18/01/2024 - We live in an increasingly digital world where the use of cookies and online tracking by organizations is exponential. With the increasing rate of their use, the Dutch government believes that the Dutch DPA (AP), should pay more attention to this. For this reason, the AP will be allocated an additional half million euros per year for three years from the Ministry of the Interior to strengthen oversight of and promote research on cookies and online tracking 

Cookies 

Broadly speaking, there are three categories of cookies. First, there are functional cookies, which support the core functionality of a website and are intended to optimize the user experience by making the website work more efficiently. Then there are analytical cookies, which are used to analyze the use of a specific website. The placement of these two types of cookies does not require visitor consent if the cookies are used to obtain more information about the website itself and do not process personal data. Finally, there are tracking cookies. Tracking cookies are mechanisms for collecting user data through web browsers. When these cookies are placed, a user's Internet behavior is tracked across different websites and over time. This way, tracking cookies can create profiles of people (profiling) and suggest advertisements tailored to individual users. These can be third-party cookies placed by a party other than the website provider itself or first-party cookies placed by the provider itself. Often tracking cookies process personal data. 

Consent  

If personal data is processed by cookies, appropriate laws and regulations must be met. The main requirements are having a legal basis for data processing, informing visitors in a timely and accurate manner, and securing the data properly. In case of tracking cookies, unambiguous consent is required as a legal basis for the processing of personal data. Unambiguous consent, in this case, means that website visitors must be asked for permission before tracking cookies are placed. In doing so, the visitor must have a clear choice to give or withhold consent. 

Criteo 

On Jan. 4, 2024, Criteo, an online advertising company, was fined by the Amsterdam Court of Appeal for placing tracking cookies without consent. Previously, an individual (the plaintiff) claimed that Criteo had placed tracking cookies without consent and processed his personal data. Criteo argued that they enter into agreements with partner websites, which state that the partner websites must ensure that consent is given before Criteo's cookies are placed and that Criteo itself is therefore not responsible. Criteo then argued that they had taken all possible measures against partner websites that had not obtained consent, but that they could not stop them from placing tracking cookies. The court ruled that it is not impossible for Criteo to only place tracking cookies that have the required consent. In addition, the Amsterdam Court of Appeal recalled that the case involves two entities, Criteo B.V. and Criteo S.A. (together Criteo), the latter of which was previously the subject of a decision by the French Data Protection Authority (CNIL) and fined 40 million euros for violating the GDPR, specifically for failing to verify whether the individuals whose data it processed had given consent.   

What it means for organizations 

The ruling underscores the fact that organizations themselves bear responsibility for the lawful placement of tracking cookies and that non-compliance with laws and regulations is subject to fines. In addition, it becomes clear that organizations not only risk fines from the regulator, but also claims from individuals (and resulting reputational damage). Finally, there is a chance that enforcement on cookies by the AP will increase due to the additional budget allocated to them. It is therefore of extra importance for organizations to be cookie compliant.  

Emilie Roosen Legal Consultant

Want to know more?

At Considerati, we provide advice on becoming and staying cookie compliant. We offer cookie-scan services and give advice on the current legislation on cookies. If you would like to know more about this topic or have any questions, check out our services or contact us! 

Explore our services orContact us