Blog » THE COOKIE MONSTER STRIKES BACK – THE LATEST GDPR-RELATED DECISION OF THE EU COURT
THE COOKIE MONSTER STRIKES BACK – THE LATEST GDPR-RELATED DECISION OF THE EU COURT
30 October 2019
1. How Planet49 used cookies?
Planet49 is a German company who organized a promotional lottery on his webpage www.dein-macbook.de. For the visitor to take part in the lottery he had to provide certain personal data such as his name and address.
Below the input fields for the personal data two short explanatory text were placed accompanied by checkboxes. The first text declared that the visitor consents to receive commercial information from the sponsors and cooperation partners of Planet49. The checkbox appeared without a preselected tick.
The second text declared that the visitor consents that Planet49 sets cookies on his device, which enables Planet49 to evaluate the visitor’s surfing and use behaviour on websites. The checkbox next to the text contained a preselected tick.
2. How using cookies came before the CJEU?
The German Federation of Consumer Organisations („Federation”) sued Planet49 as in his opinion the practice of the company more precisely the consents requested by him do not comply with the German consumer protection laws.
The litigation between the Federation and Planet49 came even before the German high court who decided to start a preliminary ruling procedure before the CJEU.
In fact, the German high court was on the opinion that in order to make a decision in the case the it is necessary to interpret together the Directive on privacy and electronic communications and the GDPR (as well as his „predecessor”, the Data Protection Directive).
3. The questions before the CJEU
The CJEU need to answer the below questions:
- Is the consent validly constituted if, in the form of cookies, the storage of information or access to information already stored in a website user’s equipment is permitted by way of a pre-checked checkbox?
- When deciding about the validity of the consent does that make a difference whether the information stored or accessed (cookies) on the user’s equipment is considered personal data or not?
- Which information needs to be provided to the user so that the information can be regarded as clear and comprehensive?
4. The CJEU’s answers
In order to answer the above questions, the CJEU interpreted together the Directive on privacy and electronic communications and the GDPR (also the Data Protection Directive) and made the following conclusions:
- Given the fact that it appears from the above legal sources that the consent of the user shall be given by an active conduct, the consent given by way of a pre-checked checkbox cannot be considered as validly constituted.
- Since in accordance with the Directive on privacy and electronic communications consent is not only required in case of personal data, in order for the placement of cookies a valid consent is necessary also in the case if the information stored on the webpage user’s equipment are not considered as personal data.
- For the placement of cookies users shall be fully informed which means that they need to be informed about the duration of the storage of the cookies and the fact whether third parties can have access the cookies or not.
5. Lesson learnt
The most important lesson of the case is that the CJEU confirmed in the context of cookies that the „consent” given by way of a pre-checked checkbox cannot be considered as valid.
Further, it is significant that for the placement of the cookies the consent of the user is not only necessary when the cookie is considered as personal data but also if it is not personal data.
Finally, in case of cookies, the CJEU extended the minimum requirements of the prior notification to the storage period of the cookies and their accessibility by third parties.
CORONAVIRUS: GOVERNMENTAL MEASURES PROTECTING COMMERCIAL LESSEES IN HUNGARY
The worldwide coronavirus epidemic is causing serious problems in the economy as well, businesses in sensitive sectors fear a total loss of income for months. For this reason, the Hungarian Government introduced a ban on termination and rent increase for commercial lease contract in case the lessee operates in specific, sensitive sectors. However, there are several legal uncertainties surrounding the measure, which will be discussed in our brief article.Read more »
HUNGARY: CHOICE OF LAW BY CONDUCT IN LITIGATION? – JUDGMENT OF SUPREME COURT
Can the conduct of the parties during litigation amount to an implied choice-of-law agreement based on the Rome I Regulation? We analyse the fresh judgment of the Hungarian Supreme Court in this article.Read more »
LABOUR LAW CHANGES DURING THE CORONAVIRUS EPIDEMIC – 4 MEANS AVAILABLE FOR HUNGARIAN EMPLOYERS
The coronavirus is already having its unfortunate impacts in the whole world and there is almost no sector which has not been rocked by the effects of the virus. In this rather difficult situation, it is questionable for the employer how to manage their resources and how to protect their employees. The decree of the government effective from 19th March 2020 gives certain tools to the employers which may help them to optimize their operations and to defend their employees. In our short article we summarize these measures.Read more »