| > Google Analytics fires even before the cookie banner That might well not be a problem, depending on how the configuration and setup of Google Analytics was done in that case. From https://www.cookiebot.com/en/google-analytics-gdpr/ - turn on IP anonymisation - don't send personal data - don't send pseudonymous identifiers - I add: tell GA to not set cookies and to not track the user (IIRC it's "storage" set to "none" and "storeGac" set to false) If one does that when the user's not opted-in to "analytics" or "tracking", that ought to be enough to satisfy informed consent, no? The site is then just tracking page views, with no personal information or cookies to fly around. If the user then opts-in to analytics then the site's code could well send more pseudonymous data to Google Analytics, with the user's consent, as well as tell GA it's fine to track the user around the site using a cookie or whatever other means. Same goes for the setup for Adwords or similar: it's all in the hands of the website, and so long as things are configured to not track the user, it might be fine. If a site's livelihood depends on showing ads to users, it doesn't mean that the user has to opt-in to ads. They ought to opt-in to being tracked by the ad provider. So, configure _that_ -- no opt in? No tracking. Opt in? Tracking, remarketing, retargeting, what-have-you. It's all about "playing safe" and _not_ tracking when the user's not opted in. Many sites instead do it the other way around, and do it all until/unless the user's opted-out. And even then, I wouldn't hold my breath that they're really doing it. Some are, or at least try hard to. |