The Court of Justice of the European Union has issued its Planet 49 decision.

Key takeaways:

  • A pre-checked check box is not sufficient consent for the placement of cookies.
  • You need active consent whether or not cookies collect personal data.
  • The fact that a user activates the promotional game participation button is not sufficient to

“Given the legal requirements for explicit, informed consent, it is obvious that the vast majority of cookie consent notices are not compliant with European privacy law – researchers at the University of Michigan have found.”

“If given a choice, just 0.1 percent of site visitors would freely choose to enable all cookie categories/vendors — i.e.

Much has been discussed about the recent cookie guidance by the UK ICO and the French CNIL, but what do other data protection authorities think? In a detailed position paper, the Association of German Data Protection Authorities (Datenschutzkonferenz, or DSK) sets out its worldview on cookies and provides a very helpful, detailed guide

A web developer study shows that when a cookie banner allows users to refuse cookies, 50 percent of users choose this option and subsequently refuse all third-party services.

However, when this choice is not available, we end up with a cookie acceptance rate between 90 and 98 percent via site users clicking the “I accept”

Analytics cookies in the crossfire.

Different approaches set forth in the CNIL Guidance and in the ICO cookie guidance.

CNIL – Set list of terms to qualify for an exemption from the need to obtain consent.

ICO – This is a non-essential cookie and consent is needed … BUT … unlikely to prioritize enforcement of

Strict is for cookie, that’s good enough for me.

The United Kingdom’s Information Commissioner’s Office highlights “strictly necessary” cookies:

  • Strictly necessary cookies are cookies which are essential, not just nice to have:
    1. for the provision of the service, and not for other functions that you would like
    2. for compliance with legal requirements that apply to

French regulator CNIL has issued its promised guidance on the use of web cookies.

Among the key takeaways:

  • you need to list all third parties involved in data collection
  • consent must be real
  • simply using a website is not sufficient consent and neither, as this point, are browser settings.

Also, if you meet a list

Cookies in the spotlight in France:

Actual consent – in.

Continued browsing – out.

The French Data Protection Authority, CNIL, repealed its 2013 guidelines on cookies consent and announced upcoming cookies guidance will be published later this month (July).  Per the new guidance, continued browsing of a website will not suffice to indicate consent to

Cookies and trackers sat on a wall, cookies and trackers had a great fall…

Dutch data protection authority, Autoreitpersoonsgegevens (AP), holds that the practice of a cookie banner that does not allow you to enter a website unless you accept tracking cookies (known as a “cookie wall”) is not permissible under the EU General Data

The use of “cookie” technology, which is basically a small data file that is stored in the cache on your computer when you visit many sites, is nothing new. They are used to recognize you when you return to a site, remember what your preferences, reading and/or shopping habits are, and to otherwise make your experience at the web site more enjoyable. Use of these “harmless” cookies is generally accepted. But new technologies that have emerged and, appear to be emerging, are renewing the debate. The new technology ignores user privacy settings and are difficult to detect and delete.
Continue Reading