Blog » THE COOKIE MONSTER STRIKES BACK – THE LATEST GDPR-RELATED DECISION OF THE EU COURT
THE COOKIE MONSTER STRIKES BACK – THE LATEST GDPR-RELATED DECISION OF THE EU COURT
30 October 2019
1. How Planet49 used cookies?
Planet49 is a German company who organized a promotional lottery on his webpage www.dein-macbook.de. For the visitor to take part in the lottery he had to provide certain personal data such as his name and address.
Below the input fields for the personal data two short explanatory text were placed accompanied by checkboxes. The first text declared that the visitor consents to receive commercial information from the sponsors and cooperation partners of Planet49. The checkbox appeared without a preselected tick.
The second text declared that the visitor consents that Planet49 sets cookies on his device, which enables Planet49 to evaluate the visitor’s surfing and use behaviour on websites. The checkbox next to the text contained a preselected tick.
2. How using cookies came before the CJEU?
The German Federation of Consumer Organisations („Federation”) sued Planet49 as in his opinion the practice of the company more precisely the consents requested by him do not comply with the German consumer protection laws.
The litigation between the Federation and Planet49 came even before the German high court who decided to start a preliminary ruling procedure before the CJEU.
In fact, the German high court was on the opinion that in order to make a decision in the case the it is necessary to interpret together the Directive on privacy and electronic communications and the GDPR (as well as his „predecessor”, the Data Protection Directive).
3. The questions before the CJEU
The CJEU need to answer the below questions:
- Is the consent validly constituted if, in the form of cookies, the storage of information or access to information already stored in a website user’s equipment is permitted by way of a pre-checked checkbox?
- When deciding about the validity of the consent does that make a difference whether the information stored or accessed (cookies) on the user’s equipment is considered personal data or not?
- Which information needs to be provided to the user so that the information can be regarded as clear and comprehensive?
4. The CJEU’s answers
In order to answer the above questions, the CJEU interpreted together the Directive on privacy and electronic communications and the GDPR (also the Data Protection Directive) and made the following conclusions:
- Given the fact that it appears from the above legal sources that the consent of the user shall be given by an active conduct, the consent given by way of a pre-checked checkbox cannot be considered as validly constituted.
- Since in accordance with the Directive on privacy and electronic communications consent is not only required in case of personal data, in order for the placement of cookies a valid consent is necessary also in the case if the information stored on the webpage user’s equipment are not considered as personal data.
- For the placement of cookies users shall be fully informed which means that they need to be informed about the duration of the storage of the cookies and the fact whether third parties can have access the cookies or not.
5. Lesson learnt
The most important lesson of the case is that the CJEU confirmed in the context of cookies that the „consent” given by way of a pre-checked checkbox cannot be considered as valid.
Further, it is significant that for the placement of the cookies the consent of the user is not only necessary when the cookie is considered as personal data but also if it is not personal data.
Finally, in case of cookies, the CJEU extended the minimum requirements of the prior notification to the storage period of the cookies and their accessibility by third parties.
CAN THE CHOICE OF COURT AMOUNT TO THE CHOICE OF LAW? – THE SUPREME COURT DECIDED
Shall it be considered as the choice of the English law if the party first starts a litigation in England regarding to a Hungarian project? How much of a role do the procedural acts of the parties play in relation to the choice of law applicable to a contract? In this article we analyse the fresh judgement of the Supreme Court, in which, among others, the highest court addressed the issue of the tacit choice of law.Read more »
TEMPORARY EMPLOYMENT AT DIFFERENT EMPLOYER IN HUNGARY – NEW LEGAL RELATIONSHIP?
What are the main risks if you employ your staff at different employer, within or outside the company group? Is that a new legal relationship, is remuneration payable for that, or the “good old” labour contract can cover this situation? In a recent judgement the Hungarian Supreme Court Curia addressed these questions. In our short article we analyse the judgement and summarize what you as an employer should consider if you would like to temporary reassign your employee.Read more »
OVERVIEW OF THE TRAVEL RESTRICTIONS TO HUNGARY FROM 1st SEPTEMBER 2020
Travel restrictions to Hungary (“Travel Restrictions”) can be regulated on unilateral, bilateral or multilateral level. So far, we have knowledge about one unilateral and three bilateral travel restrictions adopted by the Hungarian government, so this overview will be focused on these. However, given the fast-changing nature of the situation, it can be the case that more bilateral agreement will be adopted, that change the current legal environment.Read more »