How Your GDPR Overlay Affects SEO

77 Elektronika Kft

How Your GDPR Overlay Affects SEO

Balázs Máté, online marketing consultant

Can your GDPR overlay mess up your search engine optimization? Can you lose conversions if you do it wrong? Yes, it can! Let us show you our findings based on our real-world experiences, along with the correct solution!

How Your GDPR Overlay Affects SEO

Recently, one of my clients, who is quite well-versed in online marketing has asked the firm that created their website to create a GDPR overlay that covers the entire page, and doesn’t let users through unless they accept the placement of cookies in their browsers. He wanted to play by the rules.


At first, I didn’t think much of it – if someone wants to follow the rules this strictly, then they have all my respect. I asked the developer that created the website if this overlay hid the site’s code from Google’s crawling robot, and the answer was that it’s not hidden at all, and that Google can, in fact, see and crawl it. I checked it, and confirmed it to be true.


Let me add that we’ve also checked the website of some of the biggest multinational corporations and saw that they immediately place all (or almost all) of their cookies the moment a user opens one of the pages. Microsoft, Apple, and Media Markt all spam your system with their cookies, and even the Hungarian website is guilty of this practice, regardless of what you click on afterwards:


Microsoft GDPR


This site places 4 cookies, but none of them are from Analytics.


On the top of the website, there’s a bar with some text stating:
“This site uses cookies for analytics, personalized content and ads. By continuing to browse this site, you agree to this use.”



Media Markt GDPR


This site places 25 cookies, with Analytics trackers among them.


At the bottom of the page, they state the following:

“Our website, uses several cookies and services to provide full functionality for our visitors, as well as to make it more informative and user-friendly for them. It is important for us that you can easily browse our website, which is why we focus strongly on its constant development. This involves saving your preferences and filling forms automatically so that you don’t have to put in the same information every time. It is also important to us that you see the kind of content that you are really interested in, and that makes your online activities easier. If you click the “Accept” button, you agree to the use of cookies. If you do not want to accept every cookie, visit the cookie settings page. For further information, read our privacy policy and cookie policy.”


If we click the “Accept” button, then we get one more cookie, and the text disappears from the bottom of the page for good. GDPR és a SEO


This site places 14 cookies.


The text on the bottom reads:


“You can read about how we keep your data safe in our data protection policy. Our pages use HTTP cookies for better functionality.”



When we click the “Ok” button, we get one more cookie, after which the bar with the text disappears.


The negative SEO results of using a GDPR overlay

However, after the new website started performing worse than the old one, I became worried. Both for the number of visitors and the number of conversions. My client was even more worried, as he was expecting anything but less conversions from the new website. He wasn’t exactly on the best terms with the site’s developer. So he immediately blamed the weaker performance on the new website and its new CMS. They tested the site’s speed, checked for any disappeared content, found some redirect chains, and confronted the developer.


There are three reasons, however, why these could not have been reasons behind the issue. The first one being that the new website became much faster than the old one, which did have some redirects, but those were already being eliminated at the time on the new site – otherwise, things were looking up. The next reason was the speed of the changes: they were almost immediate, after the new website launched. Google doesn’t penalize that fast. The third reason is that it wasn’t just traffic from organic Google searches that decreased, but traffic in general from all similar channels as well. Here’s a screenshot of the site’s Analytics:



GDPR Layer és a SEO: Google Analytics


If you take a look at the data, you can see that there were positive results as well. Metrics such as bounce rate, pages/session and session time have improved significantly. But none of that matters if conversion rates decrease. But then what caused that decrease?


Bounce rates have improved, or did they?

The overlay can annoy a lot of visitors, which could result in more bounces. Google gets suspicious if several visitors bounce back from a website immediately after they land on it, which is why it’s bad for SEO, but it takes time for this to have any effect on rankings and traffic.


But we can see that bounce rates have improved. Great, the new website has a better structure, it’s user friendly, offers superb user experience, so no problems here, right? Well, not quite. Due to tracking cookies not being placed immediately, Google Analytics doesn’t track the very first “page” that people see (“page zero”, if you will). This means that we can’t see how many people get scared and turn back when the see the overlay that covers the entire page. We could see it, if we placed Analytics’s cookies the moment a visitor lands on the site (as done on 99.99% of every other site). We currently have no data of this.


The sources from which traffic has decreased, however, supports this idea, as visitors landing on the site via ads and social media also get sacred when they see this “CIA” layer. But let’s see Google’s take on the correlation between SEO and GDPR overlays:


GDPR overlay – does it negatively affects SEO?

During a Webmaster Hangout episode, Google’s John Mueller got a question about how GDPR layers affect a website’s search performance. Here’s the exact question, and the answer given by Mueller:



“A question about GDPR pop-ups. How will they affect SEO and usability?”


“They are sometimes quite annoying, these pop-ups but they are how they are.


So in general, if the pop-up is on top of the content itself, so if the content loads within HTML and you're using JavaScript to show a pop-up on top of that, then we'll still have that normal content behind the pop-up to index normally. So that part usually works fairly well.


What doesn't work on our side is if you replace all of the content with just an interstitial or if you redirect to an interstitial and Googlebot has to click a button to actually get to the content itself then that's not going to happen. Then what will happen there is will index the interstitial content because that's only thing we have on this page and we won't know that you can actually like click a button and get a little bit more information there. Googlebot also doesn't keep a cookie. So it wouldn't be able to say well I'll click accept now and the next time I crawl your website you just show me your content normally. Googlebot wouldn't be able to kind of return that cookie to you and say I agree with your kind of Terms of Service.


So, those are kind of the two extremes that we've seen.


