Iubenda logo
Start generating


Table of Contents

The Austrian Data Protection Authority’s FAQs on Cookies and Privacy

This guide is based on the Austrian Data Protection Authority (Datenschutzbehörde, DSB) FAQs. It’s designed to provide clarity and guidance on various aspects of cookie usage, from their basic definition to the legal frameworks governing their use, and from the nuances of obtaining consent to the responsibilities of website operators. 

Whether you’re a website owner, a privacy enthusiast, or simply a curious internet user, this guide will offer valuable insights into the world of cookies and digital privacy, all within the context of Austrian law and European Union regulations.

In particular, the FAQs provide information regarding:

  1. Understanding what cookies are and if they qualify as personal data;
  2. The legal regulations governing the use of cookies;
  3. The necessity of displaying cookie banners on websites;
  4. An explanation of cookies that are essential for technical reasons;
  5. The requirement for the consent button to be a distinct color;
  6. Design guidelines for a cookie banner to obtain valid consent;
  7. Informing users about cookie usage on a website;
  8. The feasibility of using advertising industry standards or cookie consent tools in designing cookie banners;
  9. Determining who holds data protection responsibility when cookies are used on a website;
  10. The legality of the ‘pay or okay’ approach for cookies.

This guide simplifies the complexities surrounding cookies and data privacy, keep reading to find out more 👇

1. What Exactly are Cookies?

In simple terms, cookies are data storage consisting of a name (or key) and a value. When you visit a website, the server can send cookies to be stored on your device or browser. These are managed by modern browsers and sent back to the server with each page visit. They vary in type, such as session or persistent cookies, and can be categorized by the domain they belong to (like first-party or third-party cookies).

In summary, cookies can be set without consent only if necessary to provide a service explicitly requested by the user. For all other cookies, consent is required. It’s crucial not to set non-essential cookies before obtaining this consent.

3. Complaining About Improper Cookie Use

You can lodge a complaint with the data protection authority if cookies lead to personal data processing as defined in the GDPR.

4. Are Cookies Personal Data?

Cookies aren’t inherently personal or non-personal data. It depends on the information they contain and how it’s combined. For instance, a cookie saving your language preference on a website isn’t personal data unless linked to your identity.

5. When are Cookies “Technically Necessary”?

Technically necessary cookies don’t require user consent. They are essential for services like session management, form entries, or saving consent status. However, services tracking user behavior across sites or devices need consent.

6. What is a Cookie Banner, and is it Required?

A cookie banner pops up on a website to obtain consent for setting cookies. You require one if your site uses non-essential cookies.

Need a Cookie Banner for Your Website? 

Our cookie banner solution meticulously adheres to the necessary requirements. It guarantees:

  • no unnecessary cookies are set without consent; 
  • clear and informed consent mechanisms, no pre-selected options; and 
  • an effortless process for both giving and revoking consent. 

We prioritize transparency and ease of use, ensuring that not giving consent is as straightforward as giving it, without any subtle pressures or unfair nudging. 

Trust our solution for a compliant, user-friendly cookie management experience. Explore the effectiveness of our cookie banner today →

7. Effective Consent and Cookie Banners

The design of a cookie banner should facilitate clear, voluntary, and informed consent. It should be as easy to refuse consent as it is to give it, with no unfair practices or pre-checked boxes.

8. Distinct Button Colors in Cookie Banners

While no specific color is mandated for consent buttons, they should be designed to ensure clear visibility and equal prominence.

9. The “Pay or Okay” Model

In the context of the “Pay or Okay” system, the DSB has provided the first clear guidelines. The DSB conditionally accepts the use of a cookie wall, but with specific qualifications: 

  • strict adherence to all data protection laws;
  • granular consent must be obtained;
  • usage is limited to private entities;
  • no exclusivity in content or services; 
  • the entity must not hold a monopoly or near-monopoly market position;
  • the payment option must be realistically priced; and 
  • no personal data processing for advertising if the pay option is used.
Understanding the “Pay or Okay” Model 

The “Pay or Okay” model offers a unique choice to website visitors: either pay for content access or consent to cookies. This approach, must strictly adhere to data protection laws and be implemented in a fair and reasonable manner. 

Learn more about the “Pay or Okay” model in our Simplifying Cookie Consent: The European Commission’s Approacharticle here →

10. Informing Visitors About Cookie Use

It is necessary to inform visitors about the use of technical cookies, regardless of whether they process personal data or not, as outlined by the guidelines.

Stay Compliant with Cookie Policies: Learn How with Our Solution

It’s essential for website owners to inform visitors about the use of cookies, particularly non-essential ones. This transparency isn’t just good practice; it’s a legal necessity

If your website is using any type of cookies, you’ll likely need a cookie policy. Are you looking for an effective way to communicate your cookie policy and ensure compliance? Learn more here →

11. Fulfilling Information Obligations for Cookie Use

Provide essential information on the first level, like in a cookie banner, and detailed information, like in a privacy policy. This should include the identity of the data controller, processing purposes, legal basis for processing, and withdrawal methods.

Create a Comprehensive Privacy Policy with iubenda’s Expertise

Meeting the information obligations for cookie use is a critical aspect of website management. This involves presenting in-depth information in your privacy policy

iubenda’s tools can guide you through the process of crafting a thorough and compliant privacy policy, covering the necessary elements like the data controller’s identity, processing purposes, legal bases, and methods for withdrawing consent. 

Discover how iubenda can help you build a robust privacy policy here →

12. Using Industry Standards or Cookie Consent Tools

These can be used, but ensure they comply with data protection laws. Don’t use them unquestioningly.

13. Responsibility for Cookies on Your Website

If you decide to use cookies on your site, you’re considered responsible for the data processing, especially if personal data is involved.