Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Management & Strategy

Users Need to Consent to Online Tracking Cookies: EU Court

Online companies in the EU can no longer present internet users with a pre-checked box telling them cookies will be planted on their smartphone or computer if they don’t deselect the option, under a ruling issued Tuesday.

Online companies in the EU can no longer present internet users with a pre-checked box telling them cookies will be planted on their smartphone or computer if they don’t deselect the option, under a ruling issued Tuesday.

The decision by the European Court of Justice means that users need to give “active consent” — rather than opt-out of an automatic default that would otherwise plant cookies in their device’s system.

The EU court was responding to a German court’s request for interpretation of an EU law protecting privacy through electronic communications.

It arose from a challenge lodged by a German consumer federation against a German company, Planet49, which presented users wanting to play its promotional lottery with a pre-checked cookie box.

The tracking cookies were to gather information on the users for advertising products from Planet49’s commercial partners — a common method by online companies.

But the court determined that “consent must be specific” and pressing a website button to participate in a lottery “is not sufficient for it to be concluded that the user validly gave his or her consent to the storage of cookies”.

The ruling comes with authorities in Europe, and increasingly in the United States and elsewhere, grappling with how to protect citizens’ privacy online as internet companies gather and cross-reference information gleaned from web use.

Advertisement. Scroll to continue reading.

Cookies are small pieces of computer code that are downloaded into a user’s device to track what sites they visit, how they interact with them, and potentially other bits of information.

In Tuesday’s ruling, the EU court also ruled that users accepting cookies must be notified of how long those cookies will track them, and whether or not third parties have access to the information they gather.

Related: European Government Websites Are Delivering Tracking Cookies to Visitors

Related: UK Regulator Calls Out Compliance Failures in Targeted Advertising Industry

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.