Web-Datenschutz-Glossar

Warum es wichtig ist

Each variant can trigger different sets of tags and pixels, meaning data may flow to third parties in ways that differ from the documented tag inventory. Consent signals must propagate correctly into every branch, and both variants must behave the same way with regard to which cookies and beacons fire.

Warum es wichtig ist

Adequacy decisions can be revoked or suspended. Organizations that rely on an adequacy ruling for transfers to a third country without a fallback mechanism may find themselves in violation overnight, including for data sent by marketing pixels and analytics beacons that silently route to servers in that country.

Warum es wichtig ist

Bid request transmission is a form of data sharing. Where the page visitor has not provided consent, or has exercised a right to opt out of sale or sharing, sending that visitor profile into a real-time bidding auction may conflict with CCPA, CPRA, GDPR, and similar regulations. The transmissions occur in milliseconds and are invisible without network-level monitoring.

Warum es wichtig ist

A breach that originates in a third-party tag or an exfiltrated form field still triggers the controller's notification obligation. Knowing which third parties receive data from a site, and what that data contains, is prerequisite to scoping and responding to a breach within the required window.

Warum es wichtig ist

Fingerprinting bypasses consent controls that govern cookies, because no data is stored in the browser. Regulators in the EU explicitly classify fingerprinting as a tracking technology subject to ePrivacy rules. Sites that prohibit tracking cookies but load fingerprinting scripts may be compliant on paper and non-compliant in practice.

Warum es wichtig ist

CCPA applies to businesses meeting revenue or data-volume thresholds and has no private right of action for most violations, but its statutory damages provision for data breaches and enforcement by the California Attorney General create real financial exposure. Third-party tags that share visitor data without a sale opt-out mechanism are a common and documented source of violations.

Warum es wichtig ist

A CMP that is misconfigured, outdated, or not tested regularly may accept or reject consent and then fail to propagate that signal to every tag. The result is tags firing in violation of the stated policy. CMP configuration drift is one of the most common root causes of technically documented non-compliance.

Warum es wichtig ist

CNAME cloaking is used specifically to circumvent browser-based and network-based content blocking. Regulatory guidance from the CNIL and others has indicated that CNAME-based tracking still requires consent where the data is ultimately controlled by a third party. Detecting it requires DNS resolution or network-layer inspection, not just page scanning.

Warum es wichtig ist

Cohort systems are designed to limit cross-site individual tracking, but they still process browsing history on-device and expose cohort membership to publishers and ad buyers. Regulators have scrutinized whether cohort assignment itself constitutes personal data processing requiring consent.

Warum es wichtig ist

The Colorado CPA shares structural similarities with Virginia CDPA and CPRA but has its own thresholds and cure provisions. Organizations managing multi-state privacy programs must track these differences, and websites with retargeting or analytics tags may need to honor Colorado opt-out signals.

Warum es wichtig ist

A consent string that does not accurately reflect what the user selected, or that is shared with vendors not disclosed at the time of consent, can invalidate the consent. Auditing whether the string transmitted in bid requests matches the user's actual choice is technically possible but rarely done without dedicated tooling.

Warum es wichtig ist

A permissive or absent CSP means any script introduced via a tag manager, supply chain compromise, or ad injection can call out to any external server. CSP is a first line of defense against unauthorized data exfiltration and is reviewed in security audits and some privacy assessments.

Warum es wichtig ist

A cookie banner that obscures the reject option, pre-ticks categories, or places accept and decline at unequal prominence may constitute a dark pattern and fail the freely-given consent standard. Regulatory enforcement across Europe has specifically targeted deceptive banner design, resulting in significant fines.

Warum es wichtig ist

Cookie notices must be accurate and current. If the live tag inventory on a site includes cookies not listed in the notice, the disclosure is inaccurate, undermining the validity of any consent obtained. Sites that update their tag stacks without updating the cookie notice create a persistent gap.

