced that it is not necessary to be given consent as the data processing is justified by our interest in accordance with section 6 subsection 1(f) of GDPR, as described in “Why and how does the University process your data?”.
How do we justify our point of view?
The University hosts Matomo on its servers only so that users are identifiable only based on filtering log files. In addition, we give you the option to de-activate the tracking options.