Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Users Need to Consent to Online Tracking Cookies: EU Court

Online companies in the EU can no longer present internet users with a pre-checked box telling them cookies will be planted on their smartphone or computer if they don’t deselect the option, under a ruling issued Tuesday.

Online companies in the EU can no longer present internet users with a pre-checked box telling them cookies will be planted on their smartphone or computer if they don’t deselect the option, under a ruling issued Tuesday.

The decision by the European Court of Justice means that users need to give “active consent” — rather than opt-out of an automatic default that would otherwise plant cookies in their device’s system.

The EU court was responding to a German court’s request for interpretation of an EU law protecting privacy through electronic communications.

It arose from a challenge lodged by a German consumer federation against a German company, Planet49, which presented users wanting to play its promotional lottery with a pre-checked cookie box.

The tracking cookies were to gather information on the users for advertising products from Planet49’s commercial partners — a common method by online companies.

But the court determined that “consent must be specific” and pressing a website button to participate in a lottery “is not sufficient for it to be concluded that the user validly gave his or her consent to the storage of cookies”.

The ruling comes with authorities in Europe, and increasingly in the United States and elsewhere, grappling with how to protect citizens’ privacy online as internet companies gather and cross-reference information gleaned from web use.

Cookies are small pieces of computer code that are downloaded into a user’s device to track what sites they visit, how they interact with them, and potentially other bits of information.

Advertisement. Scroll to continue reading.

In Tuesday’s ruling, the EU court also ruled that users accepting cookies must be notified of how long those cookies will track them, and whether or not third parties have access to the information they gather.

Related: European Government Websites Are Delivering Tracking Cookies to Visitors

Related: UK Regulator Calls Out Compliance Failures in Targeted Advertising Industry

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem