Amazon in major European cookie fine
- did not provide its users with adequate information in the cookie pop-up about the use of cookies.
- prompted users that with continued use of the website they automatically accepted cookies.
- users could not reject or object to Amazon’s use of cookies.
How to comply with current privacy regulations
The European rules on cookies are described in the ePrivacy Directive, yet most information cookies collect are personal and thus regulated by the GDPR.
When your website uses cookies, either first-party cookies or third-party cookies from services like Google Analytics, Facebook Pixel, LinkedIn Insights or YouTube, you are required to collect your users’ valid consent to cookies.
Cookies from abovementioned services all collect your users’ personal data with marketing purposes. Therefore, using these types of cookies requires you to collect a consent which meets the requirement of recital 32 in the GDPR.
“Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her (..) Silence, pre-ticked boxes or inactivity should not therefore constitute consent”.
GDPR Recital 32
Here’s a complete checklist to collecting valid consent to cookies.
Checklist for collecting
valid consent to cookies
- Block cookies before you get consent
- Offer an easy way for your user to decline cookies
- Inform your users of cookies
- Respect their privacy choices
- Provide an easy way for change or withdraw consent
- Store their consents for 5 years
When it comes to informing users about cookies, obtaining and storing valid consents, you should use a certified Consent Management Platform.
You can try our Consent Management Platform and our professional cookie banner for free for 30-days. We guide you all the way from setup to implementation to onboarding if you like.