Data protection on the Internet: Pitfalls and risks of web analyzes exposed!

Data protection on the Internet: Pitfalls and risks of web analyzes exposed!

On September 6, 2025, the topic of web analytics and data protection will continue to be discussed intensively. Prof. Dr. Simon Reif, an expert in web technologies, discusses in the latest episode of “A cup with the president” how the analysis of user statistics influences the design of websites and apps. This is complicated by the legal framework of the General Data Protection Regulation (GDPR) and the Telecommunications Telemedia Data Protection Act (TTDSG).

Reif emphasizes that the difference between reach analysis and tracking is fundamental. While reach analysis provides statistical information about website visitors and is used for market research and website design, tracking aims at the individual evaluation of user behavior. The latter creates personality profiles and meets stricter legal requirements.

Legal framework

Existing laws in Germany require clear consent from users when cookies are set or information from the device is read. In particular, Section 25 Paragraph 1 Sentence 1 TTDSG requires consent if access to information is not absolutely necessary. The GDPR allows the legitimate interest approach to process data in certain circumstances, but this is not the rule.

The uncertainty in the interpretation of these laws remains great. Loud dr-datenschutz.de There is inconsistent opinion among the German supervisory authorities regarding the consent requirements for web analysis. Some regulators accept approaches such as log file analysis and server-side tracking without cookies, while the legal situation regarding cookies remains unclear.

Cookies and their challenges

Cookies, the small text files that websites store on users' computers, play a central role in tracking and web analysis. gruender.de explains that cookies are either necessary for the operation of the website or are used for marketing purposes. The question of consent becomes crucial because the TTDSG only allows the storage of cookies if there is comprehensive and clear consent.

The legal situation remains mixed. Cookie banners are present on almost every website, but they often do not show the necessary transparency when it comes to user choices. Consent should be clearly explained, freely given and revocable at any time, which many existing solutions do not ensure.

The current problems surrounding tools such as Google Analytics require particular attention. Austrian data protection authorities have assessed the tool as not legal in Europe because data is transferred to the USA and is therefore not compatible with EU data protection standards. The “Schrems II” ruling by the European Court of Justice has also created new challenges here.

In summary, it remains to be said that the legal uncertainties regarding tracking and web analysis do not only affect website providers. They also raise fundamental questions about data protection that are of great importance to users. Dialogue on data protection regulations will be essential, especially at a time when digital technologies are constantly evolving and data protection requirements continue to change.