Warum es wichtig ist

Unlike enforcement solely by the Attorney General, the CPPA can initiate investigations without a complaint and issue regulations that expand or clarify obligations. Businesses should monitor CPPA rulemaking for changes to opt-out requirements, risk assessment obligations, and automated decision-making rules.

Warum es wichtig ist

CPRA introduced the concept of "sharing" personal information for cross-context behavioral advertising as a separate opt-out right from "sale." Many advertising and analytics tag arrangements that were borderline under CCPA are more clearly regulated under CPRA's sharing definition. Failing to honor the opt-out of sharing can expose a business to both enforcement and litigation.

Warum es wichtig ist

Cross-site tracking is the central behavior that most privacy regulations target. Browser vendors have progressively restricted third-party cookies, but tracking continues via alternative mechanisms including fingerprinting and first-party data partnerships. Demonstrating that cross-site tracking is blocked or consented requires network-level evidence.

Warum es wichtig ist

Regulators including the CNIL, ICO, and FTC have issued guidance and enforcement decisions specifically targeting dark-pattern consent flows. A consent obtained through a dark pattern may be legally invalid, meaning all data collected under it lacks a lawful basis. The risk is highest in banner designs where "reject all" is hidden or requires more steps than "accept all."

Warum es wichtig ist

Data broker beacons and pixels appearing on a company's website can constitute a sale or sharing of personal information under CCPA and CPRA even if the company has no direct commercial relationship with the broker. Detecting data broker requests requires examining outbound network calls, not just reviewing vendor contracts.

Warum es wichtig ist

Controllers bear primary legal responsibility for compliance, including ensuring that processors act only on their instructions, that lawful bases are documented, and that data subject rights are honored. Third-party tags deployed by a controller on its own website may involve joint controllership if the third party also determines processing purposes.

Warum es wichtig ist

If a third-party tag is sending personal data to a vendor and no DPA is in place, the transfer lacks a lawful contractual basis under GDPR. Many marketing and analytics vendors offer standard DPAs, but they must be signed, kept current, and matched to the actual data flows on the site.

Warum es wichtig ist

Controllers must have a written data processing agreement in place with each processor. If a tag on the website is sending data to a vendor that processes it beyond what the DPA permits, both parties may be exposed. Knowing which vendors receive data from a site is a prerequisite to maintaining compliant DPAs.

Warum es wichtig ist

DPAs receive complaints from consumers, conduct investigations on their own initiative, and can impose fines, corrective orders, and processing bans. A complaint filed with a DPA about a company's tracking practices can trigger an audit of the full technology stack deployed on its websites.

Warum es wichtig ist

DSRs must be fulfilled within prescribed timeframes (one month under GDPR; 45 days under CCPA). Completing a deletion request requires knowing every system and vendor that holds the individual's data, including analytics platforms and advertising networks that received data via the company's website tags.

Warum es wichtig ist

Activities commonly requiring a DPIA include systematic monitoring of publicly accessible areas, large-scale processing of special category data, and profiling. Deploying certain advertising or analytics technologies on a website at scale, or integrating data sources, may trigger the DPIA obligation. Proceeding without one when required is a GDPR violation independent of whether harm results.

Warum es wichtig ist

The ePrivacy Directive is the legal basis for cookie consent requirements across the EU, not GDPR. Many enforcement cases for cookie violations are brought under national implementations of this directive. Its replacement (the ePrivacy Regulation) remains pending, meaning the current rules continue to apply.

Warum es wichtig ist

Not all first-party cookies are exempt from consent requirements. Under ePrivacy rules, only cookies strictly necessary for a service the user has requested are exempt. Analytics and marketing cookies set on the first-party domain still require consent if they are not technically necessary. Some vendors use first-party cookie workarounds specifically to evade consent controls.

Warum es wichtig ist

GDPR fines can reach 4% of global annual turnover or 20 million euros, whichever is higher. Website operators are controllers responsible for every tag and pixel they load, including those from third-party vendors. Documented enforcement covers cookies, analytics without consent, and cross-border transfers without adequate safeguards.

