fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " cookies "

Dutch DPA Issues Opinion on Use of Cookie Walls

Recently, the Dutch Data protection Authority has taken the position that the use of so-called “cookie walls,” whereby website access is made conditional upon the provision of consent to tracking cookies, is not compliant with the EU General Data Protection Regulation (GDPR).

According to the Dutch SA, use of online tracking technology is one of the most invasive data processing activities considering that virtually everyone is active on the internet and therefore potentially subject to online tracking. It is therefore key to obtain valid consent from website users before engaging in any tracking activity. nd such consent shall meet GDPR requirements.

Source: Dutch Supervisory Authority Opines on Use of Cookie Walls

Reported Google browser change could be final death blow to cookies

Google is planning to announce new tools for Chrome that offer users more control over third party tracking cookies. The controls and default settings would be somewhat less “severe” than the anti-cookie tracking moves made by Safari and Firefox, which adopted default tracking protection.

Chrome has a 63% market share globally and a 50% share in the U.S. Depending on what Google announces it could be the nail in the cookie coffin — not unlike how Apple killed Flash. Marketers have been anticipating the end of cookies for some time.

Full article: Reported Google browser change could be final death blow to cookies – Marketing Land

Privacy UX: Better Cookie Consent Experiences

With the advent of the EU General Data Protection Regulation (GDPR) in May 2018, the web has turned into a vast exhibition of consent pop-ups, notifications, toolbars, and modals.

While the intent of most cookie-related prompts is the same — to get a user’s consent to keep collecting and evaluating their behavior the same ol’ way they’ve been doing for years — implementations differ significantly, often making it ridiculously difficult or simply impossible for customers to opt out from tracking.

Full article: Privacy UX: Better Cookie Consent Experiences

EU Advocate General Issues Opinion on Consent for Cookies and Intersection with the GDPR

On March 21, 2019, Advocate General Szpunar released his opinion in the Planet49 case, currently pending before the Court of Justice of the European Union (CJEU). The case centers on the use of consent for the processing of personal data and consent for the use of cookies.

In the Advocate General’s view, the pre-ticked box for cookies does not provide a valid active consent under the GDPR nor under the ePrivacy Directive. Moreover, he considers that the ePrivacy Directive’s consent requirement for cookies applies irrespective of whether the collected data qualify as personal data.

Source: EU Advocate General Issues Opinion on Consent for Cookies and Intersection with the GDPR

EU citizens being tracked on sensitive government sites

EU governments are allowing more than 100 advertising companies, including Google and Facebook, to surreptitiously track citizens across sensitive public sector websites, in apparent violation of their own EU data protection rules, a study has found.

Danish browser-analysis company Cookiebot found ad trackers — which log users’ locations, devices and browsing behaviours for advertisers — on the official government websites of 25 EU member states. The French government had the highest number of ad trackers on its site, with 52 different companies tracking users’ behaviour.

Source: EU citizens being tracked on sensitive government sites | Financial Times

EU Regulators Increase Focus on Cookie Practices

In the absence of cookies-related guidance and enforcement by regulators against ordinary website publishers and operators, many e-commerce sites, online publishers and other website operators have taken a “wait and see” approach with respect to implementing GDPR-compliant cookies consent procedures.

Full article: EU Regulators Increase Focus on Cookie Practices

The Netherlands DPA states cookie wall not allowed

On 7 March 2019, the Dutch Data Protection Authority (DPA) created quite some buzz in the online Dutch (advertising) industry: websites that only give visitors access to their site if they agree to tracking cookies (or similar technologies) do not comply with the GDPR.

This also means that the so-called cookie walls that are placed on websites, preventing visitors access to websites if they do not consent to tracking cookies, are not allowed in the view of the Dutch DPA.

Source: The Netherlands: S.A. states that websites must be accessible at all times; cookie wall not allowed

Bavarian DPA Conducts Website Cookie Practices Sweep, Announces Fines under Consideration

Data Protection Authority (DPA) of the German state of Bavaria announced it was considering fining a number of companies under the GDPR for their website cookie practices.

None of these companies appear to be in Google-style tech industries. The Bavarian DPA’s action potentially signals that cookies, user tracking, and online advertising are not a ‘tech industry issue,’ but instead a priority issue for companies irrespective of their industry – and one that can carry GDPR fine risk.

Full article: Google-Style GDPR Fines for Everyone? Bavarian DPA Conducts Website Cookie Practices Sweep, Announces Fines under Consideration

Austrian DPA Issues Decision on Validity of Cookie Consent Solution

On November 30, 2018, the Austrian Data Protection Authority published a decision in response to a complaint received from an individual regarding the cookie consent options offered on an Austrian newspaper’s website.

Full article: Austrian DPA Issues Decision on Validity of Cookie Consent Solution | Privacy & Information Security Law Blog

Targeted advertising targeted by the French DPA

Since the General Data Protection Regulation (GDPR) came into force in May 2018, the CNIL has issued four public formal notices against Fidzup, Singlespot, Teemo and recently against Vectaury, all of whom are involved in the advertising business.

The CNIL’s formal notices come at a time when the advertising sector is still debating the alternative between “consent” and the controller’s ”legitimate interest” as a legal basis to process personal data for the purpose of targeting advertising. In the above-mentioned cases, the concerned intermediaries were extensively collecting location data from users’ smartphones and combining them with other sets of data, which requires consent under the GDPR.

Full article: Targeted advertising targeted by the French DPA

>