(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


Dr. Carlo Piltz on LinkedIn: Entscheidungsdatum

2025-01

๐—”๐˜‚๐˜€๐˜๐—ฟ๐—ถ๐—ฎ๐—ป ๐—™๐—ฒ๐—ฑ๐—ฒ๐—ฟ๐—ฎ๐—น ๐—”๐—ฑ๐—บ๐—ถ๐—ป๐—ถ๐˜€๐˜๐—ฟ๐—ฎ๐˜๐—ถ๐˜ƒ๐—ฒ ๐—–๐—ผ๐˜‚๐—ฟ๐˜ ๐—ฐ๐—ผ๐—บ๐—บ๐—ฒ๐—ป๐˜๐˜€ ๐—ผ๐—ป ๐˜๐—ต๐—ฒ ๐˜‚๐˜€๐—ฒ ๐—ผ๐—ณ ๐˜๐—ต๐—ฒ ๐—˜๐——๐—ฃ๐—ฆ ๐—ช๐—ฒ๐—ฏ๐˜€๐—ถ๐˜๐—ฒ ๐—˜๐˜ƒ๐—ถ๐—ฑ๐—ฒ๐—ป๐—ฐ๐—ฒ ๐—–๐—ผ๐—น๐—น๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ & ๐—ผ๐—ฝ๐˜๐—ถ๐—ผ๐—ป ๐˜๐—ผ ๐—ฟ๐—ฒ๐—ณ๐˜‚๐˜€๐—ฒ ๐—ฐ๐—ผ๐—ป๐˜€๐—ฒ๐—ป๐˜ ๐—ผ๐—ป ๐˜๐—ต๐—ฒ ๐Ÿญ๐˜€๐˜ ๐—–๐— ๐—ฃ ๐—น๐—ฎ๐˜†๐—ฒ๐—ฟ The Austrian Federal Administrative Court has clarified in its decision of 31 July 2024 that a cookie banner must also contain a visually equivalent option to refuse the use cookies & other technologies in addition to the option to accept them on the 1st layer. The Court also found that the European Data Protection Supervisor's (EDPS) Website Evidence Collector can be used to prove the use of cookies in legal proceedings. -Facts of the case- Following a complaint from a data subject, the authority had investigated the use of cookies on the website of the plaintiff and found that the use of cookies could only be rejected within the cookie banner by clicking on the buttons โ€˜Show purposesโ€™ and in the second step โ€˜Reject allโ€™. In contrast, consent could be given in one step by clicking on the โ€˜Acceptโ€™ button. According to the authority, this design of the cookie banner violated Art. 6 and 7 GDPR and therefore instructed the plaintiff to modify the cookie banner so that a visually equivalent option to deny consent was available on the first layer of the cookie banner. The supervisory authority has collected the relevant evidence for the use of cookies on the plaintiffs website using the Website Evidence Collector. -Court decision- In the opinion of the Court, not giving consent must be just as simple as consenting. The possibility to refuse cookies on a second layer, while being able to accept them on the first layer of the cookie banner does not fulfil this requirement. Remarkably, this requirement was deducted from Art. 7 (3) GDPR, making the argument debatable as the mentioned provision regulates the question of withdrawal of consent and not giving one. The Court had no objection concerning the use of the Website Evidence Collector. On the contrary, based on the evidence collected with the tool, it considered the use of cookies to be proven. The acceptance of the evidence collected with it implies that in the eyes of the Court, the Website Evidence Collector represents a technical standard for website analysis tools. -Consequences for the practice- Refusing or denying consent should be as easy as consenting. Companies should review cookie banners on their websites or in Apps, if an option to refuse consent exists on the first layer of the CMP. Controllers can also consider the use of the Website Evidence Collector in order to check their website. The fact that its results have proven to be reliable in court also establishes a technical standard for tracking analysis. Decision (German): https://lnkd.in/dN-Geicr #GDPR #eprivacy #Cookies #Tracking #dataprotection
[END]

[1] URL: https://www.linkedin.com/posts/dr-carlo-piltz-631571b_entscheidungsdatum-activity-7270422586419761153-9YgE
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/