Warum es wichtig ist

CPRA requires covered businesses to honor GPC as a valid opt-out of sale and sharing. California enforcement has included GPC non-compliance as part of investigations. Detecting whether a site actually changes its tag behavior in response to a GPC signal requires active testing, not just policy review.

Warum es wichtig ist

Healthcare organization websites, hospital patient portals, and health-adjacent services that deploy analytics or advertising pixels may be transmitting PHI to third parties without a Business Associate Agreement. Federal regulators have issued guidance and enforcement actions specifically addressing tracking technologies on healthcare websites. This is an active litigation and enforcement area.

Warum es wichtig ist

A site without HSTS is vulnerable to man-in-the-middle attacks that can intercept session cookies and inject scripts. An injected script can exfiltrate form data or bypass consent controls. HSTS is a baseline security control that directly affects the integrity of the privacy stack deployed on a site.

Warum es wichtig ist

ID sync happens silently through redirect chains loaded by ad tags. Each redirect can create a new data-sharing relationship that was not disclosed to the user. The volume and breadth of ID syncing on a page is rarely visible through standard tag audits and requires network-level analysis.

Warum es wichtig ist

Just-in-time notices are associated with stronger informed consent because they provide context at decision time. Regulators in some jurisdictions look favorably on them for sensitive data collection. For web forms collecting information such as health conditions, insurance details, or financial data, the absence of contextual notice can be a factor in privacy risk assessments.

Warum es wichtig ist

The lead supervisory authority is the primary regulator for many large platform operators, but coordination between authorities means a complaint filed anywhere in the EU can escalate. Understanding which DPA leads on a company's processing is relevant when evaluating enforcement risk timelines and jurisdictional scope.

Warum es wichtig ist

Legitimate interests is the most flexible GDPR lawful basis, but it requires a documented balancing test. Relying on it without that test, or using it for processing a reasonable person would not expect, leaves the organization exposed. Regulators have rejected legitimate interests claims for behavioral advertising and cross-site tracking in numerous decisions.

Warum es wichtig ist

Local storage is used by some analytics and advertising scripts to persist identifiers that survive cookie deletion. Because it behaves differently from cookies, some consent frameworks do not clear local storage on opt-out, creating a residual tracking vector. Auditing local storage requires JavaScript inspection, not HTTP header analysis.

Warum es wichtig ist

Session replay tools that do not mask form fields correctly can capture and transmit literal passwords, health details, or financial data to a third-party analytics server. Masking configuration must be validated through active testing rather than relying on vendor defaults, which vary and can regress with tool updates.

Warum es wichtig ist

A third-party script loaded over HTTP on an HTTPS page is both a security risk and typically blocked by browsers, which can break tag functionality silently. From a privacy perspective, HTTP requests for tracking assets may expose referrer information and user data to interception. Mixed content is a signal that the site's tag governance has not been reviewed recently.

Warum es wichtig ist

Many advertising technology arrangements qualify as a "sale" of personal information under CCPA's broad definition. A site that loads advertising tags without honoring opt-out requests, or that has a consent mechanism that does not actually stop data from flowing to ad partners, may be in violation regardless of what the privacy policy states.

Warum es wichtig ist

The scope of "personal data" is broader than commonly assumed. An IP address alone has been ruled personal data by European courts. Online identifiers embedded in advertising tags, including cookie IDs and fingerprint hashes, fall within this definition, meaning every tag that transmits them is processing personal data and must have a lawful basis.

Warum es wichtig ist

Analytics and advertising pixels on healthcare websites can capture and transmit page URLs containing diagnosis codes, symptom descriptions, or appointment types, constituting unauthorized PHI disclosure. Federal enforcement guidance issued in 2022 and subsequent court decisions have focused specifically on this risk pattern.