For the most part sites get this fairly right. And you can test it of course, you see it fairly quickly in search, if your site doesn't show up at all and the search results for normal content and probably we can't pick that up anymore. So for the most part I think that's working well.


You can test this on a technical level with things like the mobile-friendly test. Where you can render the page as a mobile Googlebot and then look at the HTML that is generated. So within the mobile-friendly test you can now look at the HTML after rendering and you can double check in the HTML that we can actually find your normal content and not just the interstitial.”


Well, the overlay does have a button for users to click, but according to our tests, Googlebot can see the page’s HTML source, so that can’t be the problem. We’ve seen that most websites place their cookies on your system when land on a page, and that it happens without your consent – but what does Google have to say about that?

Google and the GDPR

Numerous sources state that in some cases, you DO NOT need consent from the user, but these are very specific cases, and they make little sense. Just like this whole GDPR thing and those who came up with it. The entire confusion around GDPR stems from the fact that different people interpret its rules differently.


You can find the original source of this confusion here (


What does it say?

“By way of an exception, personal data may be kept for a longer period for archiving purposes in the public interest or for reasons of scientific or historical research, provided that appropriate technical and organisational measures are put in place (such as anonymisation, encryption, etc.).”


To some people, this means that if you DO NOT send your collected user data to third-parties, and you use them only for your own purposes (“for reasons of scientific or historical research”), then you DO NOT have to ask for consent from the user.


Other say that of you collect user data for advertising purposes with Analytics, then you HAVE TO ask for consent. Here’s is what Google considers advertising data (as per their official guide


  • Remarketing with Google Analytics
  • Google Display Network Impression Reporting
  • Google Analytics Demographics and Interest Reporting
  • Integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers


By enabling the Advertising Features, you enable Google Analytics to collect data about your traffic via Google advertising cookies and identifiers, in addition to data collected through a standard Google Analytics implementation. Regardless of how you send data to Google Analytics (for example, via the Google Analytics tracking code, Google Analytics SDK, or the Measurement Protocol), if you use Google Advertising Features, you must adhere to this policy.

This source  says that

“To restate this, the WP29 opinion here is that you can have Google Analytics enabled by default, without the need for consent as long as you:
•    Provide clear information about GA in the website privacy policy.
•    Provide an opt-out (e.g. pre-ticked tickbox with the ability to untick it).
•    Anonymise the data sent to Google from the web browser.
•    Are happy that Google is acting as a data processor.


Just so you know, this particular page also immediately places 5 cookies the moment you open it, as does, which is a legal publisher. If anybody, they surely know how to be GDPR-friendly…


How GDPR overlays affect conversions

Do you think that if a high-profile website like doesn’t get penalized for how they manage cookies, an SMB will? SMBs are more likely to receive a warning at first, and the authorities responsible for issuing these penalties would have a ton of work on their hands if they raided everyone who doesn’t play by the rules. Also, you don’t get any prices for playing by the rules, and using an overlay, which people can use to opt out from using cookies – but you lose your conversions. Which scenario is more important for you?

Online marketing consultant since 1998

After graduating from my diplomas, I could not decide whether to stay on the scientific career or place my interest in marketing on a business basis. So let's both co-exist, I thought, and started writing it for a doctorate in marketing, I taught at university, while I founded the Marketing Professors BTL Communication Agency. In the past, I played a role in the marketing communication of more than 500 SMEs and dozens of large companies. I did not provide the research, and with my team we have built a marketing communication strategy that can be effectively and cost-effectively implemented in virtually all industries through search engine optimization (SEO), social media marketing and content marketing (publishing). If you've got to know that Ti also needs such an effective marketing communication strategy, ask our offer if you do not already feel the overwhelming power of the Internet, read our articles, but I know your time is coming.

Online marketing consultant since 1998

Online Marketing Advice - What Does It Mean To Do This Business?

Online marketing is not the same as offline marketing. Reaction’s times, reactions, and tools are quite different. Whether it is a small business or a number of brands in a pharmaceutical company, the proven sales and marketing experience can not be adapted to the online world. A company introduction or even a well-written marketing text is not enough. We not only write about potential buyers on the Internet, but also the search engines and the habits of Internet users. But if we hit them, we get a yarn that brings us commercials that are free or not, so many people get what we can not hope for using traditional tools. What should I do for this? Search engine optimization? Community Media Marketing? Content Marketing? A creative idea and a lot of experience, and above all, well-developed marketing strategy!

Online PR and Publishing

In addition to online marketing, Publishing and online PR are part of a complex marketing strategy. By working with pharmaceutical factories, I learned what to do if we are not only have to defeat, denigrate hardcore and capital-intensive competition but also fight against authorities and the media. I've taken part in many projects in which we were not even allowed to say what we want to sell, but we were expect to present concrete sales figures at the headquarters of the multinational corporation as a result of online PR or publishing. It can not be mistaken because all eyes of competition and the media are on us, and we can expect millions of penalties for the slightest breakthrough. Still, records have been decided on sales growth figures!

Online marketing lectures, education and research

I teach not only student training, but also theoretical research as an instructor at the Szent István University Marketing Institute of Gödöllő. My doctoral (PHD) work is also about online marketing. During the day-to-day practice of the university research work and & nbsp; Marketing Professors Ltd., I can gain experience that few people today in Hungary. The combination of theoretical university research and the merciless challenges of business life, supported by cutting-edge EU sources, is an effective and competitive knowledge. I try to convey them not only to my students but also to my colleagues at international marketing conferences, but also to my clients in everyday practice. Search Engine Optimization, Facebook Marketing, AdWords Campaigns, LinkedIn, and I could classify the corporate courses I've held in recent years, placed in companies.

Vedd fel velünk a kapcsolatot, kattints!