AP (The Netherlands) - 10.12.2019: Difference between revisions

From GDPRhub
No edit summary
 
(nitpick capitalisation)
Line 18: Line 18:
|Type:||Investigation
|Type:||Investigation
|-
|-
|Outcome:||Violation found
|Outcome:||Violation Found
|-
|-
|Decided:||n/a
|Decided:||n/a

Revision as of 16:07, 3 March 2022

AP - Consent to place cookies
LogoNL.png
Authority: AP (The Netherlands)
Jurisdiction: Netherlands
Relevant Law: Article 4(11) GDPR

Article 6(1)(a) GDPR

Article 7 GDPR

Type: Investigation
Outcome: Violation Found
Decided: n/a
Published: 10.12. 2019
Fine: None
Parties: 157 companies investigated
National Case Number: n/a
European Case Law Identifier: n/a
Appeal: n/a
Original Language:

Dutch

Original Source: AP (in NL)

The AP found that almost 87 websites out of 175 investigated are not compliant with the consent requirements under Article 6(1)(a) GDPR when placing cookies.

English Summary

Facts and questions arising

Following its investigation of 175 websites, including municipalities and media, the AP found that almost half of them did not comply with the consent requirement for cookie placements under the ePrivacy Directive and Article 6(1)(a) GDPR.

Holding

In its decision, the AP stressed that practices such as pre-ticked boxes, user’s silence, inactivity or scrolling down or variations of banners such as "if you continue on this website you agree on cookies" do not constitute consent. Cookie walls are also not allowed under the GDPR. Therefore, the DPA ordered the websites to change their policies in accordance with GDPR and noted that it is planning to investigate the lawful use of cookies.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the press release

The press release below is a machine translation of the original. Please refer to the Dutch original for more details.

AP: many websites incorrectly request permission for placing tracking cookies
News item/10 December 2019
Category:

    Cookies

The Personal Data Authority (Autoriteit Persoonsgegevens, AP) has checked approximately 175 websites of webshops, municipalities and media, among others, whether they comply with the requirements for placing tracking cookies. Almost half of the websites that use tracking cookies do not meet the consent requirements. Virtually all of the webshops checked do not meet these requirements. The organisations behind these websites have received a letter from the AP calling on them to adjust their working methods if necessary. In the short term, the AP will start an investigation into whether cookies are being used lawfully.
Ticked in advance may not

Tracking cookies are data about people's internet behaviour. With this data, organisations can track internet behaviour over time. Targeted advertisements can also be sent. Therefore, the website visitor must give permission to place and consult tracking cookies with an unambiguous and active action.

A ticked 'yes' box when the user is asked for permission is therefore not allowed. Also silence, inactivity or scrolling down or variations on 'you agree if you continue on this website' are not allowed.

Two of the most common examples that do not meet the requirements of consent:
Judgment of the European Court of Justice

On 1 October 2019, the European Court of Justice ruled that the user's consent for placing and consulting tracking cookies on his equipment is not legally valid if a standard checkbox is used for this purpose.
Also, refusing access with cookie wall may not

During the audit, a number of websites with cookie walls were also found. Earlier this year, the Personal Data Protection Authority published a standard explanation that cookie walls are not allowed under the General Data Protection Regulation (AVG). Cookiewalls (cookie walls) do not allow websites, apps or other services to obtain valid permission from their visitors or users.

These websites are included in an ongoing investigation into cookie walls. Websites that only give visitors access to their site if they agree to the placement of tracking cookies or other similar ways of tracking and recording behaviour by means of software or other digital methods, do not comply with the AVG.
About cookies

Cookies are small files that the provider of a website places on a visitor's equipment. For example on a computer, phone or tablet. Cookies can be used to collect or store information about the website visit or about (the device of) the user.

With these cookies, organizations can follow people's internet behaviour over time. Tracking cookies make it possible to create profiles of people (profiling) and treat them specifically on the basis of those profiles.

Tracking cookies are usually used to process personal data. If companies want to track people with tracking cookies, they must first request permission in a legally valid manner.

More information about cookies.