Blog

Dutch Data Protection Authority on cookie walls

An investigation by the Dutch Data Protection Authority shows that a large number of web shops track their visitors with cookies without asking for permission. The AP officially calls on the non-compliant websites to adjust their cookie banners to obtain valid consent.

Websites use tracking cookies without valid permission

The Dutch Data Protection Authority (AP) has investigated 175 websites pertaining to web shops, public administrations and national media to determine whether they meet the requirements for placing tracking cookies. 

Almost 50% of the websites that use tracking cookies do not meet the requirements of the GDPR. Practically all web shops in the investigation do not comply with basic GDPR requirements regarding cookies. 

The owners of these websites have received a letter from the AP calling on them to adjust their tracking methods to comply with European law.  

In the near future, the Dutch Data Protection Authority will follow up on the investigation to establish whether the websites’ use of cookies have become compliant.

Pre-ticked checkboxes not allowed

Tracking cookies collect and process data about visitors’ internet behavior. With this data, website owners get insights on their visitors’ personal preferences and behavior over time.

This knowledge can be used to target the visitors with personal advertisements.

Because of the personal data processing website must – according to the GDPR – ask visitors for permission to place tracking cookies on their computers and smart phones.

However, as we have seen in the recent ruling by the European Court of Justice, the consent must be informed and actively given – not based on the website’s assumption that the visitor wants cookies.

A checkbox with cookies pre-selected in the cookie banner is not allowed (see ruling).

Link: EU Court of Justice in Planet49 ruling: pre-selected checkboxes not allowed

And consent must be actively given. “If you continue using the website, you agree to cookies” is no longer allowed and is therefore not considered valid consent.

European Court of Justice ruling – Planet49

On October 1, 2019, the European Court of Justice ruled that website must obtain valid consent for setting cookies. Silence, inactivity, scrolling down or pre-selected checkboxes is not considered valid consent.

Are you unsure whether your website or web shop follows the requirements of the GDPR and the recent EU Court ruling on cookies and consent?

Test your website today. It’s easy, it’s free and we will provide you with a professional and thorough assessment of your GDPR cookie compliance.

Free compliance check

A number of websites with cookie walls were also found during the inspection. Earlier this year, the Dutch Data Protection Authority published standards explaining cookie walls are not permitted under the General Data Protection Regulation (GDPR)

With a cookie wall (cookie wall), websites, apps or other services use the ‘data of access’ method in which users are forced to give consent for using the service.

The AP determines that the websites found in the inquiry using cookies walls also receive a letter stating that cookie wall are not allowed as the consent is not valid in respect to the GDPR.

How to use tracking cookies without getting in trouble

The easiest way is to ask permission to use tracking cookies in the cookie banner. Most visitors accept anyway (our reports say 98,5%).

Here’s a checklist to see whether your cookie consent solution and cookie banner complies with the GDPR.

Checklist to comply with the GDPR for cookies

  • Does your website have a cookie pop-up banner?
  • Does your pop-up collect and store valid consent?
  • Can your visitors decline cookies (opt-out)?
  • Does your cookie solution hold back cookies , until you have received consent (prior consent)?
  • Is there a description of all cookies; their purpose; and lifetime?
  • Does your website have a comprehensive list of all third-party data processors who receive data about your visitors?

Learn more about cookies, GDPR and requirements here:

Link: What are the rules on cookies?

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on email
Email

No credit card needed

Start your free trial

250,000 clients already trust us with their website's cookie compliance ​

Is your website GDPR cookie compliant?

We'll give you the answer quickly - completely free
Free Webinar

How to perform GDPR compliant analytics and digital marketing

The guide to cookie consent in Sweden, Norway & Finland