Website cookies and tracking technologies are a primary focus of global data privacy laws such as Europe’s General Data Protection Regulation (“GDPR”), and nuances among certain countries in the application and enforcement of cookie-related matters can cause companies headaches. The Court of Justice of the European Union (“CJEU”) has recently ruled on cases involving cookies, and companies everywhere need to ensure they’re up-to-date with cookie collection management in order to avoid the costly penalties that can be imposed for noncompliance. In this post, we outline best practices for cookie compliance for GDPR.
In late 2019, the CJEU ruled that all tracking technologies require consent before being deployed. This is known as the “Planet49 Ruling”, as it involved a German gaming company that used a pre-checked consent banner for a lottery promotion it was offering, meaning that it was collecting data from cookies prior to website visitors providing consent. The CJEU established that this was a violation of GDPR, and that all tracking technologies require consent before being deployed. Practically, this means that website visitors must be provided with information about the type and lifespan of cookies running on websites, as well as the opportunity to provide consent for cookie collection. If you’re using a cookie wall or similar technology, this means you’re not in compliance with GDPR and could be risking thousands of dollars in penalties.
Nuances by Country
The Planet49 ruling involved a German country, and many countries within the EU have slightly different interpretations of how companies can get their websites compliant from a cookie collection perspective. Thankfully, many EU regulators have released what they consider to be compliant cookie collection practices, listed below:
How Clym Helps
Clym is constantly monitoring new global guides and best practices, and will continue to keep you updated on the latest news. Regarding cookie consent management, we can help you to:
- Identify and categorize cookies and tracking technologies running on your site
- Tailor your consent banner to match your company’s brand including display, color, content, and language
- Customize your consent approach based on jurisdiction
- Build a centrally located, historical consent database to demonstrate compliance to regulators and auditors