DSGVO and upcoming ePrivacy Regulation – The End of Tracking?

That’s why SEO is now more important than ever before

What is the real worshipful impact of the ePrivacy Regulation on your e-business? And how do the privacy regulations affect your search engine optimization and tracking? In the following you will learn – according to the current state of information – what there is to consider and what you can expect (if it is really implemented in this way). There are already thousands of articles and blog posts on the DSGVO & upcoming ePrivacy Regulation on the web, but one thing is certain: it is inevitable that stricter privacy policies will affect marketing and SEO measures. Read here why SEO is more important than ever!

“SEO is dead” this rumor is read again and again and it has been circulating almost since the birth of search engine optimization. But SEO is only dead if you close your eyes to the constant updates and new requirements. One such challenge was the DSGVO, which came into force in 2018. The day on which the EU established its uniform data protection law was only the beginning of far-reaching data protection regulation: while the digital industry is still busy implementing the requirements of the DSGVO, the new ePrivacy Regulation (ePVO) is already scratching its hooves. This was originally supposed to come into force at the same time as the DSGVO on 25 May 2018, but was then postponed to the first quarter of 2019 and is now further delayed. The current negotiations are still ongoing, but the basic framework is already in place. Therefore, it is currently still open whether all points will be implemented as they are currently formulated.

“I know half of my advertising is money thrown out. I just don’t know which half.”

Henry Ford

What is the ePrivacy Regulation?

Similar to the DSGVO, the ePrivacy Regulation applies to any actor who has an online presence, uses tracking tools or uses electronic direct marketing such as newsletters. It is intended to replace the ePrivacy Directive in force since 2002, which was last updated in 2009 with the so-called Cookie Directive.

While the DSGVO is a basic regulation and the foundation of online and offline data protection, ePrivacy is designed to protect privacy and the special protection of personal data in electronic communications. In addition, the forthcoming Regulation regulates cases not covered by the DSGVO or overlapping with the DSGVO and the ePrivacy Regulation adopted in 2002.

Upcoming ePrivacy Regulation and Cookies – The End of Tracking?

The new ePrivacy Ordinance provides stricter rules for handling cookies and advertising trackers. As things stand at present, an opt-out option for data storage and processing will no longer be sufficient in the future. Even for analysis tools such as Google Analytics, data may only be collected with the explicit consent of the user. This means that before personal data of any kind can be stored, the user must obtain consent. This also applies to cookies: Only cookies that do not store personal data such as anonymous visitor numbers may still be set without prior consent. The same applies to necessary and technically necessary cookies.

In practice, this means that in the future a cookie banner or pop-up will have to be shown to each individual website visitor when they first visit the site. These cookies meticulously list all cookies and data storage purposes as well as all advertising partners whose pixels you have installed.

Wann genau tritt die ePrivacy Verordnung in Kraft?

The BVDW has visualized the development of the ePrivacy Ordinance in an ePrivacy Info Graph, which is regularly updated.

The ePrivacy Directive of 2002, which was amended in 2009 to include the requirements for cookies and has since been referred to as the Cookie Directive, is currently valid in the area of data protection. Originally, the new Data Protection Regulation was scheduled for 25 May 2018. But this date failed. It is not yet known exactly when it will finally be introduced. However, one thing is certain: the ePrivacy Regulation is coming. What form and how strict it will really be is still in the stars.

Impact on Online Marketing: Prepare for the ePrivacy Regulation

Should the current draft of the ePrivacy Regulation enter into force in its current form, things will change in the online marketing industry. Web site operators will have to annoy their visitors with even more annoying forms and pop-ups and obtain their consent. In addition, there will be fewer consents and representative analyses will be difficult.

Online marketing and analytics become as blind as a mole: campaigns have to correspond to the masses and you can no longer target specific customer segments. So they only have a branding function and users will be annoyed to get the same advertisement faded in all the time. This is also made clear by a fitting statement of the affiliate agency xpose 360 in the 52nd issue of the website Boosting:

“The consequence of ePrivacy would be to get an ad for children’s bicycles 20 times an hour.”