Warum es wichtig ist

Unlike GDPR's "personal data," PII lacks a single authoritative definition across US federal and state laws. This ambiguity creates risk: an organization that manages PII narrowly (names, Social Security numbers) may overlook that IP addresses, behavioral profiles, or inferred characteristics qualify as personal information under CCPA or personal data under GDPR.

Warum es wichtig ist

A privacy policy that does not accurately reflect actual data flows on the site creates legal exposure. If tags and beacons send data to vendors not disclosed in the policy, or if the retention periods stated are not honored, the policy becomes a liability rather than a protection. Policies must be kept in sync with the live technology inventory.

Warum es wichtig ist

RTB involves broadcasting personal data to hundreds of potential buyers per page load, the vast majority of whom will not win the auction and receive no compensation for the exposure. European DPAs and the IAB's TCF have faced sustained regulatory challenge over whether RTB at scale can be made compatible with GDPR's data minimization and purpose limitation requirements.

Warum es wichtig ist

The ROPA must reflect actual processing, not just intended processing. If the live website loads tags that transmit data to vendors not in the ROPA, the document is inaccurate and the organization is operating without required accountability documentation. Maintaining an accurate ROPA requires an up-to-date view of every vendor and data flow active on the site.

Warum es wichtig ist

Referrer leakage is a common and underappreciated data exposure. A user on a health symptom page who clicks to a resource may send the full URL of the symptom page to the destination and to any third-party scripts loaded there. Setting Referrer-Policy headers controls this at the server level, but individual links can also be hardened with rel="noreferrer".

Warum es wichtig ist

Without an explicit Referrer-Policy, browsers apply their own defaults and may send full URLs including query strings and path segments to every third-party resource loaded on the page. A permissive or absent policy is a routine finding in privacy audits and contributes to referrer leakage exposures.

Warum es wichtig ist

Fulfilling erasure requests requires knowing every system and vendor that holds data about the individual, including advertising platforms that received identifiers via website tags. Incomplete vendor inventory is the most common reason organizations cannot confirm erasure within the required timeframe.

Warum es wichtig ist

See the Record of Processing Activities entry for full detail on why an accurate ROPA is essential for GDPR accountability.

Warum es wichtig ist

Many website operators do not recognize that loading standard advertising scripts constitutes a "sale" under CCPA. Enforcement actions and class actions have targeted this gap. Honoring opt-out rights requires that the tag stack actually changes behavior when a user opts out, which must be verified through testing.

Warum es wichtig ist

Cookies without a SameSite attribute are treated as Lax by modern browsers by default, reducing cross-site transmission. Third-party cookies that require cross-site access must use SameSite=None; Secure. As third-party cookies are phased out, SameSite configuration becomes important for session integrity and CSRF protection on first-party cookies.

Warum es wichtig ist

CPRA gives consumers the right to limit the use and disclosure of sensitive personal information. Websites that infer health conditions, location, or ethnic origin from behavioral data or page-visit patterns, and share that with third parties via tags, may be handling sensitive personal information without the required disclosures and opt-out mechanisms.

Warum es wichtig ist

Session replay can capture sensitive form inputs, including passwords and health information, if masking is not configured correctly. Multiple wiretapping and CIPA lawsuits have been filed against operators of websites that recorded sessions without adequate notice or consent. The data is transmitted to a third party by definition.

Warum es wichtig ist

The sharing definition was introduced specifically to capture advertising data flows that were structured to avoid the "sale" definition. A business that passes visitor identifiers to an advertising network for retargeting, even through a data collaboration platform, is likely sharing personal information under CPRA and must honor opt-out requests for that activity.

Warum es wichtig ist

Organizations that rely on SCCs for data transfers must also conduct a Transfer Impact Assessment to verify the destination country's laws do not undermine the protections in the clauses. Transfers to the US using SCCs were the subject of intense regulatory scrutiny following the Schrems II ruling.

