<script type=”application/javascript”> document.addEventListener(‘DOMContentLoaded’, function() { if (document.cookie.indexOf(‘cookieconsent_statistics=true’) >= 0) { var script = document.createElement(‘script’); script.type = ‘text/javascript’; script.async = true; script.src = ‘https://www.googletagmanager.com/gtag/js’; document.head.appendChild(script); } }); </script> Server-Side Tracking as a Privacy-Friendly Alternative A trend that has been gaining significant importance since 2023 is server-side tracking as a more privacy-friendly alternative to traditional client-side tracking. This method offers several advantages: How Server-Side Tracking Works: Tracking data is first sent to your own server Filtering and anonymization occurs there Only then is relevant data forwarded to third-party providers (Google, LinkedIn, etc.) Advantages in the GDPR/TTDSG context: Better control over the transmitted data Possibility to anonymize before sharing Reduction of direct connections to third-party providers Circumvention of ad blockers (when technically implemented correctly) Important: Server-side tracking does not exempt you from consent requirements! The main advantage lies in better control and potentially higher data quality. “Server-side tracking is not a strategy to circumvent consent requirements, but an approach for more responsible handling of user data.” — Statement by the Federal Association for the Digital Economy (BVDW), January 2024 Technical implementation options for server-side tracking: Google Tag Manager Server-Side: Enables server-side processing for Google products and third-party tags Matomo Tag Manager: Open-source alternative with server-side capabilities Custom server-side tracking solution: Maximum control, but higher development effort Conclusion on implementation: The technical implementation of a TTDSG-compliant cookie banner requires more than installing a standard solution. Especially in the B2B sector with complex marketing stacks, thoughtful integration is crucial. Server-side tracking offers interesting possibilities for more privacy-friendly tracking, but does not replace the need for informed consent. In the next section, we’ll look at how you can conduct effective B2B marketing despite strict cookie requirements. B2B Marketing After Cookie Consent: Strategies for Higher Consent Rates The consent requirement for marketing cookies presents B2B companies with a challenge: How can you conduct effective marketing when a significant portion of website visitors don’t accept tracking cookies? A study by Usercentrics (2024) shows that the average consent rate for transparent cookie banners is only 43% – meaning more than half of your visitors are “invisible” to traditional tracking. Value Exchange: Offering Value for Cookie Acceptance A central strategy to increase consent rates is the concept of “value exchange” – offering recognizable benefits in exchange for consent. Transparent communication of benefits: Clearly explain how data usage improves the user experience Illustrate that tracking leads to more relevant content Communicate the benefit for the user, not just for your company Example wording for a B2B cookie banner: “We use cookies to show you tailored expert information and to continuously improve our website. Your consent helps us provide content that is particularly relevant to your professional challenges.” Incentivization without manipulation: Incentivization must not be manipulative, but can still be effectively designed: Access to premium content after consent (legally acceptable if an equivalent cookie-free alternative exists) Personalized dashboards or tools that offer genuine added value Enhanced functionality based on user preferences The Federal Association for the Digital Economy confirmed in its 2024 guidelines that incentivization is generally permissible as long as consent remains voluntary and there is no disproportionate disadvantage in case of refusal. Optimizing the timing of consent requests: Studies show that the timing of cookie banner display significantly affects acceptance rates: Immediate display: Standard, but lowest acceptance rate (approx. 43%) After 10 seconds: Increase in acceptance rate by an average of 7% After interaction with content (e.g., scroll): Up to 12% higher acceptance Before providing highly relevant content: Up to 30% higher acceptance Important: Delayed display is legally unobjectionable as long as consent is obtained before setting non-essential cookies. A/B Testing of Cookie Banners (Legally Permitted?) Many marketers wonder: Am I allowed to test different versions of my cookie banner to optimize consent rates? The answer from data protection authorities is nuanced: A/B tests of wording are generally permissible as long as all variants meet legal requirements Tests must not aim to mislead or manipulate users The basic principles (transparency, voluntariness, equivalent rejection option) must be preserved in all variants Examples of legally unobjectionable test variants: ✓ Different wording of benefits ✓ Various layouts (as long as accept/reject are equally represented) ✓ Varying level of detail in initial information (with option for more details) Examples of legally problematic test variants: ❌ Different coloring of accept/reject buttons ❌ Different positioning of the rejection option ❌ Variants with/without simple rejection option Interestingly, the A/B testing itself also requires a legal basis since it involves processing personal data – typically a legitimate interest under Art. 6(1)(f) GDPR. First-Party Data Strategies for B2B Companies The most promising approach for B2B marketing in times of strict cookie regulation is building a solid first-party data strategy. This is based on data that users provide directly and consciously, typically through: Registrations for gated content Newsletter subscriptions Account creation on the website Webinar participation and event registrations Contact forms and inquiries Advantages of the first-party

