It was the Summer to eat Cookies

After the Belgian data protection authority (Gegevensbeschermingsautoriteit) focused on auditing various websites of businesses active in the media sector with respect to compliant cookie management, it was time for other national data protection authorities to do the same. In particular, the data protection authority of Norway (Datatilsynet) and Finland (Data Protection Ombudsman’s Office). Businesses active in the online pharmaceutical sector, or businesses which operate a website with focus on processing personal data of minors or sensitive personal data (e.g. health, religion, etc.) came in clear sight of these authorities. 

Common mistakes in this area are still: 

• providing incorrect and often misleading information to website visitors (e.g. anonymous browsing when it is not);
• providing information that is difficult to understand or does not explain the consequences of giving consent;
• sharing personal data, including special categories of personal data about visitors and personal data of minors with third parties in violation of the GDPR;
• placing cookies without the website visitor’s consent and incorrect design of the cookie banner;
• “nudging” visitors into consenting is still a common practice.

The Norwegian data protection authority mostly issued reprimands as it was its first time carrying out such audits. In one case it imposed an administrative fine of 250,000 NOK (ca. €20,000). In general, a clear warning was given by the authority that a stricter stance will be adopted for the future and that the authority is particularly concerned about the use of tracking tools for commercial or marketing purposes. The Finnish data protection authority issued an administrative fine of €1.1 million on an online pharmacy for non-compliant use of tracking technologies on its website. 

The Norwegian data protection authority also issued guidance on the use of online tracking technologies. For your information our Belgian data protection authority also shared quite some information on its website on the topic of online trackers (available here in Dutch and here in French) and even issued a Cookie Checklist (available here in Dutch and here in French).