This year, the Dutch Data Protection Authority (AP)plans to increase its scrutiny of cookie consent practices to ensure compliance with regulations. Practice has shown that organizations quite often make use of misleading cookie banners, such as hidden rejection buttons or requiring the consumer to go through various clicks before rejecting cookies.

Aleid Wolfsen, chairman of the Dutch DPA stated that: “With tracking software or tracking cookies, organizations can look at your internet behavior. You can’t just do that, because what you do on the internet is very personal. An organization is only allowed to keep track of that if you explicitly agree to it. And you should have the option to refuse this tracking software, without it being detrimental to you.”  This clearly highlights the importance of requesting consent in the correct way; it ensures that consumers have- and remain in control over what they share and do not share.

Targeted Advertising
Websites make use of functional, analytical, and tracking cookies. These cookies frequently handle personal data, such as the consumer’s website entry point, visited websites or apps, duration spent on specific pages, clicked links, and even search queries. This facilitates organizations in crafting user profiles and delivering personalized advertisements. However, when employing these practices, organizations must adhere to the GDPR and the ePrivacy Directive.

Misleading Cookie Banners
It’s essential to retain control over personal data while browsing. A critical step in this direction is offering transparent information about cookie usage, enabling consumers to make informed consent decisions. Organizations should implement legally compliant cookie banners, steering clear of deceptive practices like concealing decline options in a separate layer of the banner (which necessitates additional clicks before the option to reject is available) or automatically selecting ‘accept’ checkboxes.

Correct Cookie Banners
The AP specifies important elements of compliant cookie banners, such as furnishing purpose information, abstaining from automatic checkmarks, employing transparent language, and offering consumers a genuine clear choice within the initial layer of the cookie banner. It emphasizes not requiring consumers to repeatedly click to decline cookies. The AP hereby seems to align with many other EU member states who have also indicated that the consumer should be presented with both the ‘accept’ and ‘reject all’ in the first layer.

Dutch Data protection Authority Investigation
If organizations don’t obtain appropriate consent for cookie banners and tracking software, the AP has the authority to examine and ensure adherence, potentially imposing fines.

For assistance in ensuring GDPR and ePrivacy Directive compliance with your organization’s cookie banner, please contact us at 

Source: AP pakt misleidende cookiebanners aan | Autoriteit Persoonsgegevens