Seamless privacy throughout your online world
Our Mission
Evidence-based regulation: we use interdisciplinary research to empower consumers to make real privacy decisions
Consenter for Users: Consent Agent
Download our Consent Agent for free and get rid of consent banners.
Manage your consent decisions once and for all – across the web.
Make your decision by understanding your benefits and risks.
Benefits for users:
More convenience: manage consents across all contexts, once in advance
Less annoyance: get rid of cookie banners and other consent forms
Trust and control: get maximum control over the data you share, Consenter makes sure that websites and their technology providers respect your consent decisions
Our consent agent is a free extension that you install in your browser. You can pre-set your consent settings (I agree, I do not agree) for different purposes that websites would collect your data for. The moment you visit a website, your consent agent automatically sends your pre-settings to the website. This means that you don’t have to click on any consent banner anymore.
You may adjust your preferences to the website you visit via our handover notice. This small and user-friendly substitute for banners appears at the bottom left of the website and automatically vanishes after a few seconds if you do not interact. Through this mechanism, the handover notice does not interfere with your user experience of the website. In the dashboard of your consent agent, you can keep track of all consent given and change any settings afterwards.
With our consent agent, we help you to understand what it means for you personally when you give your consent. To do this, we explain the benefits and risks for you of giving your consent in an intuitively understandable form. This explanation is based on a scientifically validated exchange process with numerous international data protection experts, including employees from data protection authorities. The explanation is based on several elements:
Firstly, we explain to you in clear and concise language the purposes for which each website and other service providers would like to process your data. These purposes are typically:
- Improve the website that you are visiting
- Enable additional website features (for example map services, videos)
- Personalise the website to your interests
- Personalise advertising to your interests
Each of these purposes, to which you can consent individually, comes with different benefits and risks. For example, your consent to the improvement of the website helps to improve the user experience of the website (benefit); this is offset by the risk that the website will monitor your usage behaviour on the website and thus gain insights into your private life. However, this risk is low because your usage data is only used statistically, together with the data of many other users. The website provider therefore does not know what you have done as an individual on its website, but only what all users collectively do on average. These benefits and risks are the second important element of our intuitive designs.
It is important to clarify that the classification of the risks and benefits of various purposes is not assigned lightly. Rather, the categorisation is based on empirical research, together with data protection experts. To do this, we first carried out an extensive research process to empirically determine the risks that consumers see in the processing of their data. With the help of data protection experts, we then assigned these risk categories to the different purposes and weighed them against the corresponding benefits. In this way, we ensure that no risks are concealed or overlooked, but also that they are not exaggerated.
Using an iterative process, we are developing an easy-to-understand visual representation of these purposes, benefits and risks as well as all other legally required information. In doing so, we are developing various prototypes and testing them using empirical methods, primarily qualitative user tests until we have the most satisfactory result possible. Qualitative user tests give us very good insights into how users understand and use our designs and why the designs do not yet function optimally. However, such results are not yet statistically representative of the entire population. That's why we conduct quantitative representative A/B tests. Such A/B tests enable us to compare our different prototypes and find out which is the most effective one. The most effective design is the so-called State of the Art that we use as our new standard design (and which according to the law all website and service providers must take into account, see Art. 25 sect. 1 GDPR). We are carrying out this development and testing of our prototypes on an ongoing basis so that we can publish improved (more comprehensible) designs at frequent intervals. In this way, we can constantly raise the level of good consent designs.
This is how we explain your benefits and risks in relation to the various purposes for which the website or other service providers may wish to process your data. On this basis, we hope that you can decide for yourself whether the benefit is worth the corresponding risk and thus make real privacy decisions.
Consenter for Website providers: Consent Banner
Use our Consent Banner to increase legal certainty.
Regain your users’ trust – exploit the full potential of data-driven innovation.
