The Dutch Data Protection Authority (DPA) launched five investigations into the use of cookie banners last year. In all cases, the organizations responsible for the websites violated the law. Since then, the cookie banners have been adjusted.
The Dutch privacy supervisor says it has received multiple complaints from people who frequently visit websites in various industries regarding their cookie banners. Therefore, the DPA has been checking organizations to see whether they properly request permission to install tracking cookies on visitors’ devices.
All five organizations that the DPA surveyed did ask permission to place cookies and other tracking software. However, they did this incorrectly.
For example, the button to refuse cookies was hidden, or the box for giving consent was already checked. On occasion, the websites had already installed cookies before visitors could give their permission. In some cases, websites placed cookies anyway, even when visitors refused.
“When you visit a website for information or to buy something, you should be able to do that freely,” says Aleid Wolfsen, Chairman of the Dutch DPA.
“If companies or organizations want to track visitors on their website and sell their data to advertisers or data brokers, they must ask for permission. This must be done clearly and openly, without tricks that make it difficult for visitors to say ‘no.’ Too often, we still see that organizations use these types of methods. As a result, website visitors are tracked without their consent, and their data can be traded.”
When tracking visitors, companies are legally obligated to ask for consent. However, cookie banners aren’t always required. If a website only uses functional cookies, for example, to remember what products have been placed in an online shopping cart, a cookie banner isn’t necessary.
According to Wolfsen, small and medium-sized enterprises often make mistakes when it comes to cookie banners.
“They receive a cookie banner from the website builder and assume it’s fine. Unfortunately, it often isn’t. Not the website builder, but the website owner is responsible for this,” he states.
In the coming years, the Dutch DPA will structurally monitor how cookie banners are implemented in the Netherlands by “constantly and automatically” scanning the cookie banners of 10,000 websites. Organizations that break the rules will first receive a warning and will be given a chance to adjust their cookie banner. In the case of a serious violation, the DPA will enforce compliance with fines, penalties, or other sanctions.
Your email address will not be published. Required fields are markedmarked