Christoph Sauerborn

In a time when data privacy is no longer just a legal formality, but a crucial trust signal, B2B companies cannot afford to be negligent with cookie banners. The Telecommunications Telemedia Data Protection Act (TTDSG), which has been clarifying the legal requirements for cookie banners in Germany since the end of 2021, has redefined the rules of the game together with the GDPR. Today, in 2025, the correct implementation of cookie banners is more than ever a balancing act between legal security, user experience, and effective marketing.

According to a recent study by the Federal Association for Data Protection (2024), 68% of German B2B websites are still not fully TTDSG-compliant – an unnecessary risk that has been penalized with average fines of €24,500. The good news: With a systematic approach, this compliance gap can be closed.

In this comprehensive guide, you will receive a practical 10-point checklist for TTDSG-compliant cookie banners specifically tailored to the needs of B2B companies. You will learn how to not only minimize legal risks but also how to use cookie compliance as a trust factor in your marketing.

Table of Contents

Cookie Compliance 2025: The Current Legal Situation for B2B Companies

Since the introduction of the TTDSG at the end of 2021, the legal landscape for cookie banners in Germany has become significantly clearer. While the GDPR had already established general requirements for processing personal data, the TTDSG implemented the ePrivacy Directive into German law and created specific requirements for cookies and similar technologies.

GDPR and TTDSG: What Has Changed Since Implementation

The TTDSG has unambiguously clarified in § 25: Storing information on users’ terminal devices or accessing information already stored is generally only permitted with consent. Exceptions only exist for technically necessary cookies that exclusively serve to carry out the transmission of a message or that are absolutely necessary to provide a service explicitly requested by the user.

The most important legal milestones that shape today’s practice (2025):

  • End of 2021: TTDSG comes into force with clear regulations on consent requirements
  • 2022: First fines by data protection authorities for non-TTDSG-compliant cookie banners
  • 2023: ECJ ruling on the level of detail required for cookie information (Case C-763/22), demanding precise information on purpose, duration, and recipients
  • 2024: Nationwide focus audit by German data protection authorities on cookie banners
  • 2025: Stricter enforcement with significantly higher fines even for medium-sized companies

The evolution of case law is noteworthy: While initially unclear wording and certain design freedoms were tolerated, courts and authorities have continuously refined and tightened the requirements. The landmark “Cookie Banner Ruling” by the Munich Higher Regional Court from November 2023 (Case 29 U 1804/23) has made it clear that even minor visual emphasis of the “Accept All” option over the rejection option is to be classified as manipulative and thus illegal.

Current Fine Practices and Risks of Legal Warnings

The development of fines shows a clear trend: While mostly warnings were issued in 2022, data protection authorities imposed fines in the average five-digit range in 2023. According to the annual report of the Federal Commissioner for Data Protection, the average fine increased to €24,500 per violation in 2024 – even for smaller and medium-sized companies.

Particularly relevant for B2B companies: The long-held misconception that B2B websites are less in the focus of authorities has proven to be false. The Data Protection Conference (DSK) explicitly clarified in its position paper from March 2024 that there is legally no difference between B2C and B2B websites as long as natural persons visit the website.

“Even in the B2B sector, data processing is carried out in relation to identifiable natural persons, which means that the requirements of the GDPR and TTDSG apply in full.” — Bavarian State Office for Data Protection Supervision, Activity Report 2024

In addition to regulatory sanctions, legal warnings from competitors or specialized law firms pose a significant risk. According to the digital association Bitkom (2024), the average cost of such a warning amounts to €3,800 – plus internal expenses and possible follow-up costs.

This consistent enforcement of regulations has led to cookie compliance being viewed not as an optional “nice-to-have,” but as a business-critical compliance requirement. In the next section, you’ll learn how to design your cookie banners to be TTDSG-compliant using our 10-point checklist.

The 10-Point Checklist for Legally Compliant Cookie Banners According to TTDSG

The following checklist is based on current legal requirements, German court rulings, and published guidelines from data protection authorities. It provides you with a practice-oriented roadmap for implementing TTDSG-compliant cookie banners.

Design Requirements for Compliant Cookie Banners

1. Equal Presentation of Consent and Rejection Options

First impressions matter – not only for user experience but also for the legal compliance of your cookie banner. According to the Munich Higher Regional Court ruling (November 2023) and the DSK guidance (February 2024), the options to accept and reject non-essential cookies must be visually equivalent.