Integrate our universal standard into your platform.
white label solution available for consent management platforms, electronic patient files, eIDAS solutions, European Data Spaces, IDS and SolidPods
Benefits for website and other service providers:
Increased compliance with the General Data Protection Regulation (GDPR): get maximum legal certainty for your website and in many other services
Resource-saving integrability: easy integration of our Consent Banner in your website and in many other services, even as a white label solution for your platform
Higher user trust: Higher trust in your service than you can achieve with other banners on the market, higher trust in your brand
Competitive advantage: increased trust leads to higher consent rates, which leads to more data and, thus, more innovation
The design of our consent banner is based on more than 10 years of interdisciplinary research, which we have carried out in exchange with numerous international data protection experts and researchers. During this time, we have developed methods and metrics that we’re now using to empirically measure
- how well a consent banner design informs consumers about the consequences of their consent,
- how appropriate consumers find the respective banner for deciding on the processing of their data,
- how a consent banner design affects consumers' trust in the website and the provider behind it, and
- how this in turn affects the consumer’s consent behaviour.
Using quantitative A/B tests, we are able to compare different consent banner designs based on the parameters described above and determine the most effective design. According to our current test results, consumers find the consent banner we developed, especially in combination with our consent agent, more informative, more appropriate and more trust-promoting than current banner designs, even if these were designed according to best practice rules. With our methodology, we are continuously iterating our designs to provide a constantly improved benchmark for all stakeholders. In legal terms, this benchmark is the so-called state of the art, that is the most effective consent mechanism available on the market, which Art. 25 sect. 1 GDPR requires all website and other service providers to take into consideration when applying the General Data Protection Regulation (GDPR).
Connection with other Consenter products: The Consent Banner works independently of our Consent Agent. However, Consent Agent users will get the best experience with your service.
Consenter for Website providers: Data Protection Certificate
Build even more trust in your service with our Data Protection Certificate.
Benefits of our certificate:
Maximum legal certainty: demonstrate compliance of your website to your end users, competitors and data protection authorities
Increase your consent rate based on the higher trust of your end users
Ressource-saving certification process: profit from our out-of-the-box solutions to lower your certification costs, especially for Small and Medium-Sized Enterprises (SMEs)
Get certified and demonstrate that you are a trusted website with our EU Data Protection Seal (GDPR). To this aim, choose one or more purposes for which you process the personal data of your end users and which you want to certify:
- Statistics to improve your website
- Enabling additional website features (for example map services, videos)
- Personalising the website to the interests of your end users (available at a later date)
- Personalising advertising to the interests of your end users (available at a later date)
We will then check and ensure that your corresponding data processing operations comply with the criteria from our certification scheme. Out-of-the-box solutions and semi-automated certification processes ensure that the certification process is as resource-efficient as possible for you.
Once you have successfully completed the certification process, you may use the certificate to demonstrate to your end users that you comply with the requirements of the General Data Protection Regulation (GDPR). This will give you a competitive advantage over your competitors.
You may also use the certificate as proof to data protection authorities that you have effectively implemented all the technical and organisational measures needed according to Art. 25 sect. 2 and Art. 32 sect. 3 GDPR.
Consenter for Third party providers: Green Lighting System
Stand out from your competitors as a greenlighted technology provider.
Your benefits:
Compliance of your technology with the General Data Protection Regulation (GDPR): increase legal certainty for your business customers
Higher trust of your business customers in your technology: set yourself apart from your competitors as website providers prefer GDPR-compliant technologies
Higher end user trust: the more end users trust in your technology, the more they trust in your brand
Apply for our Greenlighting process. We will then check the GDPR compatibility of your standard processing agreement and add you to our list of trusted third party providers if your agreement applies to the GDPR. This ensures that the website providers may use your technology in compliance with the General Data Protection Regulation (GDPR).
Being greenlighted will set you apart from your customers. As a technology provider who got greenlighted by us, we recommend your service to your business customers, for example, websites and other service providers, as a trustworthy technology when configuring their service. This helps you to find new customers who are seeking to set up their service in compliance with the GDPR.
Consenter for Regulators: Research Apparatus
Interdisciplinary research for evidence-based regulation
Benefits for legislators, data protection authorities and consumer protection agencies:
Prototyping for effective legal implementation: so far we have been developing over 15 prototypes of cookie banners, consent agents, privacy icons, dashboards and feedback loops to demonstrate how legal requirements can be effectively implemented.
Empirical testing through qualitative studies: so far we have been validating and complementing our prototypes in over 7 major qualitative studies.
