Commentors on the final California Consumer Privacy Act regulation queried: “Are session cookies a “unique personal identifier?”

The California Attorney General replied: Maybe, depending on the context.

  • A “unique personal identifier” is a persistent identifier that can be used to recognize a consumer.
  • If a session cookie cannot be used to recognize a consumer, family

A new study has found only 11.8% of the most popular Consent Management Platforms (CMPs) used on UK websites meet the minimal requirements under GDPR and Europe’s eDirective regulations regarding cookies and consent.

The researchers’ scraper was used to determine whether a consent form met GDPR and eDirective requirements.

The rules say consent must be

How compliant is that cookie in the window?

The Dutch Data Protection Authority (AP) carried out a check on approximately 175 websites of web shops, municipalities and media, among other things, to determine whether they met the requirements for placing tracking cookies.

Almost half of the websites that use tracking cookies did not meet the

On the heels of the Planet49 decision, the Spanish data protection authority AEPD has fined Vueling Airlines €30,000 (reduced to €18,000 for payment in full) for failure to provide a compliant cookie disclosure/consent under GDPR.

Key takeaways (pertaining to cookies that require consent under GDPR):

  • You need to provide the individual with the ability to

The Court of Justice of the European Union has issued its Planet 49 decision.

Key takeaways:

  • A pre-checked check box is not sufficient consent for the placement of cookies.
  • You need active consent whether or not cookies collect personal data.
  • The fact that a user activates the promotional game participation button is not sufficient to

“Given the legal requirements for explicit, informed consent, it is obvious that the vast majority of cookie consent notices are not compliant with European privacy law – researchers at the University of Michigan have found.”

“If given a choice, just 0.1 percent of site visitors would freely choose to enable all cookie categories/vendors — i.e.

Much has been discussed about the recent cookie guidance by the UK ICO and the French CNIL, but what do other data protection authorities think? In a detailed position paper, the Association of German Data Protection Authorities (Datenschutzkonferenz, or DSK) sets out its worldview on cookies and provides a very helpful, detailed guide

A web developer study shows that when a cookie banner allows users to refuse cookies, 50 percent of users choose this option and subsequently refuse all third-party services.

However, when this choice is not available, we end up with a cookie acceptance rate between 90 and 98 percent via site users clicking the “I accept”