  • ✓ Same font size for “Accept” and “Reject” buttons
  • ✓ Same color scheme (no more prominent coloring for “Accept”)
  • ✓ Same positioning (no preferential placement)
  • ✓ Same accessibility (rejection must not only be possible on a second level)

Specifically, this means: An “Accept All” button in signal coloring alongside an inconspicuously designed “Reject” link is not legally compliant. Equally impermissible is an “Accept” button on the first level, while the rejection option is only accessible after clicking on “Settings”.

2. No Impairment of the User Interface

The cookie banner must not unduly impair the use of the website. The DSK guideline from 2024 specifies that a cookie banner:

  • ✓ Should not take up more than 30% of the screen area
  • ✓ Must not completely block interaction with the website (layer banner instead of modal)
  • ✓ Must not interpret scrolling or site usage as consent
  • ✓ Must not completely cover the content on mobile devices

Especially in the B2B context, where complex information needs to be conveyed, user-friendly banner design is crucial for the conversion rate.

Correct Information Provision and Consent Options

3. Transparent and Complete Information

According to the ECJ ruling from 2023 (Case C-763/22), precise information must be provided for each cookie or tracking tool used regarding:

  • ✓ Exact purpose of the cookie
  • ✓ Storage duration (specific time indication, not just “up to X months”)
  • ✓ Recipients of the data, including third-party providers with company names
  • ✓ Type of data processed
  • ✓ For transfers to third countries: Indication of the country and the legal basis for the transfer

Example for a non-compliant vs. compliant description:

  • ❌ “Google Analytics is used for web analysis.”
  • ✓ “Google Analytics (Provider: Google Ireland Ltd.) collects your usage data such as visit times, click paths, and device technical information to create usage statistics. Storage duration: 14 months. Data is transferred to the USA, secured by EU standard contractual clauses.”

4. Granular Consent Options

Consent must be possible in a differentiated manner according to purposes and providers:

  • ✓ Categorization by cookie types (preference, statistics, marketing)
  • ✓ Separate consent option for each third-party provider
  • ✓ No pre-selection of non-essential cookies (“opt-in” instead of “opt-out”)
  • ✓ Possibility to easily change previously given consent

From B2B practice we know: B2B companies’ marketing stacks often employ numerous tools (from LinkedIn Conversion Tracking to HubSpot). Each one must be individually selectable.

5. Easy Withdrawal Option

The DSK guidance (2024) emphasizes that the withdrawal option must be “as simple as giving consent”:

  • ✓ Permanent and easily discoverable withdrawal option (e.g., cookie icon at the edge of the page)
  • ✓ Maximum of two clicks to reach the withdrawal option
  • ✓ No login requirement for withdrawal
  • ✓ Actual technical implementation of withdrawal (deletion of cookies)

Documentation and Proof Obligations

6. Verifiable Consent

The accountability principle of the GDPR requires that you can prove consent:

  • ✓ Logging of consent with timestamp
  • ✓ Recording of the exact version of the privacy policy at the time of consent
  • ✓ Storage of which specific cookies were consented to
  • ✓ Retention of these records for at least 3 years (reference value from case law)

For B2B websites with long customer relationships and sales cycles, comprehensive documentation is particularly important as customers interact with the website over extended periods.

7. Regular Updates

Cookie banners are not a “set-and-forget” solution, but require regular adjustments:

  • ✓ Update when tracking setups change (new tools, changed purposes)
  • ✓ Adaptation to legal developments (new case law/guidelines)
  • ✓ Regular verification of cookies actually set (technical audit)
  • ✓ Renewed consent when significant changes occur

The updated DSK guidance (as of 2024) recommends a review at least every 6 months – a value that has proven to be a sensible interval in practice.

8. Technical Implementation of Consent

An often overlooked requirement is the actual technical implementation of the user’s decision:

  • ✓ No setting of non-essential cookies before consent
  • ✓ Blocking of third-party scripts until consent is given
  • ✓ Actual deletion of cookies already set when rejected/withdrawn
  • ✓ No “cookie resetting” on subsequent visits without renewed consent

Technical audits often reveal significant deficiencies here: According to a study by ePrivacy (2024), 62% of websites load certain tracking scripts before consent has been given.