Representative verification through quantitative studies: defining the State of the Art in large quantitative studies with so far over 2500 participants
Legislators and enforcement authorities are increasingly faced with the challenge of ensuring the effectiveness of laws. This is particularly true in the area of technology law, which is characterised by a complex interplay of legal, technical, economic and social factors and an extremely dynamic pace of development. Legislators are therefore confronted with the difficulty of creating a legal framework for socio-technical developments that they may only know and foresee to a limited extent. Similarly, authorities are faced with the challenge of ensuring effective implementation of legal requirements in practice.
The cookie banner, for example, shows that laws are often only effective to a limited extent: the legislative idea behind the cookie banner is that consumers should be able to make an individual decision as to how much privacy they want to exchange for which range of functions on the website they are visiting. In reality, however, consumers click away the vast majority of cookie banners without having understood its actual meaning. This is primarily due to the lack of transparency, deceptive design and frequency with which consumers have to give their consent, for example in the form of cookie banners.
However, the underlying reason for such ineffective laws is of a methodological nature: until now, there is only limited knowledge of which methods can be used to empirically prove and ensure a more effective design of cookie banners or, more generally, a more effective design of laws and their effective implementation. With our interdisciplinary methods in the field of legal design, we are making an important contribution to closing this knowledge gap. We do this in particular by developing working prototypes for legal-technical solutions, such as cookie banners and consent agents, and validating their effectiveness empirically with qualitative and quantitative studies. In particular, by comparing different solutions in quantitative A/B tests, we are able to determine which solution is more effective than others and, thus, which solution represents the so-called state of the art (which Art. 25 sect. 1 GDPR requires data controllers, such as website providers, to take into account).
Through our human-centred multi-stakeholder processes, we ensure that we take into account the interests of all affected stakeholders and not the one-sided interests of individual groups. As these are continuously iterative design and validation processes, we endeavour to constantly improve the state of the art and to stimulate a positive development dynamic on the market towards ever more effective legislation. In this way, we aim to help realise the full potential of data-driven innovation for the benefit of real-live European values.
Paul Grassl, Nina Gerber, Max von Grafenstein (2024). How Effectively Do Consent Notices Inform Users About the Risks to Their Fundamental Rights? EDPL 1/2024.
Grafenstein, M. v., Kiefaber, I., Heumüller, J., Rupp, V., Graßl, P., Kolless, O., & Puzst, Z. (2024). Privacy icons as a component of effective transparency and controls under the GDPR: effective data protection by design based on art. 25 GDPR. Computer Law & Security Review, Volume 52.
Grafenstein, M. v., Jakobi, T., & Stevens, G. (2021). Effective data protection by design through interdisciplinary research methods: The example of effective purpose specification by applying user-Centred UX-design methods. Computer Law & Security Review.
Grafenstein, M. v. (2019). Co-Regulation and the Competitive Advantage in the GDPR: Data protection certification mechanisms, codes of conduct and the “state of the art” of data protection-by-design. In González-Fuster, G., van Brakel, R., & P. De Hert, Research Handbook on Privacy and Data Protection Law. Values, Norms and Global Politics, Edward Elgar Publishing, 1st Ed.. Cheltenham: Edward Elgar Publishing.
Coming soon:
Grassl, P., Gerber, N., Grafenstein, M. v. (upcoming). How to More Effectively Inform Users About the Risks to Their Fundamental Rights? (study design and data collection accomplished, data analysis ongoing)
Gerber, N., Grassl, P., Grafenstein, M. v. (upcoming). How do Consent Agents Affect the Consent Behaviour of Users? (study design accomplished, data collection in preparation)
Grafenstein, M. v., Smieskol P., Jakobi, T. (upcoming). From Consent to Control by Closing the Feedback Loop: Enabling data subjects to directly compare personalised and non-personalised content through an On/Off toggle (submitted)
Get notified
Be the first to hear about our product and research.
Our mission
Evidence-based regulation: using interdisciplinary research to empower consumers to make real privacy decisions. Through our participatory development processes, we make sure to address all conflicting interests and that laws get most effective. Applying a continuous prototyping and validation process, we constantly improve the state of the art. By doing so, we help develop a dynamic market towards ever more effective legislation. In this way, we aim at realising the full potential of data-driven innovation while living the European values, in particular, privacy, security and the rule of law.
Network and partner institutions
Contact us
By Mail
Or directly here