The European Data Protection Board issues guidance on consent, in reliance upon the Working Party Article 29 Guidelines on Consent.

Key additions/ takeaways.
  • Consent relying on an alternative option offered by a third party fails to comply with the GDPR.
  • A service provider cannot prevent data subjects from accessing a service on the basis that

A new study has found only 11.8% of the most popular Consent Management Platforms (CMPs) used on UK websites meet the minimal requirements under GDPR and Europe’s eDirective regulations regarding cookies and consent.

The researchers’ scraper was used to determine whether a consent form met GDPR and eDirective requirements.

The rules say consent must be

The Polish data protection authority has fined ClickQuickNow €47,126.97 for violating the General Data Protection Regulation (GDPR) by requiring too difficult a process for revoking consent.

The process in question required the person who submits the statement of withdrawal of consent to indicate the reason for his request after the site provided the person with

The Court of Justice of the European Union has issued its Planet 49 decision.

Key takeaways:

  • A pre-checked check box is not sufficient consent for the placement of cookies.
  • You need active consent whether or not cookies collect personal data.
  • The fact that a user activates the promotional game participation button is not sufficient to

Asking to read an electronic ID card as a condition for the provision of a service (issuing a rewards/loyalty card) is disproportionate and in violation of GDPR, says the Belgian data protection authority.  The company was fined €10,000.

Key takeaways also relevant to authentication/collection under GDPR and CCPA:
  • Information you collect to identify an individual

“Given the legal requirements for explicit, informed consent, it is obvious that the vast majority of cookie consent notices are not compliant with European privacy law – researchers at the University of Michigan have found.”

“If given a choice, just 0.1 percent of site visitors would freely choose to enable all cookie categories/vendors — i.e.

Red Card! The Spanish Data Protection Authority has issued LaLiga a 250,000 EUR fine for using its mobile app to detect bars illegally broadcasting soccer matches, without duly disclosing this data processing activity in violation of GDPR.

When installing the application and receiving user approval, LaLiga remotely activated the microphone of any user’s mobile phone

The “agree button is one of the biggest lies on the internet. This is not consent. This is not notice,” said U.K. Information Commissioner’s Office Executive Director for Technology Policy and Innovation Simon McDougall.

People are now living in an “age of unhappiness” and are not feeling empowered, says McDougall. With large tech companies, the