Therefore, focus on first-party cookies and stop the data collection frenzy. Rethink your current tracking and marketing efforts and automatically collect less redundant data and facilitate the transition to stricter privacy regulations. You can also use the time until the changeover to conduct experiments: Test different types of cookie banners and pop-ups and collect data on how many users give or refuse their consent. Which and how much data is left of the totality, which is at least anonymous?

Effects of the DSGVO & ePrivacy Regulation on your SEO and Inbound Marketing Strategy

In the past, SEO was an independent marketing method that could work completely independently. But search engines also constantly optimize their algorithms with the aim of delivering the best possible result to the searcher. After numerous animal updates, such as the Panda, the Penguin or the Humming Bird Update, SEO and inbound marketing are now closely linked: unlike traditional outbound marketing, it’s all about targeting the interests and needs of your ideal customers, picking up qualified visitors, bringing them to your website and converting them into leads and customers. Inbound marketing uses several sub-disciplines, such as search engine optimization, and is based on being found by customers. Inbound marketing and above all successful search engine optimization is so great because you don’t have to penetrate customers with your advertising messages, but are there like a superhero when you’re needed.

But what does all this have to do with the entry into force of the DSGVO and the ePrivacy Regulation? Well, the data protection regulations inevitably have an impact on the objectives you are pursuing, such as newsletter subscriptions. The website operator is now obliged to record all entries verifiably and to make user data accessible or erasable by the user at any time. This creates a dilemma between 100% compliance with data protection regulations and your marketing goals.

Focus on SEO, Inbound Marketing & Native Advertising

Currently, every company must decide for itself how to use customer data for data analysis, because even a seemingly harmless data analysis can lead to misuse of data. The possibilities for linking different databases seem to be increasing, but what is legally possible and what goes too far?

The clear advantages of inbound marketing can also be transferred to search engine optimization, since both pursue the goal of labeling content in such a way that it can be best found by search engines and thus by potential customers. Since SEO users themselves actively search for content or search terms, we do not need a surfing profile, user data or other information. Only the analysis of aggregated data and the keyword of the individual user is sufficient to correctly understand the user intention and to implement tailor-made content and measures. This does not require tools such as Google Analytics, which are questionable under data protection law or are currently the subject of much discussion, but aggregated data such as rankings, backlinks, search queries and hits per month are completely sufficient. Cumulative data such as data from the Google Search Console, for example, is already sufficient for this information, and as things stand at present will not require explicit permission even in the ePrivacy Ordinance.

Native advertising means that good content is offered in the right place; this leads to significantly higher interest and user commitment than (irrelevant) display advertising.

Therefore, it may make sense to rethink your marketing strategy and focus on other areas such as SEO.


We hope that the ePrivacy Regulation as it stands will not enter into force and that there will be further changes. Nor can we imagine that large corporations such as Google, whose business model would be severely restricted, would not defend themselves.

However, SEO is an industry that is constantly evolving and changing, focusing on consumers and their interests. New rules such as the ePrivacy Regulation are likely to have an impact on rankings, but we SEOs have learned to adapt to these changes. Search engine optimisation is therefore seen as one of the strongest strategies for customer acquisition and lead generation in times of more data protection.


Review of DSGVO 2018:

The Basic Data Protection Regulation (DSGVO) came into force on 25 May 2018. In particular, it deals with the protection of individuals with regard to the processing of personal data and the free movement of such data. In practice, it caused panic in 2018: Violations are punishable by harsh penalties, while large parts of the regulation are rather vague. Many companies were very negative about the new regulation and described the DSGVO as bureaucratic and hampering innovation.

How quickly can fines under the DSGVO be feared?

The DSGVO provides for warnings and fines of up to 20 million euros or 4% of the previous year’s worldwide turnover. Even the weeks before the new regulation came into force, the Internet world was in a state of flux: website operators, clubs and private bloggers switched off their websites for fear of it, thousands of e-mails about the DSGVO fluttered into our mailbox, companies panicked. A few days after the start of the DSGVO, the first warnings were issued. However, data protection law was not reinvented with the DSGVO. Only companies for which data processing is their main business were or are now faced with a great deal of expense. Of course, you have to carry out some (costly) measures in order to work in compliance with data protection, but there are already thousands of articles and lawyers who have specialized in this. Even though there have been warnings in connection with the DSGVO, the number has lagged far behind the fears.

Write a Comment

Your email address will not be published. Required fields are marked *