Blog » THE COOKIE MONSTER STRIKES BACK – THE LATEST GDPR-RELATED DECISION OF THE EU COURT
THE COOKIE MONSTER STRIKES BACK – THE LATEST GDPR-RELATED DECISION OF THE EU COURT
30 October 2019
1. How Planet49 used cookies?
Planet49 is a German company who organized a promotional lottery on his webpage www.dein-macbook.de. For the visitor to take part in the lottery he had to provide certain personal data such as his name and address.
Below the input fields for the personal data two short explanatory text were placed accompanied by checkboxes. The first text declared that the visitor consents to receive commercial information from the sponsors and cooperation partners of Planet49. The checkbox appeared without a preselected tick.
The second text declared that the visitor consents that Planet49 sets cookies on his device, which enables Planet49 to evaluate the visitor’s surfing and use behaviour on websites. The checkbox next to the text contained a preselected tick.
2. How using cookies came before the CJEU?
The German Federation of Consumer Organisations („Federation”) sued Planet49 as in his opinion the practice of the company more precisely the consents requested by him do not comply with the German consumer protection laws.
The litigation between the Federation and Planet49 came even before the German high court who decided to start a preliminary ruling procedure before the CJEU.
In fact, the German high court was on the opinion that in order to make a decision in the case the it is necessary to interpret together the Directive on privacy and electronic communications and the GDPR (as well as his „predecessor”, the Data Protection Directive).
3. The questions before the CJEU
The CJEU need to answer the below questions:
- Is the consent validly constituted if, in the form of cookies, the storage of information or access to information already stored in a website user’s equipment is permitted by way of a pre-checked checkbox?
- When deciding about the validity of the consent does that make a difference whether the information stored or accessed (cookies) on the user’s equipment is considered personal data or not?
- Which information needs to be provided to the user so that the information can be regarded as clear and comprehensive?
4. The CJEU’s answers
In order to answer the above questions, the CJEU interpreted together the Directive on privacy and electronic communications and the GDPR (also the Data Protection Directive) and made the following conclusions:
- Given the fact that it appears from the above legal sources that the consent of the user shall be given by an active conduct, the consent given by way of a pre-checked checkbox cannot be considered as validly constituted.
- Since in accordance with the Directive on privacy and electronic communications consent is not only required in case of personal data, in order for the placement of cookies a valid consent is necessary also in the case if the information stored on the webpage user’s equipment are not considered as personal data.
- For the placement of cookies users shall be fully informed which means that they need to be informed about the duration of the storage of the cookies and the fact whether third parties can have access the cookies or not.
5. Lesson learnt
The most important lesson of the case is that the CJEU confirmed in the context of cookies that the „consent” given by way of a pre-checked checkbox cannot be considered as valid.
Further, it is significant that for the placement of the cookies the consent of the user is not only necessary when the cookie is considered as personal data but also if it is not personal data.
Finally, in case of cookies, the CJEU extended the minimum requirements of the prior notification to the storage period of the cookies and their accessibility by third parties.
DOES THE LACK OF HANDOVER MAKE THE DISMISSAL UNLAWFUL IN HUNGARY?
Whether the lack of handover makes the dismissal unlawful based on the recent judgment of the Hungarian Supreme Court? What happens in case the employee fails to take over the dismissal? We address these issues in our article by analysing a recent judgment of Hungarian Supreme Court.Read more »
UNPAID CAPITAL CONTRIBUTION IN A HUNGARIAN LLC? HOW TO SOLVE THIS PROBLEM?
The „start-up capital” of the limited liability company is the initial capital which is the totality of the capital contributions provided by the shareholders. Since the shareholders may declare that the capital contribution shall only be provided after the establishment of the company in a later date, the painful situation might occur that the shareholder does not provide or only partly provides the capital contribution. Given that this may create unwanted consequences, the settlement of the capital-related problem is the common interest of the shareholders. In this article we summarize the possible methods to solve this issue.Read more »
COVID-19 BRIEFING – RESTRICTIONS ON NON-EUROPEAN FOREIGN INVESTMENTS IN HUNGARY
After the bill, passed in 2018 on restrictions of foreign investments, Hungary further limits the domestic investments of the foreigners because of the COVID-19. The new decree extends the scope of the investments to be notified and introduces fines, too. We explain the most important provisions of the decree in this article.Read more »