The Swedish regulators have reprimanded Warner Music and two other companies for implementing cookie banners incorrectly.
The Integritetsskyddsmyndigheten (IMY), Sweden's data protection authority, launched investigations into three companies after it received complaints from individuals living in other European countries. In all three cases, IMY concluded that the General Data Protection Regulation (GDPR) was being infringed.
It has to do with the way the companies implemented their cookie banners. The GDPR requires websites to ask users for permission if they want to install tracking cookies. In addition, refusing tracking cookies should be as easy as accepting them. Lastly, consent should be ‘freely given, specific, informed and unambiguous.’
Warner Music was one of the companies that received a reprimand from IMY for not providing sufficient information about the users’ right to withdraw consent.
ATG, a business concern in the gambling industry, implemented a misleading design on its cookie banner. This made it difficult for visitors to make an informed decision on whether or not to accept tracking cookies.
Media company Aller Media got a reprimand from IMY for processing the complainant’s personal data without a legal basis. The publisher stated legitimate interest as a legal basis, but could not substantiate this claim.
“A cookie banner should provide clear and unambiguous information to the visitor, and it should be as easy to give consent as it is to be able to withdraw it later. Or conversely, a bad cookie banner can have pre-selected checkboxes, a misleading design, and provide unclear information and unclear choices. In this case, the rules in the GDPR are not met,” Michaela Prieto Ceric, a lawyer at IMY and who led the investigations, said in a statement.
None of the companies has to pay a fine for infringement of the GDPR. If they continue using cookie banners incorrectly, they could risk paying financial damages of up to €20 million or 4% of their global annual turnover.
Cookies can be used for analysis of a company’s website, but also for collecting and processing users’ data for profiling purposes. Because this involves personal and sensitive information, European data and privacy protection laws are strict on protecting consumers’ digital rights.
Your email address will not be published. Required fields are markedmarked