Cookies only after consent --European Court of Justice

Cookies may only be stored on users' systems if they have expressly consented. In addition, users must be informed in detail when the cookie data is passed on to third parties. This applies regardless of whether the information retrieved is personal data or not. This was decided by the European Court of Justice (ECJ) in the case. Every website operator must now take care of the correct implementation of the judgment, because the ECJ has also made it clear that infringements can be warned.

For website operators, the following points are important:

  • Website operators are always responsible for data breaches. This also applies if third parties violate data protection guidelines, but the information relevant to data protection law has been transmitted by the website operator.
  • The unsolicited transfer of user data to websites violates data protection law: This applies in particular to the function buttons of social networks. If these are loaded by the user's browser from social network systems when the website is accessed, this is an unsolicited transmission.
  • Competition associations may warn website operators for a fee. Avoid warnings by having your page created in compliance with data protection. NetAlive can review your site for the first time within 24 hours and show you your need for action.
  • For cookies that are set for tracking or advertising purposes, real user consent is required. A cookie notice banner is not enough. It is also not enough if a cookie notice has only the option to accept. And: The user's selection must have a function. If a user decides against the storage of cookies, the website must actually take this into account.
  • It is essential that website operators inform users in their privacy policy about what happens to their personal data.




David Bouck-Standen (M.Sc.)
Sen. IT-Consultant, NetAlive Ltd

Have you ever wondered why all the cookies are all good for? Or have you ever watched your browser download everything when you visit a website? Have you ever seen which systems your browser connects to? Most users don't worry about it. All the more reason for a judgment on cookies is a step forward for the implementation in terms of data protection - and yet it is to be viewed critically. User tracking has long since become a matter for websites that use cookies to simplify this process. Browsers, applications with an Internet connection, operating systems, smartphones and apps can record usage behavior and communicate unnoticed over the Internet for the user. And even without cookies, web applications allow user tracking if they are developed accordingly. In short, the judgment is to be welcomed, certainly an important step in the right direction, but in terms of data protection it is basically years too late and far-reaching.

Automated Translation

Add comment