Warum es wichtig ist

A subdomain takeover allows an attacker to serve content or scripts under a trusted first-party subdomain, bypassing CSP that permits the company's own origin. From a privacy perspective, it is a vector for injecting exfiltration code into a page with the same trust as the organization's own JavaScript.

Warum es wichtig ist

Tag managers give non-technical staff the ability to add any code to a website. Without governance controls, they are the primary mechanism through which unapproved or misconfigured tracking scripts enter a site. Every tag added through a tag manager is a potential data-sharing relationship that must be reviewed for consent and disclosure compliance.

Warum es wichtig ist

Safari and Firefox have blocked third-party cookies by default for years. Chrome introduced restrictions and the ad industry has been adapting with alternative identifiers. However, blocking third-party cookies does not eliminate cross-site tracking; it displaces it to fingerprinting, first-party data sharing, and identity resolution services. The absence of third-party cookies is not the same as the absence of tracking.

Warum es wichtig ist

Without TLS, all data transmitted between a user's browser and a server, including form submissions, session tokens, and behavioral data, is readable by anyone on the network. TLS is a baseline requirement in virtually every privacy and security framework. Sites still serving pages or resources over HTTP are failing a fundamental control.

Warum es wichtig ist

Pixels are among the most common mechanisms for transmitting visitor data to advertising networks, analytics providers, and data brokers. They are often loaded without the visitor's knowledge and, depending on the data they transmit, may constitute a sale or sharing of personal information under CCPA and CPRA, or processing requiring consent under GDPR.

Warum es wichtig ist

Following the Schrems II ruling, organizations transferring EU personal data under SCCs must document a TIA. For organizations that use US-based analytics, advertising, or cloud vendors, the TIA must address US surveillance laws. Many organizations have not completed this analysis for their full vendor stack.

Warum es wichtig ist

Following Brexit, the UK and EU operate separate but broadly similar data protection regimes. Organizations serving users in both jurisdictions must comply with both. Data flows between the UK and EU are currently covered by a UK adequacy decision from the EU, but this is subject to review.

Warum es wichtig ist

In the absence of a comprehensive federal privacy law, organizations operating across the US must track an expanding and divergent set of state obligations. Threshold requirements, opt-out rights, and enforcement mechanisms differ by state. Websites with broad US audiences may be subject to multiple state frameworks simultaneously.

Warum es wichtig ist

Tags and scripts loaded on a website may engage subprocessors that are not disclosed to or approved by the data controller. Each undisclosed subprocessing relationship is a potential GDPR compliance gap. Maintaining an accurate vendor and subprocessor list requires continuous monitoring of which domains and services are actually called by the site.

Warum es wichtig ist

Virginia CDPA has no private right of action but is enforced by the Attorney General. Its opt-out obligations for targeted advertising cover the use of data from multiple contexts for advertising, which includes most behavioral retargeting implementations. Organizations with Virginia website traffic should assess whether their consent and tag infrastructure honors these rights.

Warum es wichtig ist

VPPA has been used in a significant volume of class action litigation against websites that embed video players and simultaneously load Meta Pixel, TikTok Pixel, or similar tracking tags. Plaintiffs argue that sending a viewer's identity alongside video watch events constitutes disclosure of video viewing history. This is an active litigation pattern across media, news, and entertainment websites.

Warum es wichtig ist

Standard web analytics implementations transfer visitor behavioral data to third-party servers, which may constitute processing requiring consent under GDPR and ePrivacy rules. European DPAs including the Austrian, French, Italian, and Danish authorities have ruled that Google Analytics implementations sending data to US servers violated GDPR without adequate transfer safeguards.

Warum es wichtig ist

California's CIPA has been the basis for a substantial volume of class action lawsuits against websites that load session replay, chat, and analytics scripts, on the theory that capturing user interactions constitutes unauthorized wiretapping. Many of these cases have survived motions to dismiss, creating significant litigation exposure for organizations with California website visitors.