Who refused the cookies in the cookie jar?

The Commission Nationale de l’Informatique et des Libertés (CNIL) has sent new orders for cookie compliance to 30 additional companies, bringing the total to 90.

The sectors affected include: public institutions, higher education, clothing, transportation, retail and distance selling.

Some key issues:

  • automatic embedding of cookies before

The UK’s Information Commissioner’s Office (ICO) has announced a completion deadline for their code that will translate General Data Protection Regulation (GDPR) requirements into design standards that protect children who access online services.

The code is being refined following a consultation period and will be made final on November 23, 2019.

The ICO stated that

A web developer study shows that when a cookie banner allows users to refuse cookies, 50 percent of users choose this option and subsequently refuse all third-party services.

However, when this choice is not available, we end up with a cookie acceptance rate between 90 and 98 percent via site users clicking the “I accept”

Italian Data protection Authority, Garante privacy, ordered a company that did not acquire granular consent for marketing from members of its loyalty programs to:

(i)  stop processing personal data for marketing purposes if granular consent for the marketing/mailing was not acquired;

(ii) not start processing personal data for marketing purposes in future without obtaining such

If at first they don’t consent, try, try again?

A new form of privacy fraud further complicates the relationship between the Ad Tech industry and GDPR.

As Ad Tech vendors struggle to comply with the strict requirements of the EU General Data Protection Regulation (GDPR), especially around the acquisition of freely given, specific, informed and