Cookie Consent Banner – Regulatory Update
Cookie banners are everywhere, designed to let users control how their data is used. However, they often frustrate users and lead to uninformed, automatic acceptance. This not only weakens user privacy but also creates legal risks for businesses if the consent given is not truly valid. Companies must comply with strict privacy laws but doing so while maintaining a smooth user experience is a growing challenge. As digital privacy laws evolve, so are the tools used to ensure compliance. One of the most recent talked-about developments are Personal Information Management Services (PIMS) — a new approach designed to simplify how users give consent to cookies and how businesses manage that consent.
PIMS: A new technical approach to privacy management
Under both the EU General Data Protection Regulation (GDPR) and the national Telecommunications Digital Services Data Protection Act (TDDDG), companies must obtain clear, informed, and revocable consent for data collection, especially when it involves personal data used for tracking or analytics.
PIMS allow users to save their consent preferences and have them automatically applied across compatible websites, if a user is re-visiting a website. This reduces repetitive consent clicks and gives users more consistent control. On the first visit to a website, users still make a manual decision, but for every return visit, PIMS can send the stored preferences directly — if the website supports PIMS.
PIMS can apply for official recognition under Germany’s Consent Management Regulation (EinwV). To be approved, they must meet standards for transparency, security, user control, and economic independence from advertising or tracking interests. However, PIMS only manage consents under the TDDDG (national law), not those required by the GDPR for data uses like tracking or international transfers. This limits PIMS full legal coverage.
PIMS practical impact
On the technical site, websites need to adapt to work with PIMS, which can be complex. Also, even if users use a PIMS, websites are not legally required to honor the stored preferences as participation is voluntary. This raises questions about how impactful PIMS will be, especially if few companies adopt them.
For companies, it is now important to understand that:
- PIMS only manage certain types of cookie consents under national law, not all that are required under the GDPR.
- Websites are not currently required to support PIMS, though doing so may offer competitive and compliance advantages.
- Users must still provide manual consent on their first visit to any website — PIMS only help on repeat visits.
Still, there are clear benefits: businesses could reduce compliance risks, simplify consent management, and improve the user experience. Early planning, especially for new websites, can make future adjustments easier. Businesses are encouraged to review their systems, consider PIMS compatibility, and inform users about the option to use such tools.
As of today, PIMS offer a promising step forward, but not a complete replacement for cookie banners. Success depends on technical integration, legal clarity, user trust, and broader adoption, possibly at the European level. For now, businesses should treat them as a strategic opportunity to modernize privacy practices and reduce long-term compliance risks.