Skip to main navigation Skip to main content Skip to page footer
Wolfgang Wagner - TYPO3 Seminare, Workshops, Tutorials, Support
Shocking Truth: Your TYPO3 website will survive without a cookie banner!

Shocking Truth: Your TYPO3 website will survive without a cookie banner!

Have the article read aloud.

Loading the Elevenlabs Text to Speech AudioNative Player...
| Estimated reading time : min.

"We really need a cookie banner on our website!"

"Why?"

"Well, because that's what you do!"

Does this dialog sound familiar? Welcome to the club.

I experience this phenomenon really often: clients, agencies and freelancers who install cookie consent managers like other people put on their socks - out of sheer habit and without thinking about whether it's even necessary.

The great cookie panic

Since the GDPR came into force in 2018, the web developer world has been in a state of permanent paranoia. "Better too much than too little data protection" seems to be the motto. And so we find ourselves in a world where even the website of a local bakery, which contains nothing more than opening hours and a picture gallery of bread rolls, greets us with a huge modal window:

"This website uses cookies. Please accept our terms, agree that we won't share your details with third parties (which we don't do anyway), and click 17 buttons before you can see if we have wholemeal bread on offer today."

But let's be honest: is that really necessary?

When do you REALLY need a cookie consent manager?

The simple answer: Only if you use non-essential cookies or similar tracking technologies. Period.

Here's what does NOT require consent:

  • Session cookies for logins: Your TYPO3 backend or frontend login? No problem! These cookies are technically necessary.
  • Shopping cart cookies: How is your store supposed to work if the user can't save their shopping cart?
  • CSRF protection: Security measures do not require consent.
  • Cookie for language settings: So that your visitors don't have to switch between German and English with every click.
  • Basic configurations: Cookies that save basic settings for using the website.

In TYPO3 context: The cookies that are set when logging into the backend or for the frontend user are technically necessary and do NOT require consent.

Here is what requires consent:

  • Google Analytics & Co: "I want to know how many visitors laughed at my article about houseplants" - you need consent here.
  • Facebook Pixel, Twitter tags, etc.: "I would like to track my visitors later with advertisements for garden shears on Instagram" - consent required.
  • YouTube embeds: "I am showing a video that sends data to Google" - consent required.
  • External fonts (when loading directly from Google): "I load fonts directly from Google" - better with consent.

The "because you do it this way" effect

I call this phenomenon the "because-one-holds-so-much-power" effect. It is the unthinking adoption of supposed best practices without questioning whether they are actually useful in a specific case.

Let's imagine a customer comes to you and wants a simple company website with TYPO3. No analysis tools, no social media integration, no third-party services. Just information pages, a contact form, maybe a login area for existing customers.

You could now say: "Great, we don't need a cookie banner because we only use technically necessary cookies. A short piece of information in the privacy policy is completely sufficient."

Instead, you often hear: "We should install a cookie consent manager to be on the safe side. You never know..."

You never know WHAT exactly? Whether a Google Analytics tracking code will suddenly jump into your website overnight and start happily collecting data? If you build and maintain the website, you know EXACTLY which cookies are being set.

The typical excuses

"But our legal counsel said we should play it safe."

Translation: "Our lawyer doesn't understand exactly how websites work, so he's giving the most general and cautious advice he knows."

"But what if we want to incorporate Google Analytics later?"

Translation: "I'm planning for a hypothetical scenario that may never happen, and I'm already annoying all visitors."

"The competition does the same thing."

Translation: "I'm jumping off the bridge because everyone else is doing it too."

The irony of the cookie consent manager

Here comes the supreme discipline of absurdity: In many cases, the only non-technically necessary cookie on the website is the cookie of the cookie consent manager itself! A tool stores your consent to the use of cookies in a cookie, although without this tool no cookie requiring consent would be set at all.

It's like creating a problem just to be able to sell a solution to it. The ultimate irony of digital data protection!

The consequences: Worse user experience

Every unnecessary cookie banner has a price, and your visitors pay it:

  1. Distraction: the visitor comes to your site to learn or do something and is immediately confronted with a complex decision.
  2. Conversion killer: Every additional obstacle between visitor and goal reduces the likelihood of reaching the goal.
  3. Confusion: "Why is this simple website asking me for cookies? Are they secretly collecting data?"
  4. Banner blindness: At some point, people automatically click on "Accept", which undermines the actual purpose of data protection.

Typical TYPO3 scenarios

In the TYPO3 context, I often see the following situations:

Scenario 1: A standard TYPO3 installation without external tracking services. Required consent: None! The session cookies set by TYPO3 are technically necessary.

Scenario 2: TYPO3 with frontend users and login. Required consent: Still none! Login cookies are technically necessary.

Scenario 3: TYPO3 with Google Maps extension. Consent required: Now yes - but only for Google Maps, not for TYPO3's own cookies.

So what to do?

Quite simply:

  1. Take an inventory: Which cookies does your website really set? Use the browser inspector and check.
  2. Distinguish: Which are technically necessary and which are not?
  3. Minimalism: Do you really need all external services?
  4. Provide the right information: A clear privacy policy is mandatory in any case.
  5. Take measures: Only set up a consent manager if non-essential cookies are used.

Conclusion

You can look at the next website that presents you with a cookie banner, even though it only uses technically necessary cookies, with a knowing smile. You are now one of the enlightened ones who understand that not every website needs a sprawling cookie consent manager.

And the next time you hear someone say "We need a cookie banner because that's the way it's done", feel free to refer them to this article.

Disclaimer: This article is based on my personal experience and opinions and does not constitute legal advice. If in doubt, please consult a lawyer specializing in IT law. Because one thing is even worse than an unnecessary cookie banner: an expensive warning letter.

Back
[Translate to English:] Wolfgang Wagner, TYPO3 Experte und Trainer
[Translate to English:] TYPO3 Certified Integrator
[Translate to English:] TYPO3 Certified Integrator

Who writes here?

Hi, I am Wolfgang.

Since 2006, I've been diving deep into the fascinating world of TYPO3 - it's not only my profession, but also my passion. My path has taken me through countless projects, and I have created hundreds of professional video tutorials focusing on TYPO3 and its extensions. I love unraveling complex topics and turning them into easy-to-understand concepts, which is also reflected in my trainings and seminars.

As an active member of the TYPO3 Education Committee, I am committed to keeping the TYPO3 CMS Certified Integrator exam questions current and challenging. Since January 2024, I am proud to be an official TYPO3 Consultant Partner!

But my passion doesn't end at the screen. When I'm not diving into the depths of TYPO3, you'll often find me on my bike, exploring the picturesque trails around Lake Constance. These outdoor excursions are my perfect balance - they keep my mind fresh and always provide me with new ideas.