Blog

The place where we write some words

30Dec 2019

Dutch DPA investigates use of tracking cookies

By 30 Dec 2019 Privacy, Privacy and data protection, Supervisory authorities No tags Permalink

The Dutch DPA carried out an audit of approximately 175 websites including those of web shops, municipalities, and  the media, in order to ascertain whether they comply with the requirements for the placing of tracking cookies.

Almost half of the websites that use tracking cookies do not meet the consent requirements. The DPA found that “Virtually all of the web shops checked do not meet these requirements” and have been contacted by the DPA in order to amend their practices.  In its communication, the DPA  announced that is continue the investigation into the question of whether cookies are being used in a lawful manner, noting that, “If companies want to track people with tracking cookies, they must first request permission in a legally valid manner”; also pointing out that pre-checked consent boxes are not allowed and that cookie walls are prohibited.

It’s important for companies operating in The Netherlands to note the Dutch DPA’s attention towards the proper use of cookies and the DPA’s guidance on cookie walls, consent for cookies and tracking technologies. This furthermore underlines the importance of following best practices which can be found, for example,  in the Guidance issued by the ICO and the French DPA’s guidance on cookies, as well as the recent Planet49 CJEU Decision which confirmed that  confirmed “that the consent which a website user must give to the storage of and access to cookies on his or her equipment is not validly constituted by way of a prechecked checkbox which that user must deselect to refuse his or her consent.” 

The action by the Dutch DPA follows a number of other Supervisory Authorities that are mandating for specific consent and not allowing continued surfing as a valid form of providing consent.  It is noteworthy that in contrast to the ICO and CNIL, in its most recent guidance on cookies, the Spanish DPA considers consent provided by way of continued surfing to be considered valid in certain circumstances.

The original article from the Dutch Supervisory Authority can be found here.

Comments are closed.