9. Specific Design for B2B Websites

B2B websites often have special requirements that should be considered:

  • ✓ Consideration of lead tracking and CRM integration in the cookie concept
  • ✓ Special transparency regarding the linking of usage data with company data
  • ✓ Clear information about B2B-specific tracking methods (e.g., IP-based company recognition)
  • ✓ Multilingualism for internationally operating companies

10. Performance Optimization

Cookie banners can affect website loading time and performance. Pay attention to:

  • ✓ Minimal impact on Web Vitals and PageSpeed
  • ✓ Asynchronous loading of the cookie banner script
  • ✓ Reduction of layout shifts caused by the cookie banner
  • ✓ Compatibility with cache strategies

After this comprehensive checklist, we now turn to an often underestimated aspect: the correct categorization of cookies.

Cookie Categorization: Which Cookies Fall Under Which Regulations?

A correct categorization of cookies is crucial for the legally compliant design of your cookie banner. Incorrect classification – especially the erroneous categorization of non-essential cookies as “necessary” – can have significant legal consequences.

Essential Cookies: Definition and Demarcation

Essential or necessary cookies are the only ones that may be set without consent. The TTDSG narrowly defines these as cookies that:

  1. are exclusively for the purpose of carrying out the transmission of a message over a public telecommunications network or
  2. are strictly necessary for the provider of a telemedia service that is explicitly requested by the user to be able to provide this service.

In practice, these typically include:

  • ✓ Session cookies for user authentication
  • ✓ Shopping cart cookies in online shops
  • ✓ Cookies for security-relevant functions (e.g., CSRF protection)
  • ✓ Cookies for the technical delivery of content (e.g., load balancing)

The crucial point: The website must be non-functional without these cookies. Merely contributing to improving or facilitating use is not sufficient.

Examples of cookies incorrectly classified as “essential”:

  • ❌ Cookies for storing language settings
  • ❌ Cookies for A/B tests or usability studies
  • ❌ Cookies for recognizing returning visitors
  • ❌ Cookies for “functional” elements such as chat widgets

The Federal Office for Data Protection emphasized in its position paper from April 2024 that the exception for essential cookies is to be interpreted narrowly. For example, a cookie for storing cookie preferences itself is classified as essential, but not a cookie that merely stores the information that a banner was displayed.

Legally Secure Implementation of Preference, Statistics, and Marketing Cookies

All non-essential cookies require informed, voluntary, and active consent from the user. They should be divided into meaningful categories:

Preference Cookies (Functional Cookies):

  • Store user preferences (language, display, etc.)
  • Serve to personalize the user interface
  • Improve the user experience, but are not essential

Examples: Cookie for storing preferred view (list/tiles), cookie for “recently viewed products”

Statistics Cookies (Analytics Cookies):

  • Collect information about usage behavior
  • Serve for analyzing visitor flows and performance measurement
  • Typically anonymized or pseudonymized

Examples: Google Analytics, Matomo (Piwik), Adobe Analytics, Microsoft Clarity

Marketing Cookies (Advertising Cookies):

  • Serve to create user profiles
  • Enable targeted advertising and retargeting
  • Often set by third-party providers
  • Track users across websites

Examples: Google Ads Conversion Tracking, Facebook Pixel, LinkedIn Insight Tag, HubSpot tracking

Especially in the B2B sector, the correct assignment of tracking tools is crucial, as complex marketing stacks are often used here that combine various functions.

Tool Category Requires Consent Special Considerations in B2B Context
Google Analytics 4 Statistics Yes Can be configured with IP anonymization; still requires consent
LinkedIn Insight Tag Marketing Yes Particularly relevant for B2B; captures conversion events and enables retargeting
HubSpot Tracking Marketing Yes Comprehensive lead tracking, particularly consent-critical
Hotjar/Mouseflow Statistics Yes Session recordings may contain personal data
Cookiebot/OneTrust Essential (only for consent function) No (for core function) Only the consent cookie itself is essential

Legal Assessment of B2B-Specific Tracking Scenarios

B2B marketing often uses specific tracking mechanisms that require special legal assessment:

IP-Based Company Identification:

Tools like Leadfeeder, Albacross, or Snitcher identify companies based on their IP addresses. The legal classification:

  • IP addresses are considered personal data according to ECJ case law
  • Even if only company names are displayed, the processing is based on personal data
  • According to current legal opinion, consent is required (even if not always in cookie form)

“The fact that tracking primarily takes place at the company level does not exempt from the consent requirement if personal data from website visitors are processed in the process.” — Data Protection Conference (DSK), Statement from October 2023

B2B-Specific CRM Integration and Lead Scoring:

The linking of website tracking with CRM systems for lead qualification is widespread in B2B marketing. Legally, the following applies:

  • The integration of form data with tracking data requires informed consent
  • Additional information obligations may arise for scoring processes (Art. 13, 14 GDPR)
  • The linking of different data sources must be communicated transparently

Crucial for B2B marketers: Even if you primarily process company data, the underlying processing of user data (IP addresses, browser fingerprints, cookie IDs) is subject to GDPR and TTDSG regulations.

