Last week, the CJEU ruled on how website operators can obtain users’ consent to store and subsequently use cookies.
Last week, the CJEU ruled on how website operators can obtain users’ consent to store and subsequently use cookies.
Cookies are short files that a website may allow to be stored (via a web browser) on the computer of a website visitor. This file stores information about the user’s activity during each visit. Cookies can make it easier to use a website, for example by allowing the language in which the user wants to view the page to be recorded. On the other hand, however, it is also possible to store much more information in cookies and to identify the specific interests of a website visitor. Such information can then be used, for example, to target advertising.
The German company Planet49 organised an advertising lottery in 2013. To participate in the lottery, interested parties had to provide the company with their name and address. Under the form for providing this information and participating in the lottery, there was a box to tick to agree to the storage of cookies on the lottery participant’s device and the possibility of using them. However, this box was pre-ticked; if the participant did not notice it or did not actively intervene, they would automatically consent to the storage of these files.
The CJEU ruled today that this practice is contrary to EU privacy and data protection rules. According to the CJEU, the user needs to actively consent to the use of cookies.
Our GDPR audit for entrepreneurs will reliably prepare you for everything that the Data Protection Regulation brings. We guarantee that you will be able to find the right solution according to the current legislation. We’ll get everything done quickly and so that you don’t have to worry about a thing. You can pay only after the service has been provided.
Furthermore, it will no longer be possible to rely on pre-ticked consent boxes, and very likely also on other similar practices where consent is not given actively enough (this will apply, for example, to situations where a website automatically stores cookies on the user’s device and then gives the user an “OK” button to “click”).
For website operators who have previously used a similar method of ensuring consent, this decision marks a necessary change. In the immediate aftermath of the ruling, it was even revealed that the CJEU website itself did not comply with the new requirements at the time of the ruling.
According to the CJEU, the user must be given the opportunity to read the terms and conditions for the storage and use of cookies before giving consent. In particular, the website operator must state how long the cookies will be functional and whether they can be accessed by a third party.
However, the decision leaves open one further question concerning consent to the storage of cookies, on which the Luxembourg court may have to rule in the future, namely whether consent can be required as a condition for using a particular service or website. In such a case, it is not yet clear whether consent to the storage of cookies is freely given by the user and therefore complies with EU rules.
Our GDPR audit for entrepreneurs will reliably prepare you for everything that the Data Protection Regulation brings. We guarantee that you will be able to find the right solution according to the current legislation. We’ll get everything done quickly and so that you don’t have to worry about a thing. You can pay only after the service has been provided.
Ondřej is the attorney who came up with the idea of providing legal services online. He's been earning his living through legal services for more than 10 years. He especially likes to help clients who may have given up hope in solving their legal issues at work, for example with real estate transfers or copyright licenses.
In person and online. Just choose the appropriate service or opt for an independent consultation when you are unsure.
