The Dutch DPA carried out an audit of approximately 175 websites including those of web shops, municipalities, and the media, in order to ascertain whether they comply with the requirements for the placing of tracking cookies.
Almost half of the websites that use tracking cookies do not meet the consent requirements. The DPA found that “Virtually all of the web shops checked do not meet these requirements” and have been contacted by the DPA in order to amend their practices. In its communication, the DPA announced that is continue the investigation into the question of whether cookies are being used in a lawful manner, noting that, “If companies want to track people with tracking cookies, they must first request permission in a legally valid manner”; also pointing out that pre-checked consent boxes are not allowed and that cookie walls are prohibited.
The action by the Dutch DPA follows a number of other Supervisory Authorities that are mandating for specific consent and not allowing continued surfing as a valid form of providing consent. It is noteworthy that in contrast to the ICO and CNIL, in its most recent guidance on cookies, the Spanish DPA considers consent provided by way of continued surfing to be considered valid in certain circumstances.
The original article from the Dutch Supervisory Authority can be found here.