In the next section, we’ll examine technical solutions for implementing legally secure cookie banners on B2B websites.

Cookie Banner Implementation: Technical Solutions for B2B Websites

The technical implementation of a legally secure cookie banner is complex and requires more than just installing a plugin. Especially for B2B companies with complex marketing stacks and long sales processes, a well-thought-out implementation is crucial.

Cookie Consent Management Systems Compared (2025)

The market for Consent Management Platforms (CMPs) has developed significantly since 2021. The leading solutions in 2025 offer comprehensive functions for compliance with TTDSG and GDPR.

CMP Solution Special Features Pricing Model Suitability for B2B
Cookiebot by Usercentrics Automatic cookie detection, regular scans, IAB TCF integration From €29/month, depending on the number of domains High (also suitable for medium-sized B2B websites)
OneTrust PreferenceChoice Enterprise solution, comprehensive compliance features, global regulation coverage From €120/month, volume-based Very high (especially for global B2B companies)
Usercentrics Comprehensive consent management, very customizable, good API From €79/month, user-based High (suitable for complex B2B setups)
Klaro! Open-source, self-hosted, maximum data control €0 (Open Source) or from €19/month for Premium Medium (good for technically proficient teams)
Complianz WordPress-focused, easy integration, good basic features From €49/year Low-Medium (for simpler B2B websites)

When selecting a CMP solution, B2B companies should pay particular attention to the following aspects:

  • Scan Accuracy: Especially in complex B2B websites with many third-party tools, precise detection of all cookies is crucial.
  • Geo-Targeting: Important for internationally active B2B companies to meet regional compliance requirements.
  • Documentation Functions: Comprehensive logging of consents for accountability.
  • Marketing Stack Integration: Seamless connection with B2B-typical tools like HubSpot, Marketo, LinkedIn Conversion Tracking, etc.
  • API Functionality: For deep integration into existing systems and customer-specific requirements.

The “Consent Management 2025” study by ePrivacy GmbH shows that implementation quality varies greatly: While 93% of companies use a CMP, only 56% meet all technical requirements for TTDSG-compliant implementation.

Integration with CMS and Marketing Tools

Integrating a CMP into an existing content management system and the marketing stack is often the biggest challenge. The following best practices have proven effective:

WordPress Integration:

  • Plugin-based solutions (Cookiebot, Complianz, Borlabs) offer easy integration
  • Tag Manager (GTM) should also be consent-based controlled
  • Critical: Caching plugins can collide with consent management (WP Rocket, W3 Total Cache)

TYPO3 Integration:

  • Native extensions such as “Cookie Consent” or integration via JavaScript
  • Typoscript-based inclusion for maximum adaptability
  • Particularly relevant: correct cache configuration (realurl, staticFileCaching)

Shopware/Magento/Other E-Commerce Systems:

  • Often more complex due to numerous integrated marketing and tracking tools
  • Use specific modules for the respective platform
  • Pay special attention to checkout processes and their tracking integrations

HubSpot and Other Marketing Automation Platforms:

B2B companies often use comprehensive marketing automation platforms like HubSpot, which present special challenges for consent management:

  • Tracking scripts must be loaded based on consent
  • Forms and chatbots require their own consent mechanisms
  • CRM integration must comply with data protection regulations

Example code for integrating a CMP with HubSpot (simplified):


<script>
document.addEventListener('consentGiven', function(event) {
if (event.detail.marketing === true) {
// Only now load HubSpot tracking
var script = document.createElement('script');
script.src = '//js.hs-scripts.com/

Takeaways

TL;DR

  • From 2025, cookie banners must comply with the TTDSG (Telecommunications Telemedia Data Protection Act) regulations
  • The TTDSG as well as the GDPR require explicit consent for tracking and marketing purposes
  • Exemptions exist for technically necessary cookies
  • High-risk practices include dark patterns, pre-ticked boxes, and “legally gray” opt-in bundling
  • Legally compliant implementations offer options for rejection, granular selection of cookie categories, and simple withdrawal of consent

Your system for plannable growth: More attention, more leads, more customers – through content that builds trust, campaigns that perform, websites that sell, and processes that scale.

Open Positions

Brixon Group Ltd.
Centris Business Gateway
Birkirkara
Malta

Subscribe to the B2B Growth Newsletter Now

Weekly, directly from our CEO, brief and concise everything you need to know about B2B marketing.

© 2025 Brixon. All Rights Reserved.