Tag Archives: cookies

EDPB Issues Guidance on Cookie Banners

By Alexandre Lépine, Michael Kern, Rossana Fol, Cédric Burton and Maneesha Mithal on Posted in Privacy, Regulatory
In January 2023, the European Data Protection Board (EDPB) published a report on cookie banners (Report). The Report provides practical guidance to companies doing business in the EU on how to comply with the EU cookie rules. It deals with issues such as reject-all buttons, pre-ticked boxes, banner design, and withdrawal icons. The Report is … Continue Reading

Belgian DPA Finds That IAB Europe’s Cookie Consent Framework Violates the GDPR

By Laura Brodahl, Cédric Burton, Carol Evrard and Alexandre Lépine on Posted in European Union, Privacy, Regulatory
On February 2, 2022, the Belgian Data Protection Authority (DPA) found that the Interactive Advertising Bureau Europe (IAB) Transparency & Consent Framework (TCF), a tool used to record individuals’ online ad preferences, violates the General Data Protection Regulation (GDPR). The DPA fined IAB Europe €250,000 (approx. USD 280,000), and required IAB Europe to present an … Continue Reading

CNIL Issues Guidance on Alternatives to Third-Party Cookies

By Alexandre Lépine and Jan Dhont on Posted in European Union, Privacy, Regulatory
On October 13, 2021, the French data protection authority (the CNIL) issued a short note (the “Note,” in French) on technologies such as fingerprinting, unique identifiers, and cohort-targeting, developed to replace traditional third-party cookies. While the CNIL acknowledges that some of these technologies are less privacy invasive than third-party cookies, it stresses that the consent … Continue Reading

CNIL Issues Updated Cookie Guidance

By Cédric Burton, Jan Dhont, Lore Leitner and Alexandre Lépine on Posted in European Union, Privacy, Regulatory
On October 1, 2020, the French data protection authority (the CNIL) issued the final version of its guidelines on the use of cookies and other trackers (the Guidelines), replacing a first draft published on July 4, 2019. While the main principles remain unchanged, this version provides further practical guidance for website and mobile application publishers … Continue Reading

The ICO Issues Its Cookies Guidance: Clarified Stance and Enforcement Priorities

By Josephine Jay, Lore Leitner and Jan Dhont on Posted in Cybersecurity, Privacy
On July 5, 2019, the UK’s Data Protection Authority (ICO) issued its “Guidance on the use of cookies and similar technologies” (the Guidance) along with a brief explanatory blog post. At the same time the ICO updated its own website cookie notice and consent, leading by example. The ICO’s blog post makes clear that cookie … Continue Reading

The CNIL Announces Its 2019-2020 Action Plan on Ad Targeting

By Cédric Burton, Jan Dhont, Rossana Fol and Josephine Jay on Posted in European Union, Privacy, Regulatory
On June 28, 2019, the French Data Protection Authority (CNIL) released its 2019-2020 action plan on ad targeting (action plan);1 among other things, the CNIL announced that it will issue new cookie guidance later this month and that, once the guidance is published, companies will have a 12-month grace period to come into compliance. Background … Continue Reading

CJEU Advocate General Opinion Calls for Active and Separate Cookie Consents

By Cédric Burton, Christopher Olsen and Elli Laine on Posted in Cybersecurity, European Union, Privacy
On March 21, 2019, the Advocate General (AG) of the highest EU Court (the Court of Justice of the European Union (CJEU)) issued an opinion (opinion) in the Planet49 case[1] on what constitutes valid consent for cookies under the Data Protection Directive, the GDPR, and the e-Privacy Directive. In particular, the AG opines that: 1) … Continue Reading
LexBlog